× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f96af1d70e759e6dd5ca0ab787ce4ca3613d400939d205369ef6432c37566c4
File name: dro.exe
Detection ratio: 17 / 56
Analysis date: 2015-04-17 22:14:04 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2304494 20150418
AhnLab-V3 Win-Trojan/MDA.B52502 20150417
Baidu-International Trojan.Win32.Injector.BXRO 20150417
BitDefender Trojan.GenericKD.2304494 20150418
DrWeb Trojan.Siggen.65341 20150418
Emsisoft Trojan.GenericKD.2304891 (B) 20150418
ESET-NOD32 a variant of Win32/Injector.BXRO 20150418
F-Secure Trojan.GenericKD.2304494 20150418
Fortinet W32/Androm.GQUP!tr.bdr 20150418
GData Trojan.GenericKD.2304494 20150418
Kaspersky Backdoor.Win32.Androm.gqup 20150417
McAfee Artemis!CEB00FABF1EE 20150418
eScan Trojan.GenericKD.2304494 20150418
Panda Generic Suspicious 20150417
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150418
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150417
TrendMicro-HouseCall Suspicious_GEN.F47V0417 20150418
AegisLab 20150418
Yandex 20150417
Alibaba 20150418
ALYac 20150418
Antiy-AVL 20150418
Avast 20150418
AVG 20150418
AVware 20150418
Bkav 20150417
ByteHero 20150418
CAT-QuickHeal 20150418
ClamAV 20150417
CMC 20150416
Comodo 20150418
Cyren 20150418
F-Prot 20150418
Ikarus 20150418
Jiangmin 20150417
K7AntiVirus 20150417
K7GW 20150417
Kingsoft 20150418
Malwarebytes 20150418
McAfee-GW-Edition 20150418
Microsoft 20150418
NANO-Antivirus 20150418
Norman 20150417
nProtect 20150417
Sophos AV 20150418
SUPERAntiSpyware 20150418
Symantec 20150418
Tencent 20150418
TheHacker 20150417
TotalDefense 20150417
TrendMicro 20150418
VBA32 20150417
VIPRE 20150418
ViRobot 20150418
Zillya 20150417
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Mahdist
Product Parametritic1
Original name Uris0.exe
Internal name Uris0
File version 1.00
Description Woodrow
Comments Tippler
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-17 16:22:12
Entry Point 0x000011EC
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
_CIcos
__vbaEnd
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(697)
_adj_fpatan
EVENT_SINK_AddRef
Ord(675)
__vbaInStr
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_CIexp
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fdiv_m64
Ord(542)
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaStrVarVal
EVENT_SINK_Release
_adj_fptan
__vbaI2Var
_CItan
__vbaVarMove
_CIatan
__vbaFreeStr
_adj_fdivr_m32i
Ord(541)
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Tippler

InitializedDataSize
20480

ImageVersion
1.0

ProductName
Parametritic1

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Uris0.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2015:04:17 17:22:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Uris0

ProductVersion
1.0

FileDescription
Woodrow

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mahdist

CodeSize
57344

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x11ec

ObjectFileType
Executable application

File identification
MD5 ceb00fabf1eeb182b1d35332e981b900
SHA1 48c04ced417d6a31b0b98c35a64bc3023cf56e3c
SHA256 6f96af1d70e759e6dd5ca0ab787ce4ca3613d400939d205369ef6432c37566c4
ssdeep
1536:vsv15ITx6xAWJrrqW4qWxTCSsQa/A9zgdzkgz:vsv5xzrr4j/a/A9zgdAgz

authentihash 4ed98ebad0125654ca36d4017327d623cef60b4c413da5d9fcc73e69820626ca
imphash 16cdc934ab4e5dcf4a908cd5755a2f6f
File size 72.0 KB ( 73728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-04-17 17:08:59 UTC ( 4 years, 1 month ago )
Last submission 2015-04-22 21:30:32 UTC ( 4 years, 1 month ago )
File names 6F96AF1D70E759E6DD5CA0AB787CE4CA3613D400939D205369EF6432C37566C4.EXE
msecu.exe
dro.exe
mshhbeagx.exe
dro.exe_
Uris0.exe
Uris0
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!