× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7791dbbad808041337914adb67ea209822c2993bf94edd07db172eef343aa2f8
File name: Relayer
Detection ratio: 22 / 48
Analysis date: 2013-12-23 05:58:29 UTC ( 3 years, 6 months ago )
Antivirus Result Update
AntiVir TR/Dropper.VB.Gen8 20131222
AVG Inject2.LZL 20131222
Baidu-International Trojan.Win32.Zbot.AMg 20131213
ByteHero Virus.Win32.Heur.p 20130613
CMC Heur.Win32.Veebee.1!O 20131217
Comodo UnclassifiedMalware 20131222
DrWeb Trojan.PWS.Panda.2401 20131222
ESET-NOD32 a variant of Win32/Injector.ATIC 20131222
Fortinet W32/Injector.ATIC!tr 20131222
Ikarus Trojan.Inject2 20131222
Kaspersky Trojan-Spy.Win32.Zbot.qzpr 20131222
Malwarebytes Trojan.LVBP 20131222
McAfee PWSZbot-FLW!23939D805E1E 20131222
McAfee-GW-Edition PWSZbot-FLW!23939D805E1E 20131222
Microsoft PWS:Win32/Zbot 20131222
NANO-Antivirus Trojan.Win32.Injector.crjnkx 20131222
Norman Troj_Generic.RSFXK 20131222
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20131220
Sophos Troj/VBInj-GY 20131222
Symantec Trojan.Zbot 20131222
TrendMicro-HouseCall TROJ_GEN.R047H08LJ13 20131222
VIPRE Trojan.Win32.Generic!BT 20131222
Ad-Aware 20131222
Yandex 20131222
AhnLab-V3 20131222112449
Antiy-AVL 20131222
Avast 20131222
BitDefender 20131222
Bkav 20131221
CAT-QuickHeal 20131222
ClamAV 20131222
Commtouch 20131222
Emsisoft 20131222
F-Prot 20131222
F-Secure 20131222
GData 20131222
Jiangmin 20131222
K7AntiVirus 20131220
K7GW 20131220
Kingsoft 20130829
eScan 20131222
nProtect 20131222
Panda 20131222
SUPERAntiSpyware 20131222
TheHacker 20131219
TotalDefense 20131222
TrendMicro 20131222
VBA32 20131220
ViRobot 20131222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Texas Instruments Incorporated ®

Publisher DT Soft Ltd ²
Product Fldxt dawcocks havasupa egghot
Original name Relayer.exe
Internal name Relayer
File version 1.00.0008
Description Latian glonoin
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-18 03:43:47
Entry Point 0x0000135C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
__vbaLenVar
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(697)
Ord(678)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaI2Var
Ord(677)
__vbaInStr
__vbaCyAdd
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
Ord(563)
_adj_fdiv_r
Ord(100)
Ord(618)
__vbaUI1I2
__vbaFreeVar
_adj_fprem1
Ord(519)
__vbaFPInt
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_CIcos
Ord(616)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(696)
Ord(593)
__vbaVarMove
Ord(646)
Ord(614)
_CIatan
Ord(608)
__vbaNew2
__vbaFpCSngR4
__vbaLateIdCallLd
_adj_fdivr_m32i
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
_CItan
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Texas Instruments Incorporated

FileDescription
Latian glonoin

InitializedDataSize
36864

ImageVersion
1.0

ProductName
Fldxt dawcocks havasupa egghot

FileVersionNumber
1.0.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Relayer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.00.0008

TimeStamp
2013:12:18 04:43:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Relayer

SubsystemVersion
4.0

FileAccessDate
2013:12:23 06:59:06+01:00

ProductVersion
1.00.0008

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2013:12:23 06:59:06+01:00

FileOS
Win32

LegalCopyright
Texas Instruments Incorporated

MachineType
Intel 386 or later, and compatibles

CompanyName
DT Soft Ltd

CodeSize
294912

FileSubtype
0

ProductVersionNumber
1.0.0.8

EntryPoint
0x135c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 23939d805e1ed8f582167444401b4b85
SHA1 4c852ae4388ab95ff6d48f5a9fbe88a1da6754b4
SHA256 7791dbbad808041337914adb67ea209822c2993bf94edd07db172eef343aa2f8
ssdeep
6144:9oW2bQgZA9R+l+Y2aKlt5xGA/Y1znAQBQVxi1A:9odcgZAI1mB4WqnAQB/1A

File size 333.4 KB ( 341369 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-19 08:12:00 UTC ( 3 years, 6 months ago )
Last submission 2013-12-19 08:12:00 UTC ( 3 years, 6 months ago )
File names Relayer
order info
Relayer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!