× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61f9a4270c9deed0be5e0ff3b988d35cdb7f9054bc619d0dc1a65f7de812a3a1
File name: 6de0b5da8a349150fba85a960c7bcc55
Detection ratio: 28 / 55
Analysis date: 2016-07-19 20:03:17 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3416306 20160719
AegisLab Troj.W32.Inject!c 20160719
AhnLab-V3 Trojan/Win32.VB.N2048583400 20160719
Arcabit Trojan.Generic.D3420F2 20160719
Avast Win32:Trojan-gen 20160719
AVG Inject3.AYFI 20160719
Avira (no cloud) TR/Dropper.VB.usvl 20160719
AVware Trojan.Win32.Generic!BT 20160719
BitDefender Trojan.GenericKD.3416306 20160719
Emsisoft Trojan.GenericKD.3416306 (B) 20160719
ESET-NOD32 a variant of Win32/Injector.DCHJ 20160719
F-Secure Trojan.GenericKD.3416306 20160719
Fortinet W32/Inject.AAOJP!tr 20160719
GData Trojan.GenericKD.3416306 20160719
Ikarus Trojan.Win32.Injector 20160719
K7AntiVirus Trojan ( 004f46261 ) 20160719
K7GW Trojan ( 004f46261 ) 20160719
Kaspersky Trojan.Win32.Inject.aaojp 20160719
Malwarebytes Trojan.VBInject 20160719
McAfee Artemis!6DE0B5DA8A34 20160719
McAfee-GW-Edition BehavesLike.Win32.BadFile.ch 20160719
Microsoft Trojan:Win32/Dynamer!ac 20160719
eScan Trojan.GenericKD.3416306 20160719
Panda Generic Suspicious 20160719
Sophos AV Mal/Generic-S 20160719
Symantec Heur.AdvML.C 20160719
Tencent Win32.Trojan.Inject.Auto 20160719
VIPRE Trojan.Win32.Generic!BT 20160719
Alibaba 20160719
ALYac 20160719
Antiy-AVL 20160719
Baidu 20160719
Bkav 20160719
CAT-QuickHeal 20160719
ClamAV 20160719
CMC 20160715
Comodo 20160719
Cyren 20160719
DrWeb 20160719
F-Prot 20160719
Jiangmin 20160719
Kingsoft 20160719
NANO-Antivirus 20160719
nProtect 20160719
Qihoo-360 20160719
SUPERAntiSpyware 20160719
TheHacker 20160719
TotalDefense 20160719
TrendMicro 20160719
TrendMicro-HouseCall 20160719
VBA32 20160719
ViRobot 20160719
Yandex 20160717
Zillya 20160719
Zoner 20160719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Myanmar8
Original name Cacodemonia7.exe
Internal name Cacodemonia7
File version 4.07.0007
Description Renewedness
Comments Russellville
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-15 22:03:55
Entry Point 0x000011A4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
_adj_fprem
_adj_fpatan
EVENT_SINK_AddRef
Ord(714)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
_adj_fdiv_m64
__vbaStrCmp
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
EVENT_SINK_Release
_adj_fptan
_CItan
__vbaI4Var
_CIatan
__vbaNew2
_adj_fdivr_m32i
_CIexp
_adj_fprem1
_adj_fdivr_m32
__vbaFreeStrList
__vbaFpI4
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Russellville

LinkerVersion
6.0

ImageVersion
4.7

FileSubtype
0

FileVersionNumber
4.7.0.7

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x11a4

OriginalFileName
Cacodemonia7.exe

MIMEType
application/octet-stream

FileVersion
4.07.0007

TimeStamp
2016:07:15 23:03:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cacodemonia7

SubsystemVersion
4.0

ProductVersion
4.07.0007

FileDescription
Renewedness

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CS

CodeSize
118784

ProductName
Myanmar8

ProductVersionNumber
4.7.0.7

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6de0b5da8a349150fba85a960c7bcc55
SHA1 c1bcbd38b58329eff07e4631c81df781c005bd68
SHA256 61f9a4270c9deed0be5e0ff3b988d35cdb7f9054bc619d0dc1a65f7de812a3a1
ssdeep
1536:tVS1nBtTorDO3YrYInEhainRt44DmqIDRBbzQz4DOkd3px2BUickMvS8V4h9:tabL4UmqIRB4z4DOkd3pxK2GL

authentihash c58aca45753776a9b138026db413c095a80489642d4cbf7af9f801e994363dde
imphash ba09d8e307574ef5c544e43f6b04466f
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-18 16:17:53 UTC ( 2 years, 4 months ago )
Last submission 2016-07-19 20:03:17 UTC ( 2 years, 4 months ago )
File names Cacodemonia7
61f9a4270c9deed0be5e0ff3b988d35cdb7f9054bc619d0dc1a65f7de812a3a1
Cacodemonia7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.