× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6801b21918cdfc01eb19f8cbbc79b58bed1d184cef36e76e1af229419118e4ba
File name: SECURITY_FIX_0231.exe
Detection ratio: 6 / 42
Analysis date: 2011-05-12 13:58:52 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
BitDefender Trojan.Generic.KD.219387 20110512
F-Secure Trojan.Generic.KD.219387 20110512
GData Trojan.Generic.KD.219387 20110512
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.H 20110512
NOD32 Win32/Spy.Zbot.YW 20110512
Panda Suspicious file 20110511
AVG 20110512
AhnLab-V3 20110511
AntiVir 20110512
Antiy-AVL 20110512
Avast 20110511
Avast5 20110511
CAT-QuickHeal 20110512
ClamAV 20110512
Commtouch 20110512
Comodo 20110512
DrWeb 20110512
Emsisoft 20110512
F-Prot 20110512
Fortinet 20110512
Ikarus 20110512
Jiangmin 20110511
K7AntiVirus 20110511
Kaspersky 20110511
McAfee 20110512
Microsoft 20110512
Norman 20110512
PCTools 20110512
Prevx 20110512
Rising 20110512
SUPERAntiSpyware 20110512
Sophos 20110512
Symantec 20110512
TheHacker 20110511
TrendMicro 20110512
TrendMicro-HouseCall 20110512
VBA32 20110512
VIPRE 20110512
ViRobot 20110512
VirusBuster 20110512
eSafe 20110511
eTrust-Vet 20110512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Product Projekt1
Version 1.00
Original name Candy.exe
Internal name Candy
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-11 13:58:48
Link date 2:58 PM 5/11/2011
Entry Point 0x00001A24
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
Ord(616)
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaObjVar
__vbaUI1Str
__vbaVarMod
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
__vbaRaiseEvent
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaRecAnsiToUni
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaRecUniToAnsi
Ord(608)
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaStrI2
__vbaVarLateMemStAd
__vbaStrI4
Ord(709)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(617)
Ord(516)
__vbaNextEachVar
__vbaI4Str
Ord(607)
__vbaLenBstr
__vbaForEachVar
__vbaRedimPreserve
Ord(681)
Ord(576)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaGosubFree
__vbaUbound
__vbaDerefAry1
__vbaVarSetObjAddref
__vbaFreeVar
__vbaBoolVarNull
__vbaLbound
Ord(573)
__vbaFileOpen
_CIsin
Ord(711)
__vbaInStrVar
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(667)
Ord(716)
__vbaOnError
_adj_fdivr_m32i
Ord(579)
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaLsetFixstr
__vbaStrCmp
__vbaAryCopy
__vbaErase
__vbaBoolVar
__vbaVarLateMemSt
__vbaStrVarCopy
__vbaFreeObjList
Ord(666)
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(626)
__vbaCastObj
__vbaExitProc
__vbaVarTstNe
Ord(618)
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
_CIcos
Ord(528)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaAryUnlock
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
Ord(537)
_adj_fdiv_m32
__vbaEnd
__vbaVarZero
Ord(712)
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaCastObjVar
__vbaNextEachCollObj
__vbaUI1I4
__vbaVargVar
__vbaUI1I2
_CIsqrt
_CIatan
__vbaVarDiv
__vbaLateMemCall
__vbaGosub
__vbaGosubReturn
__vbaPut3
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Number of PE resources by type
Struct(49) 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
German

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
147456

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2011:05:11 14:58:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Candy

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
Candy.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
106496

ProductName
Projekt1

ProductVersionNumber
1.0.0.0

EntryPoint
0x1a24

ObjectFileType
Executable application

File identification
MD5 3451f97b647e0406f852a5aa7191e25e
SHA1 035179e95096bdf325550ab30b66fa1b1cf6f1a5
SHA256 6801b21918cdfc01eb19f8cbbc79b58bed1d184cef36e76e1af229419118e4ba
ssdeep
6144:jK7CRAAObWVZMc9CTsXJqc6lOA0Azg61c/H:QC4WVZTZGOhy1aH

File size 252.5 KB ( 258560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2011-05-12 03:05:06 UTC ( 3 years, 2 months ago )
Last submission 2013-10-03 00:56:05 UTC ( 9 months, 1 week ago )
File names SECURITY_FIX_0293.exe
Candy.exe
Candy
035179e95096bdf325550ab30b66fa1b1cf6f1a5-3451f97b647e0406f852a5aa7191e25e.01.exe.vir
SECURITY_FIX_0231.exe
844657
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!