× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e9262f8574cff58270e4c75b2bf27f8c23563b984d0747470807df3246e0bb
File name: Draftwom
Detection ratio: 43 / 56
Analysis date: 2015-10-25 17:06:49 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39744 20151026
Yandex Trojan.Agent!+qUZuo9ObPY 20151025
AhnLab-V3 Spyware/Win32.Zbot 20151026
ALYac Gen:Variant.Symmi.39744 20151026
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20151026
Arcabit Trojan.Symmi.D9B40 20151026
Avast Win32:Zbot-SYG [Trj] 20151026
AVG Win32/VBCrypt 20151026
Avira (no cloud) TR/Spy.ZBot.ewhr 20151026
AVware Trojan.Win32.Zbot.pj (v) 20151026
Baidu-International Trojan.Win32.Injector.AYKD 20151026
BitDefender Gen:Variant.Symmi.39744 20151026
Bkav HW32.Packed.902B 20151025
ByteHero Virus.Win32.Heur.p 20151026
CAT-QuickHeal VirTool.VBInject.LE3 20151026
Comodo TrojWare.Win32.Injector.AYK 20151026
DrWeb Trojan.PWS.Panda.2401 20151026
Emsisoft Gen:Variant.Symmi.39744 (B) 20151026
ESET-NOD32 a variant of Win32/Injector.AYFK 20151026
F-Secure Gen:Variant.Symmi.39744 20151026
Fortinet W32/VB.ALO!tr 20151026
GData Gen:Variant.Symmi.39744 20151026
Ikarus Trojan-Spy.Win32.Zbot 20151026
K7AntiVirus Trojan ( 004ab3f51 ) 20151026
K7GW Trojan ( 004ab3f51 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151026
Malwarebytes Backdoor.Bot 20151026
McAfee Generic-FAUS!E75D61AD6D15 20151026
McAfee-GW-Edition Generic-FAUS!E75D61AD6D15 20151026
Microsoft PWS:Win32/Zbot 20151026
eScan Gen:Variant.Symmi.39744 20151026
NANO-Antivirus Trojan.Win32.AYKD.cvamtc 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 HEUR/Malware.QVM03.Gen 20151026
Rising PE:Malware.RDM.21!5.1B[F1] 20151025
Sophos Mal/VB-ALO 20151026
Symantec Trojan.Zbot 20151025
Tencent Win32.Trojan.Falsesign.Ajvh 20151026
TotalDefense Win32/Zbot.TJYRFRB 20151025
TrendMicro TSPY_ZBOT.SWM 20151026
TrendMicro-HouseCall TSPY_ZBOT.SWM 20151026
VIPRE Trojan.Win32.Zbot.pj (v) 20151026
Zillya Trojan.Injector.Win32.225717 20151026
AegisLab 20151026
Alibaba 20151026
ClamAV 20151026
CMC 20151026
Cyren 20151026
F-Prot 20151026
Jiangmin 20151025
nProtect 20151026
SUPERAntiSpyware 20151025
TheHacker 20151026
VBA32 20151026
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Overluxu nidifier censorat 2013

Publisher Any-Video-Converter.com
Product ndiffu
Original name Draftwom.exe
Internal name Draftwom
File version 1.88.0032
Description Predikan grove
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-23 20:46:28
Entry Point 0x0000134C
Number of sections 3
PE sections
Overlays
MD5 4ffbc65114d6fffa74c7a14d9f920245
File type data
Offset 286720
Size 6497
Entropy 7.41
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(712)
Ord(546)
Ord(525)
Ord(545)
_adj_fpatan
EVENT_SINK_AddRef
Ord(677)
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaStrCmp
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
Ord(618)
Ord(589)
Ord(517)
__vbaFreeVar
__vbaFreeStr
Ord(100)
Ord(519)
_adj_fdiv_r
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(606)
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
_CItan
Ord(664)
Ord(582)
Ord(672)
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaVarDup
Ord(609)
__vbaI2I4
__vbaFpI2
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.88

FileSubtype
0

FileVersionNumber
1.88.0.32

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x134c

OriginalFileName
Draftwom.exe

MIMEType
application/octet-stream

LegalCopyright
Overluxu nidifier censorat 2013

FileVersion
1.88.0032

TimeStamp
2014:02:23 21:46:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Draftwom

ProductVersion
1.88.0032

FileDescription
Predikan grove

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Any-Video-Converter.com

CodeSize
274432

ProductName
ndiffu

ProductVersionNumber
1.88.0.32

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e75d61ad6d1538f9c00fd9d3577becdc
SHA1 2b2ef79ded246dd908a413d98992646dc02de526
SHA256 60e9262f8574cff58270e4c75b2bf27f8c23563b984d0747470807df3246e0bb
ssdeep
6144:Y/MkhXhyUN8iY9nXhJ62CHL0VY/S2fJ5fMI5t94:Y0hiwCHwm//Bb394

authentihash 4cfe0018a3b8be471c6e22b98edb4de89a9cdbce183b67cd4588521b53986b2a
imphash 7761ea25b9b9f37f935d89cfd636df46
File size 286.3 KB ( 293217 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-03-05 15:04:27 UTC ( 3 years, 1 month ago )
Last submission 2014-03-07 00:59:05 UTC ( 3 years, 1 month ago )
File names New Godwin (1).scr
Draftwom.exe
c-fffe3-2257-1394153941
Draftwom
New Godwin.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.