× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6393fe8dd4721190f240e22feeb769675b6194a70cabd5a415c2364686a9089c
File name: 8a1.exe
Detection ratio: 39 / 57
Analysis date: 2015-04-03 04:44:58 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2263256 20150403
Yandex Trojan.Inject!5Au3UaAGQz8 20150402
AhnLab-V3 Trojan/Win32.Emotet 20150402
ALYac Trojan.GenericKD.2263256 20150403
Antiy-AVL Trojan/Win32.Inject 20150403
Avast Win32:Malware-gen 20150403
AVG Atros.IYQ 20150403
Avira (no cloud) TR/Emotet.A.90 20150402
AVware Trojan.Win32.Generic.pak!cobra 20150403
Baidu-International Trojan.Win32.Inject.uqqn 20150402
BitDefender Trojan.GenericKD.2263256 20150403
ByteHero Virus.Win32.Heur.p 20150403
Cyren W32/Trojan.XSJK-1296 20150403
DrWeb Trojan.Emotet.63 20150403
Emsisoft Trojan.GenericKD.2263256 (B) 20150403
ESET-NOD32 Win32/Emotet.AD 20150403
F-Secure Trojan.GenericKD.2263256 20150403
Fortinet W32/Injector.BXIO!tr 20150403
GData Trojan.GenericKD.2263256 20150403
Ikarus Trojan.Win32.Emotet 20150403
K7AntiVirus Trojan ( 004b8c611 ) 20150402
K7GW Trojan ( 004b8c611 ) 20150403
Kaspersky Trojan.Win32.Inject.uqqn 20150403
Malwarebytes Trojan.Downloader 20150403
McAfee RDN/PWS-FCAZ!a 20150403
McAfee-GW-Edition RDN/PWS-FCAZ!a 20150403
Microsoft Trojan:Win32/Emotet.G 20150403
eScan Trojan.GenericKD.2263256 20150403
Norman Troj_Generic.ZREIV 20150402
nProtect Trojan.GenericKD.2263256 20150402
Panda Trj/Genetic.gen 20150401
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150403
Sophos AV Mal/VBZbot-H 20150403
SUPERAntiSpyware Trojan.Agent/Gen-VB 20150403
Symantec Trojan.Zbot 20150403
Tencent Trojan.Win32.Qudamah.Gen.17 20150403
TrendMicro TSPY_EMOTET.AF 20150403
TrendMicro-HouseCall TSPY_EMOTET.AF 20150403
VIPRE Trojan.Win32.Generic.pak!cobra 20150403
AegisLab 20150403
Alibaba 20150403
Bkav 20150402
CAT-QuickHeal 20150402
ClamAV 20150402
CMC 20150402
Comodo 20150403
F-Prot 20150401
Jiangmin 20150402
Kingsoft 20150403
NANO-Antivirus 20150403
Rising 20150402
TheHacker 20150401
TotalDefense 20150402
VBA32 20150402
ViRobot 20150403
Zillya 20150403
Zoner 20150402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Goodreads
Original name NOFAstb.exe
Internal name Callstb
File version 1.00.0065
Description Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.
Comments Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-31 08:53:51
Entry Point 0x00001430
Number of sections 3
PE sections
Overlays
MD5 01be9975fd7234e033d378c5ca035bd2
File type data
Offset 45056
Size 51479
Entropy 7.93
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaObjVar
__vbaRedim
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaFreeStr
Ord(631)
Ord(588)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
__vbaRedimPreserve
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaLbound
__vbaFileOpen
_CIsin
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
__vbaOnError
_adj_fdivr_m32i
__vbaChkstk
Ord(570)
__vbaAryUnlock
__vbaStrVarCopy
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
_adj_fdiv_m32
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaUI1I4
__vbaUI1I2
_CIsqrt
_CIatan
__vbaVarDiv
__vbaLateMemCall
_CIexp
_CItan
__vbaFpI4
__vbaFpI2
Number of PE resources by type
RT_ICON 1
ABOUT 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
TELUGU DEFAULT 1
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.65

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x1430

OriginalFileName
NOFAstb.exe

MIMEType
application/octet-stream

FileVersion
1.00.0065

TimeStamp
2015:03:31 10:53:51+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Callstb

ProductVersion
1.00.0065

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
In CSS3

CodeSize
28672

ProductName
Goodreads

ProductVersionNumber
1.0.0.65

FileTypeExtension
exe

ObjectFileType
Executable application

Overlay parents
Compressed bundles
File identification
MD5 8baa9b809b591a11af423824f4d9726a
SHA1 29d6161522c7f7f21b35401907c702bddb05ed47
SHA256 6393fe8dd4721190f240e22feeb769675b6194a70cabd5a415c2364686a9089c
ssdeep
1536:8gVgsgm8VUWq8qt3jhOrpOlVPac2xK2uypKG4lvhGnyVUEom2OEKI:/avzbqTOrpOyc2xKZbcnyVUEof7KI

authentihash 0c9763b9e893e5aafea1a2d33349efc4fb6a129cce2e230ce084c7e7195186a0
imphash 2577f052411e1fa2ad745743e50cc2fa
File size 94.3 KB ( 96535 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe via-tor overlay

VirusTotal metadata
First submission 2015-03-31 09:16:03 UTC ( 4 years, 1 month ago )
Last submission 2019-05-23 18:51:38 UTC ( 2 days, 10 hours ago )
File names 8a1.ex
8a1.exe
8a1.exe_1
{815319FE-599C-9D86-FB59-D19F816D9739}.exe
DHL.bin
B7.tmp
Dhl_Status___039478__02390654_007____sendungsnummer___03947802390654007_lang___De___30_03_2015.exe
29d6161522c7f7f21b35401907c702bddb05ed47_8a1.ex
8a1.exe
{1dd43b37-d7d4-e0ba-4218-4d18a3a41d09}.exe
29D6161522C7F7F21B35401907C702BDDB05ED47.bin
3.exe
29D6161522C7F7F21B35401907C702BDDB05ED47.exe
grad.bin
NOFAstb.exe
test.bin
Callstb
8baa9b809b591a11af423824f4d9726a.exe
{80F8F6DB-F76C-B002-1228-D0346E48F6B8}.exe
{E661A62B-CE83-3A2A-DBBE-B6AD3EB84160}.exe
Dhl_Status___039478__02390654_007____sendungsnummer___03947802390654007_lang___De___30_03_2015.exe
virus.bin
Trojan.Downloader32.exe
emotet.bin
grad.exe.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests