× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70b0e86799997e6ceb03fcf94cd82224644a6c7057cce462b6a850a8424ef5d6
File name: funfile.exe
Detection ratio: 45 / 56
Analysis date: 2016-06-09 16:25:00 UTC ( 10 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.392490 20160609
AhnLab-V3 Win-Trojan/MDA.140610 20160609
ALYac Gen:Variant.Kazy.392490 20160609
Antiy-AVL Trojan[Backdoor]/Win32.Tofsee 20160609
Arcabit Trojan.Kazy.D5FD2A 20160609
Avast Win32:VB-AIIW [Trj] 20160609
AVG Win32/VBCrypt 20160609
Avira (no cloud) BDS/Tofsee.F.442 20160609
AVware Trojan.Win32.Generic!BT 20160609
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160608
Baidu-International Backdoor.Win32.Tofsee.bo 20160606
BitDefender Gen:Variant.Kazy.392490 20160609
CAT-QuickHeal VirTool.VBInject.LE3 20160609
Comodo UnclassifiedMalware 20160609
Cyren W32/Backdoor.CN.gen!Eldorado 20160609
Emsisoft Gen:Variant.Kazy.392490 (B) 20160609
ESET-NOD32 Win32/Tofsee.AX 20160609
F-Prot W32/Backdoor.CN.gen!Eldorado 20160609
F-Secure Gen:Variant.Kazy.392490 20160609
Fortinet W32/Tofsee.AX!tr 20160609
GData Gen:Variant.Kazy.392490 20160609
Ikarus Backdoor.Win32.Tofsee 20160609
Jiangmin Backdoor/Tofsee.ao 20160609
K7AntiVirus Trojan ( 004b8ae41 ) 20160609
K7GW Trojan ( 004b8ae41 ) 20160609
Kaspersky HEUR:Trojan.Win32.Generic 20160609
Kingsoft Win32.Hack.Tofsee.bo.(kcloud) 20160609
Malwarebytes Trojan.Zbot.VBT 20160609
McAfee Artemis!C55926718A54 20160609
McAfee-GW-Edition BehavesLike.Win32.Swisyn.ch 20160609
Microsoft Backdoor:Win32/Tofsee.F 20160609
eScan Gen:Variant.Kazy.392490 20160609
NANO-Antivirus Trojan.Win32.Tofsee.dalamv 20160609
Panda Generic Malware 20160609
Qihoo-360 Win32/Backdoor.BO.55a 20160609
Rising Trojan.Generic-Nbidcy1BefO (Cloud) 20160609
Sophos Mal/Generic-S 20160609
Symantec Suspicious.Cloud.9 20160609
Tencent Win32.Backdoor.Tofsee.Sxef 20160609
TrendMicro TROJ_SPNR.15GA14 20160609
TrendMicro-HouseCall TROJ_SPNR.15GA14 20160609
VBA32 Backdoor.Tofsee 20160609
VIPRE Trojan.Win32.Generic!BT 20160609
Yandex Backdoor.Tofsee!uKAVDz31G4c 20160608
Zillya Backdoor.Tofsee.Win32.35 20160609
AegisLab 20160609
Alibaba 20160608
Bkav 20160609
ClamAV 20160609
CMC 20160607
DrWeb 20160609
nProtect 20160609
SUPERAntiSpyware 20160609
TheHacker 20160607
ViRobot 20160609
Zoner 20160609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Bohnenmaschine
Original name D.exe
Internal name D
File version 2.08.0007
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-08 03:16:52
Entry Point 0x00001178
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(537)
Ord(570)
Ord(572)
Ord(617)
Ord(615)
Ord(678)
EVENT_SINK_AddRef
Ord(568)
Ord(576)
Ord(714)
Ord(583)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(610)
Ord(592)
Ord(542)
Ord(634)
Ord(608)
Ord(534)
Ord(100)
Ord(526)
Ord(559)
Ord(532)
Ord(690)
EVENT_SINK_Release
Ord(616)
Ord(680)
Ord(715)
Ord(581)
Ord(528)
Ord(646)
Ord(670)
Ord(553)
Ord(598)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
2.8

FileSubtype
0

FileVersionNumber
2.8.0.7

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x1178

OriginalFileName
D.exe

MIMEType
application/octet-stream

FileVersion
2.08.0007

TimeStamp
2014:06:08 04:16:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
D

ProductVersion
2.08.0007

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Telerik

CodeSize
118784

ProductName
Bohnenmaschine

ProductVersionNumber
2.8.0.7

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c55926718a5499d45caac73a5ea70fd6
SHA1 b6ac96afc925a9bbb9b7074cb5745ba757fa48fc
SHA256 70b0e86799997e6ceb03fcf94cd82224644a6c7057cce462b6a850a8424ef5d6
ssdeep
3072:VqzWcUui3QzORnlBkU36RNyb2Q/kbDQq3oIO:8zWcUbRnXkUKbQ07/

authentihash d1690a846b2a1baa430961fc6b02d6252f3c97552d249f00c180e3fb97dba69b
imphash ed2709e1bcb79c20cb01ec1ae30d5609
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-08 15:53:52 UTC ( 2 years, 10 months ago )
Last submission 2016-06-09 16:25:00 UTC ( 10 months, 2 weeks ago )
File names funfile.exe
c55926718a5499d45caac73a5ea70fd6
D.exe
D
70b0e86799997e6ceb03fcf94cd82224644a6c7057cce462b6a850a8424ef5d6.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!