× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c589748dc87333400e2fb157dc3f906832132ec4676fea36dd49a491dcb6505
File name: 14548b6c008fa05b28356d4e85c4d14d.virus
Detection ratio: 33 / 68
Analysis date: 2018-08-04 17:05:58 UTC ( 7 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Jaik.28503 20180804
AhnLab-V3 Trojan/Win32.Inject.R233093 20180804
Arcabit Trojan.Jaik.D6F57 20180804
BitDefender Gen:Variant.Jaik.28503 20180804
ClamAV Win.Trojan.Generic-6629197-0 20180804
Cylance Unsafe 20180804
Cyren W32/Fareit.FW.gen!Eldorado 20180804
Emsisoft Trojan.Injector (A) 20180804
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZNI 20180804
F-Prot W32/Fareit.FW.gen!Eldorado 20180804
F-Secure Gen:Variant.Jaik.28503 20180804
Fortinet W32/Injector.DZNI!tr 20180804
GData Win32.Trojan.Agent.TIXVKS 20180804
Ikarus Trojan.VB.Crypt 20180804
Sophos ML heuristic 20180717
Kaspersky Trojan.Win32.VBKrypt.zruf 20180804
Malwarebytes Trojan.MalPack.VB.Generic 20180804
MAX malware (ai score=83) 20180804
McAfee-GW-Edition BehavesLike.Win32.Fareit.hc 20180804
Microsoft VirTool:Win32/VBInject 20180804
eScan Gen:Variant.Jaik.28503 20180804
Palo Alto Networks (Known Signatures) generic.ml 20180804
Qihoo-360 HEUR/QVM03.0.D8C5.Malware.Gen 20180804
Rising Trojan.VBKrypt!8.5C0 (CLOUD) 20180804
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/FareitVB-N 20180804
Symantec Trojan.Gen.2 20180803
Tencent Win32.Trojan.Vbkrypt.Dwjk 20180804
TrendMicro TROJ_GEN.R020C0RH118 20180804
TrendMicro-HouseCall TrojanSpy.Win32.Fareit.SMDS.hp 20180804
VBA32 BScope.Trojan.Fuerboos 20180803
ZoneAlarm by Check Point Trojan.Win32.VBKrypt.zruf 20180804
AegisLab 20180804
Alibaba 20180713
ALYac 20180804
Antiy-AVL 20180804
Avast 20180804
Avast-Mobile 20180804
AVG 20180804
Avira (no cloud) 20180804
AVware 20180727
Babable 20180725
Baidu 20180802
Bkav 20180803
CAT-QuickHeal 20180804
CMC 20180804
Comodo 20180804
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
DrWeb 20180804
eGambit 20180804
Jiangmin 20180804
K7AntiVirus 20180804
K7GW 20180804
Kingsoft 20180804
McAfee 20180804
NANO-Antivirus 20180804
Panda 20180804
SUPERAntiSpyware 20180804
Symantec Mobile Insight 20180801
TACHYON 20180804
TheHacker 20180802
TotalDefense 20180804
Trustlook 20180804
VIPRE 20180804
ViRobot 20180804
Webroot 20180804
Yandex 20180803
Zillya 20180803
Zoner 20180803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TOurcefira, FNa.

Product AUDACITY noaX
Original name Germfree.exe
Internal name Germfree
File version 1.02
Description BAnon
Comments rs
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-03-30 19:52:00
Entry Point 0x00001944
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
_allmul
_adj_fprem
_CIsin
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
__vbaVarLateMemCallLd
_adj_fptan
__vbaI4Var
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaFreeStrList
Ord(609)
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(695)
__vbaI4Str
__vbaLenBstr
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Ord(589)
__vbaFreeVar
__vbaUI1I2
EVENT_SINK_Release
__vbaVarTstEq
Ord(610)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaLsetFixstr
Ord(570)
Ord(650)
__vbaFreeVarList
__vbaStrVarMove
Ord(542)
__vbaVarTstNe
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaVarIdiv
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaStrMove
_adj_fprem1
Ord(543)
Ord(698)
_adj_fdiv_m32
__vbaLenVar
__vbaEnd
Ord(685)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
Ord(645)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
Ord(544)
Ord(526)
_CIsqrt
__vbaVarCopy
__vbaLenBstrB
Ord(612)
_CIatan
__vbaLateMemCall
Ord(613)
__vbaObjSet
_CIexp
__vbaStrToAnsi
_CItan
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
ghunderBIRD

SubsystemVersion
4.0

Comments
rs

InitializedDataSize
20480

ImageVersion
1.2

ProductName
AUDACITY noaX

FileVersionNumber
1.2.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Germfree.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.02

TimeStamp
2006:03:30 20:52:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Germfree

ProductVersion
1.02

FileDescription
BAnon

OSVersion
4.0

FileOS
Win32

LegalCopyright
TOurcefira, FNa.

MachineType
Intel 386 or later, and compatibles

CompanyName
SAMSTUDIO froUI

CodeSize
528384

FileSubtype
0

ProductVersionNumber
1.2.0.0

EntryPoint
0x1944

ObjectFileType
Executable application

File identification
MD5 14548b6c008fa05b28356d4e85c4d14d
SHA1 a761a2dda166067a5494810bc6174edbf14bc8ca
SHA256 6c589748dc87333400e2fb157dc3f906832132ec4676fea36dd49a491dcb6505
ssdeep
6144:F5KLVn7JfoDkETegkEUswqymHKxyZq4qPG3ztlLlujsW9YdVyv0tyvch:P8/ETej7sPtqPQfLluj39Y/y0Uk

authentihash b884af4aa3eac8a5eda168d87011a6350b3adc5678e22c4c6dec9250896d6d31
imphash 10dcd454f013f6e0b0c9792a08803eae
File size 532.0 KB ( 544768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-04 17:05:58 UTC ( 7 months, 3 weeks ago )
Last submission 2018-08-04 17:05:58 UTC ( 7 months, 3 weeks ago )
File names 14548b6c008fa05b28356d4e85c4d14d.virus
Germfree
Germfree.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.