× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7918a25ef230bc13cf9cc881f9fcd7710e0064ddc86179eed8345f51a6425dc2
File name: Nonexplo
Detection ratio: 42 / 57
Analysis date: 2015-02-10 09:50:27 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.167425 20150210
Yandex Trojan.Agent!QDrCVlwVqBM 20150208
AhnLab-V3 Trojan/Win32.ZBot 20150210
ALYac Gen:Variant.Graftor.167425 20150210
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20150210
Avast Win32:Malware-gen 20150210
AVG Luhe.Gen.C 20150210
Avira (no cloud) TR/Injector.242176.9 20150210
AVware Trojan.Win32.Generic!BT 20150210
Baidu-International Trojan.Win32.Injector.BRHO 20150210
BitDefender Gen:Variant.Graftor.167425 20150210
CAT-QuickHeal VirTool.VBInject.LE3 20150205
ClamAV Win.Trojan.Agent-828470 20150209
CMC Heur.Win32.Veebee.1!O 20150209
Comodo UnclassifiedMalware 20150210
Cyren W32/Trojan.VPVE-1632 20150210
DrWeb Trojan.PWS.Panda.4795 20150210
Emsisoft Gen:Variant.Graftor.167425 (B) 20150210
ESET-NOD32 a variant of Win32/Injector.BRHO 20150210
F-Secure Gen:Variant.Graftor.167425 20150210
Fortinet W32/Injector.BQPX!tr 20150210
GData Gen:Variant.Graftor.167425 20150210
Ikarus Trojan.Win32.Injector 20150210
K7AntiVirus Trojan ( 004b25c31 ) 20150210
K7GW DoS-Trojan ( 201196e21 ) 20150210
Kaspersky HEUR:Trojan.Win32.Generic 20150210
Malwarebytes Trojan.Agent 20150210
McAfee Generic-FAVL!310E0CE11DE8 20150210
McAfee-GW-Edition BehavesLike.Win32.VBObfus.dh 20150209
Microsoft PWS:Win32/Zbot.gen!CI 20150210
eScan Gen:Variant.Graftor.167425 20150210
NANO-Antivirus Trojan.Win32.Injector.dlawmg 20150210
Norman Troj_Generic.XUHRS 20150210
Panda Trj/CI.A 20150209
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150210
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150209
Sophos AV Mal/Generic-S 20150210
Symantec Trojan.Zbot 20150210
Tencent Win32.Backdoor.Bp-generic.Oayz 20150210
TrendMicro TROJ_GEN.R047C0DLK14 20150210
TrendMicro-HouseCall TROJ_GEN.R047C0DLK14 20150210
VIPRE Trojan.Win32.Generic!BT 20150210
AegisLab 20150210
Alibaba 20150210
Bkav 20150209
ByteHero 20150210
F-Prot 20150210
Jiangmin 20150209
Kingsoft 20150210
nProtect 20150210
SUPERAntiSpyware 20150210
TheHacker 20150209
TotalDefense 20150210
VBA32 20150210
ViRobot 20150210
Zillya 20150209
Zoner 20150209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher PetaBit Exlimites
Product Epimerit
Original name Nonexplo.exe
Internal name Nonexplo
File version 1.07.0005
Description Eluctati bubal
Comments TurtleShield 2011
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-16 05:35:29
Entry Point 0x000013F4
Number of sections 3
PE sections
PE imports
__vbaWriteFile
_adj_fdiv_m32
Ord(617)
EVENT_SINK_Release
__vbaEnd
__vbaRedim
__vbaVarDup
EVENT_SINK_AddRef
Ord(579)
_adj_fdivr_m64
Ord(534)
_adj_fprem
Ord(661)
Ord(546)
_adj_fpatan
__vbaFreeObjList
Ord(707)
Ord(677)
__vbaFileClose
__vbaInStr
_adj_fdiv_m32i
__vbaStrCopy
__vbaFreeStr
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(616)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaUbound
__vbaFpI4
Ord(589)
Ord(100)
__vbaDerefAry1
_allmul
__vbaFreeVar
Ord(570)
__vbaCastObj
__vbaChkstk
__vbaObjSetAddref
_adj_fdiv_r
_CItan
__vbaDateVar
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(532)
__vbaAryLock
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaStrMove
Ord(593)
__vbaObjSet
Ord(538)
__vbaAryUnlock
__vbaVarMove
_CIatan
__vbaNew2
__vbaFileOpen
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrI2
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
Ord(609)
Ord(598)
Ord(698)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ITALIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
TurtleShield 2011

LinkerVersion
6.0

ImageVersion
1.7

FileSubtype
0

FileVersionNumber
1.7.0.5

LanguageCode
Italian

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
12288

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.07.0005

TimeStamp
2014:12:16 06:35:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Nonexplo

SubsystemVersion
4.0

FileAccessDate
2015:02:10 10:50:53+01:00

ProductVersion
1.07.0005

FileDescription
Eluctati bubal

OSVersion
4.0

FileCreateDate
2015:02:10 10:50:53+01:00

OriginalFilename
Nonexplo.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PetaBit Exlimites

CodeSize
229376

ProductName
Epimerit

ProductVersionNumber
1.7.0.5

EntryPoint
0x13f4

ObjectFileType
Executable application

File identification
MD5 310e0ce11de84e081955256409d12c85
SHA1 3240fe8638332b30e58842a5da1a59f275d66195
SHA256 7918a25ef230bc13cf9cc881f9fcd7710e0064ddc86179eed8345f51a6425dc2
ssdeep
3072:DZegsakgFWBN0yUEjgWfMdwU0HrLjpQmvqHfoK24Fegu2BL2WOQei1uYALmS+3sA:/XQBN0yKUDTC/Z2oBiW2i1CLmV

authentihash 5799294200542a38b523ddde9f3b4896b84c8f43bc192c14e8e46d9f444f6d14
imphash 74a9195c59fd610c7ef5bd1fb699a24f
File size 236.5 KB ( 242176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-20 06:48:10 UTC ( 4 years, 1 month ago )
Last submission 2014-12-20 06:48:10 UTC ( 4 years, 1 month ago )
File names 3240fe8638332b30e58842a5da1a59f275d66195
Nonexplo
Nonexplo.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.