× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78e8e03672c0806e6f1f3945213a67e5fda4e46481b3ef31af99373f76fd608c
File name: build___00000000.exe
Detection ratio: 8 / 51
Analysis date: 2014-04-13 13:02:35 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140413
Bkav HW32.CDB.1903 20140412
ByteHero Virus.Win32.Heur.p 20140413
ESET-NOD32 Win32/Spy.SpyEye.CA 20140413
Kaspersky Trojan-Ransom.Win32.Gimemo.bqrz 20140413
Kingsoft Win32.Troj.Undef.(kcloud) 20140413
Malwarebytes Trojan.VBCrypt 20140413
Qihoo-360 Malware.QVM03.Gen 20140413
Ad-Aware 20140413
AegisLab 20140413
Yandex 20140412
AhnLab-V3 20140412
AntiVir 20140413
Antiy-AVL 20140413
AVG 20140412
Baidu-International 20140413
BitDefender 20140413
CAT-QuickHeal 20140412
ClamAV 20140413
CMC 20140411
Commtouch 20140413
Comodo 20140413
DrWeb 20140413
Emsisoft 20140413
F-Prot 20140413
F-Secure 20140413
Fortinet 20140413
GData 20140413
Ikarus 20140413
Jiangmin 20140413
K7AntiVirus 20140411
K7GW 20140411
McAfee 20140413
McAfee-GW-Edition 20140413
Microsoft 20140413
eScan 20140413
NANO-Antivirus 20140413
Norman 20140412
nProtect 20140413
Panda 20140413
Rising 20140412
Sophos AV 20140413
SUPERAntiSpyware 20140412
Symantec 20140413
TheHacker 20140411
TotalDefense 20140413
TrendMicro 20140413
TrendMicro-HouseCall 20140413
VBA32 20140411
VIPRE 20140413
ViRobot 20140412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-11 23:48:44
Entry Point 0x00001828
Number of sections 3
PE sections
Overlays
MD5 460a9421c8332bef24dd22024808309a
File type data
Offset 73728
Size 118350
Entropy 7.92
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
Ord(596)
__vbaAryMove
__vbaObjVar
__vbaPrintFile
Ord(301)
__vbaVarAnd
Ord(537)
_adj_fdiv_r
__vbaUI1I2
__vbaChkstk
__vbaObjSetAddref
__vbaMidStmtBstr
__vbaI4Var
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
__vbaVarMul
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
Ord(577)
__vbaFileClose
Ord(581)
__vbaLineInputStr
__vbaFreeVar
__vbaFreeStr
Ord(631)
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
__vbaExceptHandler
EVENT_SINK_QueryInterface
Ord(648)
Ord(516)
__vbaNextEachVar
__vbaI4Str
__vbaLenBstr
Ord(525)
__vbaResume
__vbaForEachVar
_adj_fdiv_m32i
Ord(717)
Ord(307)
__vbaUbound
Ord(608)
__vbaBoolVarNull
__vbaFileOpen
Ord(571)
__vbaI2Str
_CIsin
Ord(711)
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(610)
__vbaOnError
_adj_fdivr_m32i
__vbaI4ErrVar
__vbaStrCat
__vbaVarDup
__vbaVarLateMemCallSt
_adj_fdiv_m32
Ord(554)
__vbaStrCmp
Ord(570)
__vbaAryCopy
__vbaErase
__vbaVarLateMemSt
__vbaStrVarCopy
__vbaFreeObjList
__vbaVarCmpGt
__vbaVarIndexLoad
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(578)
__vbaExitProc
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarTstGt
_CIcos
Ord(303)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
__vbaWriteFile
__vbaLenVar
__vbaEnd
Ord(685)
__vbaVarCmpEq
__vbaVarIndexStore
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
__vbaVarForInit
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
Ord(309)
Ord(526)
_CIsqrt
__vbaVarCopy
_CIatan
__vbaVarDiv
__vbaLateMemCall
__vbaObjSet
__vbaVarCmpLt
Ord(644)
__vbaVarCat
_CIexp
_CItan
__vbaFpI4
Ord(598)
CallWindowProcA
CallWindowProcW
ImpersonateSelf
PaintRgn
Number of PE resources by type
Struct(0) 1
RT_GROUP_ICON 1
RT_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:04:12 00:48:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
16384

SubsystemVersion
4.0

EntryPoint
0x1828

OSVersion
4.0

ImageVersion
2.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 46050631cfb19ab139a6c0574577c8d2
SHA1 20694a97c9fddc38a5447185b3d548dd37cc170a
SHA256 78e8e03672c0806e6f1f3945213a67e5fda4e46481b3ef31af99373f76fd608c
ssdeep
3072:zYr5zuT+S7In6XwKzxjzLOurbQ0WuCj6MjlpIEcTaPS8CjhAxj+VjONGk:Mrln8TjJfQ0WuCj6aETaPS8EaxjejO/

authentihash 4501ad41e4f1c1c412e22d4e389f97bde342327635700eb1ad85119fd37013e7
imphash 262c3d5cabfc163b56478e8b73647653
File size 187.6 KB ( 192078 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-04-13 13:02:35 UTC ( 4 years, 11 months ago )
Last submission 2016-04-21 13:00:07 UTC ( 2 years, 11 months ago )
File names aa
build.ex
build___00000000.exe
46050631cfb19ab139a6c0574577c8d2.exe
GbzWE.bin
build___00000000.exe
20694a97c9fddc38a5447185b3d548dd37cc170a
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications