× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bcf133cbfd919d3f8b836e1b451d997aadceb07b0940e2e82a81a871b0ab718
File name: Bedeman'
Detection ratio: 24 / 55
Analysis date: 2014-10-10 06:53:01 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.33437 20141010
Avira (no cloud) TR/Dropper.VB.21703 20141010
BitDefender Gen:Variant.Symmi.33437 20141010
Bkav HW32.Paked.DE79 20141009
ByteHero Virus.Win32.Heur.p 20141010
CMC Heur.Win32.Veebee.1!O 20141009
DrWeb Trojan.PWS.Panda.7278 20141010
Emsisoft Gen:Variant.Symmi.33437 (B) 20141010
ESET-NOD32 a variant of Win32/Injector.BNFF 20141010
F-Secure Gen:Variant.Symmi.33437 20141010
Fortinet PossibleThreat 20141010
GData Gen:Variant.Symmi.33437 20141010
Ikarus Win32.SuspectCrc 20141010
Kaspersky Trojan-Spy.Win32.Zbot.uisc 20141010
McAfee Generic-FAUS!32BFD5048318 20141010
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.hc 20141009
Microsoft PWS:Win32/Zbot 20141010
eScan Gen:Variant.Symmi.33437 20141010
Panda Trj/CI.A 20141009
Qihoo-360 HEUR/Malware.QVM03.Gen 20141010
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141009
Sophos AV Mal/VB-ANI 20141010
Symantec Trojan.Zbot 20141010
Tencent Win32.Trojan.Inject.Auto 20141010
AegisLab 20141010
Yandex 20141010
AhnLab-V3 20141009
Antiy-AVL 20141010
Avast 20141010
AVG 20141010
AVware 20141010
Baidu-International 20141009
CAT-QuickHeal 20141010
ClamAV 20141010
Comodo 20141010
Cyren 20141010
F-Prot 20141009
Jiangmin 20141009
K7AntiVirus 20141009
K7GW 20141009
Kingsoft 20141010
Malwarebytes 20141010
NANO-Antivirus 20141010
Norman 20141010
nProtect 20141008
SUPERAntiSpyware 20141010
TheHacker 20141008
TotalDefense 20141009
TrendMicro 20141010
TrendMicro-HouseCall 20141010
VBA32 20141009
VIPRE 20141010
ViRobot 20141010
Zillya 20141009
Zoner 20141007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher nLite
Product Vegetati
Original name Bedeman'.exe
Internal name Bedeman'
File version 1.04.0003
Description Sealy permissi
Comments nLite
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-08 06:20:16
Entry Point 0x00001454
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(554)
EVENT_SINK_Release
__vbaEnd
EVENT_SINK_QueryInterface
Ord(648)
__vbaVarDup
Ord(616)
_adj_fdivr_m64
_adj_fprem
Ord(617)
__vbaR4Var
_adj_fpatan
EVENT_SINK_AddRef
Ord(677)
__vbaVarForInit
__vbaInStr
_adj_fdiv_m32i
Ord(608)
Ord(583)
Ord(702)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaUbound
Ord(589)
Ord(100)
_CItan
__vbaFreeVar
__vbaObjSetAddref
_adj_fdiv_r
__vbaAryConstruct2
Ord(536)
_adj_fdiv_m64
Ord(574)
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
__vbaR8Str
_CIlog
__vbaVarTstGt
_allmul
_CIcos
Ord(595)
_adj_fptan
__vbaI4Str
__vbaFreeStrList
__vbaStrCopy
Ord(704)
__vbaI4Var
Ord(667)
__vbaErrorOverflow
_CIatan
__vbaI2I4
__vbaNew2
__vbaVarForNext
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 9
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
nLite

InitializedDataSize
245760

ImageVersion
1.4

ProductName
Vegetati

FileVersionNumber
1.4.0.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Bedeman'.exe

MIMEType
application/octet-stream

FileVersion
1.04.0003

TimeStamp
2014:10:08 07:20:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bedeman'

FileAccessDate
2014:10:10 07:56:50+01:00

ProductVersion
1.04.0003

FileDescription
Sealy permissi

OSVersion
4.0

FileCreateDate
2014:10:10 07:56:50+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
nLite

CodeSize
274432

FileSubtype
0

ProductVersionNumber
1.4.0.3

EntryPoint
0x1454

ObjectFileType
Executable application

File identification
MD5 32bfd5048318868e5eae476f543eadb6
SHA1 a0b4a879b37d75080e2e5f46b9253ea1a0a12119
SHA256 6bcf133cbfd919d3f8b836e1b451d997aadceb07b0940e2e82a81a871b0ab718
ssdeep
12288:W1YuddddddVKEnCh3AnC4nFddddddYbBr2EddAPfry/TsybAzO3zC:W1YuddddddVK2CJAC4nFdddddde2EddA

authentihash 06aa656796074b457825aaf873640630eb23c5e0a152cb5fb5edcec4c38bd41a
imphash 88e4ced7e6d9bfb5af8d6be359642c9a
File size 509.0 KB ( 521216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-08 20:29:31 UTC ( 4 years, 4 months ago )
Last submission 2014-10-08 20:29:31 UTC ( 4 years, 4 months ago )
File names 58af887b5cbf081774f7f6c9fa3c21dc5b163afe76ca577c4323151d1678c4f3
6bcf133cbfd919d3f8b836e1b451d997aadceb07b0940e2e82a81a871b0ab718.exe
Bedeman'
Bedeman'.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.