× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6df02401c129666141d3ffcf009de300895f79180dd5cc8e15ef4ab853548e9e
File name: LEDTable
Detection ratio: 38 / 52
Analysis date: 2015-12-11 21:07:10 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.VB.Inject.BA 20151211
Yandex Trojan.Kovter!+apa3pFbNbE 20151210
AhnLab-V3 Trojan/Win32.Kovter 20151211
Antiy-AVL Trojan/Win32.Kovter 20151211
Arcabit Trojan.VB.Inject.BA 20151211
Avast Win32:Malware-gen 20151211
AVG Inject3.NWG 20151211
Avira (no cloud) TR/Dropper.VB.39947 20151211
AVware Trojan.Win32.Generic!BT 20151211
Baidu-International Trojan.Win32.Kovter.aai 20151211
BitDefender Trojan.VB.Inject.BA 20151211
ByteHero Virus.Win32.Heur.p 20151211
Comodo TrojWare.Win32.VBObfus.AB 20151209
Cyren W32/Trojan.MJNT-2489 20151211
Emsisoft Trojan.VB.Inject.BA (B) 20151211
ESET-NOD32 a variant of Win32/Injector.CLXV 20151211
F-Secure Trojan.VB.Inject.BA 20151211
Fortinet W32/Injector.CLKO!tr 20151211
GData Trojan.VB.Inject.BA 20151211
Ikarus Trojan.Win32.Kovter 20151211
Jiangmin Trojan/Kovter.ek 20151211
K7AntiVirus Trojan ( 004d5fbd1 ) 20151211
K7GW Trojan ( 004d5fbd1 ) 20151211
Kaspersky Trojan.Win32.Kovter.aai 20151211
Malwarebytes Trojan.Zbot.Spy 20151211
McAfee GenericR-EYM!F3A9EC178197 20151211
McAfee-GW-Edition BehavesLike.Win32.Autorun.fc 20151211
Microsoft Trojan:Win32/Kovter!rfn 20151211
NANO-Antivirus Trojan.Win32.Kovter.dymyyn 20151211
nProtect Trojan.VB.Inject.BA 20151211
Panda Trj/Genetic.gen 20151211
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20151211
Symantec Trojan.Gen 20151210
TheHacker Trojan/Injector.clxv 20151209
TrendMicro-HouseCall TROJ_KOVTER_EK120010.UVPM 20151211
VBA32 Trojan.Kovter 20151211
VIPRE Trojan.Win32.Generic!BT 20151211
Zillya Backdoor.PePatch.Win32.90862 20151211
AegisLab 20151211
Alibaba 20151208
Bkav 20151211
CAT-QuickHeal 20151209
ClamAV 20151211
CMC 20151211
DrWeb 20151211
F-Prot 20151211
Rising 20151211
SUPERAntiSpyware 20151211
TotalDefense 20151211
TrendMicro 20151211
ViRobot 20151211
Zoner 20151211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product bK3Brw
Original name LEDTable.exe
Internal name LEDTable
File version 1.00.0038
Description is an explicitly psychological account of human language and cognition. It is an approach designed to be a pragmatically useful ...
Comments IBM Rational Functional Tester, an advanced, automated functional and
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-04 12:12:09
Entry Point 0x00001430
Number of sections 3
PE sections
Overlays
MD5 20cfe48d9880c4f30a2b89dcac44e111
File type data
Offset 163840
Size 204257
Entropy 7.98
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaGenerateBoundsError
__vbaLateIdStAd
__vbaVarDup
Ord(516)
Ord(713)
_adj_fdivr_m64
__vbaGet3
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
__vbaAryMove
_adj_fpatan
__vbaStrVarCopy
__vbaFreeObjList
__vbaVarIndexLoad
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaVar2Vec
__vbaUbound
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaVerifyVarObj
__vbaFreeVar
Ord(570)
__vbaCastObjVar
__vbaLbound
_CItan
__vbaObjSetAddref
__vbaAryConstruct2
__vbaFileOpen
_adj_fdiv_m64
__vbaUI1I4
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(711)
__vbaVarCopy
__vbaStrCopy
_allmul
__vbaAryLock
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
__vbaFileClose
__vbaObjSet
__vbaAryUnlock
__vbaVarMove
_CIlog
_CIatan
Ord(608)
__vbaNew2
__vbaErrorOverflow
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
Ord(525)
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 7
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
IBM Rational Functional Tester, an advanced, automated functional and

InitializedDataSize
53248

ImageVersion
1.0

ProductName
bK3Brw

FileVersionNumber
1.0.0.38

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
LEDTable.exe

MIMEType
application/octet-stream

FileVersion
1.00.0038

TimeStamp
2015:11:04 13:12:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LEDTable

ProductVersion
1.00.0038

FileDescription
is an explicitly psychological account of human language and cognition. It is an approach designed to be a pragmatically useful ...

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Flash GamE regression testing tool for testers and GUI developers who need superior ...

CodeSize
110592

FileSubtype
0

ProductVersionNumber
1.0.0.38

EntryPoint
0x1430

ObjectFileType
Executable application

File identification
MD5 f3a9ec17819754958625a4620a3b6347
SHA1 e63ff80970105e6c654f3af59711c6db71f6c3cb
SHA256 6df02401c129666141d3ffcf009de300895f79180dd5cc8e15ef4ab853548e9e
ssdeep
6144:/66666bTQ+S266666bzZx/AwVdeltYdnSxW0awhsj7Fq3:/66666bR66666bvuXYdnM1hQ7F8

authentihash c6f25ce3ca130b02fdc76fb09a7090dd91d86fb08f657f57151d9482947f27b5
imphash a65cefba496f73ca1daf166b6cd6ac1c
File size 359.5 KB ( 368097 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-05 14:51:48 UTC ( 1 year, 7 months ago )
Last submission 2015-11-05 14:51:48 UTC ( 1 year, 7 months ago )
File names No_nameOwOWCVXD_Epm
rwinsta.exe
LEDTable
LEDTable.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!