× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68328901f9b90246777f41eaee42998343b111a065c2e26ddb0ac13364f3852a
File name: 68328901f9b90246777f41eaee42998343b111a065c2e26ddb0ac13364f3852a.vir
Detection ratio: 38 / 56
Analysis date: 2016-01-21 14:08:05 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Generic.Malware.S!M.E975BAE5 20160121
Yandex Trojan.DL.Agent!6Wj9kAhtK+g 20160120
AhnLab-V3 Win-Trojan/Sisron.184320 20160121
ALYac Generic.Malware.S!M.E975BAE5 20160121
Antiy-AVL Trojan/Win32.Agent 20160121
Arcabit Generic.Malware.S!M.E975BAE5 20160121
Avast Win32:Malware-gen 20160121
AVG SHeur4.AIDJ 20160121
Avira (no cloud) TR/VB.Downloader.Gen 20160121
AVware Trojan-Spy.Win32.VB.misc!cobra (v) 20160111
Baidu-International Trojan.Win32.KeyLogger.OXO 20160121
BitDefender Generic.Malware.S!M.E975BAE5 20160121
Bkav W32.DownloadSisronA.Trojan 20160121
ClamAV WIN.Trojan.Ibabyfa 20160121
Comodo UnclassifiedMalware 20160121
Cyren W32/VB-Trojan-SPY-based!Maximus 20160121
DrWeb Trojan.DownLoader6.23196 20160121
Emsisoft Generic.Malware.S!M.E975BAE5 (B) 20160121
ESET-NOD32 a variant of Win32/Spy.KeyLogger.OXO 20160121
F-Prot W32/VB-Trojan-SPY-based!Maximus 20160121
F-Secure Generic.Malware.S!M.E975BAE5 20160121
Fortinet W32/Agent.IBABYFA!tr.dldr 20160121
GData Generic.Malware.S!M.E975BAE5 20160121
Ikarus Trojan.Win32.Scar 20160121
Jiangmin Trojan/Agent.hjor 20160121
Kaspersky Trojan.Win32.Agent.zfqk 20160121
McAfee Artemis!BF25F7588C58 20160121
McAfee-GW-Edition BehavesLike.Win32.Trojan.ch 20160121
Microsoft Trojan:Win32/Sisron!gmb 20160121
eScan Generic.Malware.S!M.E975BAE5 20160121
NANO-Antivirus Trojan.Win32.DownLoader6.uebfx 20160121
Panda Trj/StartPage.DAW 20160120
Qihoo-360 Win32/Trojan.831 20160121
Sophos AV Mal/Generic-S 20160121
Symantec Downloader 20160120
Tencent Win32.Trojan.Agent.cukb 20160121
VBA32 Trojan.Agent 20160121
VIPRE Trojan-Spy.Win32.VB.misc!cobra (v) 20160121
AegisLab 20160121
Alibaba 20160121
ByteHero 20160121
CAT-QuickHeal 20160121
CMC 20160111
K7AntiVirus 20160121
K7GW 20160121
Malwarebytes 20160121
nProtect 20160121
Rising 20160121
SUPERAntiSpyware 20160121
TheHacker 20160119
TotalDefense 20160121
TrendMicro 20160121
TrendMicro-HouseCall 20160121
ViRobot 20160121
Zillya 20160121
Zoner 20160121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product My_Photos
Original name Photo_Viewer_12_south.exe
Internal name Photo_Viewer_12_south
File version 12.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-25 12:58:42
Entry Point 0x00001B04
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
Ord(518)
__vbaGenerateBoundsError
__vbaStrFixstr
__vbaInputFile
_adj_fprem
__vbaR8ErrVar
__vbaAryMove
__vbaObjVar
__vbaRedim
Ord(537)
__vbaRecDestruct
__vbaCopyBytes
_adj_fdiv_r
_allmul
__vbaRecAnsiToUni
__vbaChkstk
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
_CIlog
_adj_fptan
__vbaFileClose
Ord(581)
__vbaI4Var
__vbaRecUniToAnsi
__vbaFreeVar
__vbaFreeStr
Ord(670)
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(617)
Ord(607)
__vbaLenBstr
__vbaResume
Ord(594)
Ord(576)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarTstLt
Ord(608)
__vbaBoolVarNull
__vbaLbound
__vbaFileOpen
Ord(571)
__vbaUI1I2
Ord(606)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
Ord(593)
Ord(716)
__vbaOnError
_adj_fdivr_m32i
__vbaInStrVar
__vbaStrCat
__vbaVarDup
_adj_fdiv_m32
EVENT_SINK_Release
__vbaStrCmp
__vbaAryUnlock
__vbaStrVarCopy
__vbaFreeObjList
Ord(666)
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
Ord(578)
__vbaExitProc
__vbaVarTstNe
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarTstGt
_CIcos
__vbaStrErrVarCopy
__vbaVarMove
__vbaFPInt
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
__vbaWriteFile
Ord(535)
__vbaLenVar
__vbaEnd
Ord(685)
EVENT_SINK_AddRef
_adj_fpatan
Ord(712)
__vbaVarSetVar
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaRecDestructAnsi
__vbaUI1I4
__vbaVargVar
_CIsin
_CIsqrt
__vbaVarCopy
Ord(612)
_CIatan
__vbaLateMemCall
_CItan
Ord(529)
__vbaObjSet
__vbaVarCat
__vbaStr2Vec
_CIexp
__vbaStrToAnsi
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
16384

ImageVersion
12.0

ProductName
My_Photos

FileVersionNumber
12.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Photo_Viewer_12_south.exe

MIMEType
application/octet-stream

FileVersion
12.0

TimeStamp
2012:01:25 13:58:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Photo_Viewer_12_south

ProductVersion
12.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ACDSee Image Viewer

CodeSize
167936

FileSubtype
0

ProductVersionNumber
12.0.0.0

EntryPoint
0x1b04

ObjectFileType
Executable application

File identification
MD5 bf25f7588c58cd4b7cc5ac04ebfd00c5
SHA1 1c8e7315fae2a2af199bc3d79a5fec5cc8de4f79
SHA256 68328901f9b90246777f41eaee42998343b111a065c2e26ddb0ac13364f3852a
ssdeep
3072:dxsu5b8BoVAYjlaaHxxsmq9Q/ZIHYzGC8aSSIGrXYc:dxsu5b8BIAPCxCEZRz38uN8

authentihash 018a3ff6a1fe70b775eae3275c9b187d10b418c188928d559c3a7d860281924f
imphash a87f6d7a5df9b4edd2ff9ef63ecf8a6d
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-12 04:01:31 UTC ( 5 years, 2 months ago )
Last submission 2016-01-21 14:08:05 UTC ( 1 year, 8 months ago )
File names vt-upload-wlvg8
Picture_12.exe
GuDJT3jBc.exe
Picture_12.exe
68328901f9b90246777f41eaee42998343b111a065c2e26ddb0ac13364f3852a.vir
1849242
68328901f9b90246777f41eaee42998343b111a065c2e26ddb0ac13364f3852a
UsSy8pX6fH.mht
output.1849242.txt
bf25f7588c58cd4b7cc5ac04ebfd00c5.virus
vti-rescan
file-4243239_exe
68328901f9b90246777f41eaee42998343b111a065c2e26ddb0ac13364f3852a
Photo_Viewer_12_south.exe
Photo_Viewer_12_south
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!