× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6020bc3bf254d7849f87ca9daef4a36ea56c32567099c0706ef79957a314e8d6
File name: Mangoro.
Detection ratio: 41 / 50
Analysis date: 2014-03-06 08:09:39 UTC ( 1 year, 2 months ago )
Antivirus Result Update
AVG Generic34.BEAH 20140305
Ad-Aware Trojan.GenericKDV.1192080 20140306
Agnitum Trojan.Inject!tuRAjhJb08Q 20140305
AhnLab-V3 Trojan/Win32.Inject 20140305
AntiVir TR/Inject.fzhy 20140306
Antiy-AVL Trojan/Win32.Inject 20140306
Avast Win32:Gamarue-BV [Cryp] 20140306
Baidu-International Trojan.Win32.Inject.AsjZ 20140306
BitDefender Trojan.GenericKDV.1192080 20140306
CAT-QuickHeal Trojan.Inject.fzhy.cw3 20140306
CMC Heur.Win32.Veebee.1!O 20140228
Commtouch W32/Trojan.VCJJ-2211 20140306
Comodo TrojWare.Win32.Trojan.Agent.Gen 20140306
DrWeb Trojan.DownLoader10.4642 20140306
ESET-NOD32 Win32/IRCBot.NJF 20140306
Emsisoft Trojan.GenericKDV.1192080 (B) 20140306
F-Prot W32/Trojan4.AFBQ 20140306
F-Secure Trojan.GenericKDV.1192080 20140306
Fortinet W32/Inject.FZHY!tr 20140306
GData Trojan.GenericKDV.1192080 20140306
Ikarus Trojan.Win32.Inject 20140306
K7AntiVirus Riskware ( 0040eff71 ) 20140305
K7GW Riskware ( 0040eff71 ) 20140305
Kaspersky Trojan.Win32.Inject.fzhy 20140306
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140306
Malwarebytes Trojan.VBKrypt 20140306
McAfee Generic.qf 20140306
McAfee-GW-Edition Generic.qf 20140306
MicroWorld-eScan Trojan.GenericKDV.1192080 20140306
Microsoft Worm:Win32/Gamarue 20140306
Norman Inject.BCAQ 20140306
Panda Trj/Agent.IVN 20140305
Qihoo-360 Win32/Trojan.BO.cf3 20140306
Sophos Mal/Generic-L 20140306
Symantec Trojan.Zbot 20140306
TotalDefense Win32/Tnega.ASZO 20140305
TrendMicro TROJ_IRCBOT.CWJ 20140306
TrendMicro-HouseCall TROJ_IRCBOT.CWJ 20140306
VBA32 TScope.Trojan.VB 20140305
VIPRE Trojan.Win32.Generic!BT 20140306
nProtect Trojan.GenericKDV.1192080 20140305
Bkav 20140305
ByteHero 20140306
ClamAV 20140305
Jiangmin 20140306
NANO-Antivirus 20140306
Rising 20140305
SUPERAntiSpyware 20140306
TheHacker 20140305
ViRobot 20140306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Sternson contrapu pungie 2003

Publisher Alexander Roshal
Product Antrotym mulctati
Original name Mangoro..exe
Internal name Mangoro.
File version 9.05.0006
Description Didactyl keymen daintify
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-09 03:25:21
Link date 4:25 AM 8/9/2013
Entry Point 0x000014C0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_CIsin
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
_adj_fpatan
_adj_fdiv_m32i
Ord(594)
__vbaDateVar
__vbaCyStr
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
__vbaStrCmp
__vbaFPException
Ord(618)
_adj_fdivr_m16i
__vbaVarAdd
Ord(611)
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaFreeVar
Ord(570)
_adj_fprem1
__vbaCySub
Ord(519)
Ord(547)
__vbaFPInt
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
_CIlog
__vbaLenBstrB
Ord(612)
__vbaFreeStr
__vbaAryLock
_CIcos
Ord(587)
_adj_fptan
Ord(593)
Ord(628)
Ord(704)
__vbaI4Var
__vbaLateIdCall
Ord(689)
__vbaObjSet
Ord(703)
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaLateIdSt
__vbaR8IntI2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
__vbaR8FixI4
_CItan
__vbaFpI4
__vbaI2I4
__vbaFpI2
_adj_fdiv_m16i
__vbaR8FixI2
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
9.5

FileSubtype
0

FileVersionNumber
9.5.0.6

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
16384

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Sternson contrapu pungie 2003

FileVersion
9.05.0006

TimeStamp
2013:08:09 04:25:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Mangoro.

FileAccessDate
2014:03:06 09:10:51+01:00

ProductVersion
9.05.0006

FileDescription
Didactyl keymen daintify

OSVersion
4.0

FileCreateDate
2014:03:06 09:10:51+01:00

OriginalFilename
Mangoro..exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alexander Roshal

CodeSize
229376

ProductName
Antrotym mulctati

ProductVersionNumber
9.5.0.6

EntryPoint
0x14c0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1d03779cc7325c7b299fb2302210ec59
SHA1 f1b1a432014cdf5c4730349d54f0d999bbd43936
SHA256 6020bc3bf254d7849f87ca9daef4a36ea56c32567099c0706ef79957a314e8d6
ssdeep
3072:v5SGfz6bY4bnhOOVo1z6YEd7rH9omVhyV1Uv5rotEzxpmTIOEBaJKN3ibN+Wu:vek4LhOx8zP50tEOx45W

imphash e44710ba39afdd7135e740bfb55f1c35
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-13 22:01:07 UTC ( 1 year, 9 months ago )
Last submission 2013-08-21 10:35:49 UTC ( 1 year, 9 months ago )
File names hari.exe
Mangoro..exe
vt-upload-Hb9S8
dwm.exe
vt-upload-E8GC3
1d03779cc7325c7b299fb2302210ec59.exe
vt-upload-NNLRf
Mangoro.
hari.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!