× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bb7ffacab0f9477a9774ed1e0dc2fc37f6c73e8e9c21f20816af54f4e9ce5f1
File name: Implying
Detection ratio: 45 / 68
Analysis date: 2018-08-08 00:49:23 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Heur.PonyStealer.3 20180808
AegisLab Troj.Psw.W32.Fareit!c 20180808
AhnLab-V3 Trojan/Win32.Injector.R232824 20180807
ALYac Gen:Variant.Alphaeon.19 20180808
Antiy-AVL Trojan[PSW]/Win32.Fareit 20180808
Arcabit Trojan.PonyStealer.3 20180808
Avast Win32:Trojan-gen 20180808
AVG Win32:Trojan-gen 20180808
Avira (no cloud) TR/Dropper.VB.kgoyv 20180807
BitDefender Gen:Heur.PonyStealer.3 20180808
CAT-QuickHeal Trojan.Cloxer 20180807
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Cylance Unsafe 20180808
Cyren W32/Fareit.FW.gen!Eldorado 20180808
DrWeb Trojan.PWS.Stealer.21377 20180808
Emsisoft Trojan.Injector (A) 20180808
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZKW 20180807
F-Prot W32/Fareit.FW.gen!Eldorado 20180808
F-Secure Gen:Heur.PonyStealer.3 20180808
Fortinet W32/Injector.DZOW!tr 20180808
GData Gen:Heur.PonyStealer.3 20180808
Ikarus Trojan.VB.Crypt 20180807
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 00538c951 ) 20180807
K7GW Trojan ( 00538c951 ) 20180808
Kaspersky Trojan-PSW.Win32.Fareit.egas 20180807
Malwarebytes Trojan.MalPack 20180807
MAX malware (ai score=82) 20180808
McAfee Artemis!D3CE62B5569D 20180808
McAfee-GW-Edition Artemis 20180808
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180808
eScan Gen:Heur.PonyStealer.3 20180807
Palo Alto Networks (Known Signatures) generic.ml 20180808
Panda Generic Malware 20180807
Qihoo-360 Win32/Trojan.78b 20180808
Rising Trojan.Injector!8.C4 (CLOUD) 20180808
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/FareitVB-N 20180807
Symantec Trojan.Gen.2 20180807
Tencent Win32.Trojan-qqpass.Qqrob.Wsag 20180808
TrendMicro TROJ_GEN.R004C0OGR18 20180807
TrendMicro-HouseCall TROJ_GEN.R004C0OGR18 20180807
VBA32 BScope.Backdoor.Androm 20180806
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.egas 20180808
Alibaba 20180713
Avast-Mobile 20180807
AVware 20180727
Babable 20180725
Baidu 20180807
Bkav 20180807
ClamAV 20180808
CMC 20180807
Comodo 20180807
Cybereason 20180225
eGambit 20180808
Jiangmin 20180807
Kingsoft 20180808
NANO-Antivirus 20180808
SUPERAntiSpyware 20180808
Symantec Mobile Insight 20180801
TACHYON 20180808
TheHacker 20180807
TotalDefense 20180807
Trustlook 20180808
VIPRE 20180808
ViRobot 20180807
Webroot 20180808
Yandex 20180807
Zillya 20180807
Zoner 20180807
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
tOURCEFIRE, NNI.

Product audacITY sOAX
Original name Implying.exe
Internal name Implying
File version 4.04
Description Zanon
Comments Fs
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-10-03 19:41:00
Entry Point 0x00001914
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(523)
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
Ord(570)
_adj_fdivr_m64
_adj_fprem
__vbaRedimPreserve
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(650)
Ord(526)
__vbaRefVarAry
Ord(693)
__vbaStrToUnicode
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaLateMemCall
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaVarTstNe
__vbaFreeStr
__vbaLbound
__vbaObjSetAddref
_CItan
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaVarMul
_CIcos
Ord(616)
__vbaVarTstEq
_adj_fptan
Ord(685)
Ord(610)
Ord(581)
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
__vbaLateMemCallLd
__vbaStrComp
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFPFix
__vbaVarCopy
__vbaFreeStrList
__vbaFpI4
Ord(698)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
17956864

SubsystemVersion
4.0

Comments
Fs

LinkerVersion
6.0

ImageVersion
4.4

FileSubtype
0

FileVersionNumber
4.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Zanon

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x1914

OriginalFileName
Implying.exe

MIMEType
application/octet-stream

LegalCopyright
tOURCEFIRE, NNI.

FileVersion
4.04

TimeStamp
2006:10:03 20:41:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Implying

ProductVersion
4.04

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SAMSTUDiO crOUI

LegalTrademarks
THUNDERBirD

ProductName
audacITY sOAX

ProductVersionNumber
4.4.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d3ce62b5569dd0c9542cf19657433fd5
SHA1 056400fade88caeb3b50142296cf6796c0687e9c
SHA256 6bb7ffacab0f9477a9774ed1e0dc2fc37f6c73e8e9c21f20816af54f4e9ce5f1
ssdeep
3072:Ujko04wt9w/RiGNoGPoaTIB9Rkb62CHYxQSfqTQZZ8/s9ImEDBtF+C2bUMGL4Mlm:Ut04U9iRDNHPf8/RR7H2+NCZ29iTP

authentihash 7b92113abd843d0ba86094ba3954eb3f433cdc53c9f9a6dc720822cd31d67b49
imphash f27aafae10f4b8909cdfc69f3dfdb0ff
File size 17.1 MB ( 17969152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-27 21:19:45 UTC ( 2 months, 3 weeks ago )
Last submission 2018-07-27 21:19:45 UTC ( 2 months, 3 weeks ago )
File names Implying
Implying.exe
d3ce62b5569dd0c9542cf19657433fd5.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.