× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a3691a79faed1915a2c113c483d40e73fd42494498c7effe4ab49f898c72ce3
File name: aa
Detection ratio: 8 / 41
Analysis date: 2010-07-06 05:52:14 UTC ( 8 years ago )
Antivirus Result Update
a-squared Trojan.Win32.Siscos!IK 20100706
Antiy-AVL Trojan/Win32.VB.gen 20100702
AVG Generic18.VMW 20100705
Ikarus Trojan.Win32.Siscos 20100706
Jiangmin Heur:Trojan/AntiVM 20100703
Kaspersky Trojan.Win32.VB.ahfc 20100706
NOD32 a variant of Win32/Injector.CAZ 20100705
Prevx High Risk Cloaked Malware 20100706
AhnLab-V3 20100705
AntiVir 20100705
Authentium 20100706
Avast 20100706
Avast5 20100706
BitDefender 20100706
CAT-QuickHeal 20100630
ClamAV 20100706
Comodo 20100706
DrWeb 20100706
eSafe 20100705
eTrust-Vet 20100705
F-Prot 20100705
F-Secure 20100706
Fortinet 20100704
GData 20100706
McAfee 20100706
McAfee-GW-Edition 20100705
Microsoft 20100703
Norman 20100705
nProtect 20100705
Panda 20100706
PCTools 20100706
Rising 20100705
Sophos AV 20100706
Sunbelt 20100705
Symantec 20100706
TheHacker 20100705
TrendMicro 20100706
TrendMicro-HouseCall 20100706
VBA32 20100705
ViRobot 20100705
VirusBuster 20100705
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
FileVersionInfo properties
Copyright
reEboCjB

Publisher tSYUgjyTUeoj
Product qpF
Original name cxhgbu90srezse5gtdsfg.exe
Internal name cxhgbu90srezse5gtdsfg
File version 8.47.0060
Description BcPMGZV
Comments ASnGA
PE header basic information
Number of sections 37
PE sections
PE imports
__vbaR8FixI4
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaPut3
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaBoolStr
__vbaVarForInit
__vbaExitProc
__vbaStrLike
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
__vbaCyI2
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaStr2Vec
__vbaExceptHandler
__vbaPrintFile
__vbaInputFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaLsetFixstrFree
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVar2Vec
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaVarCopy
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaStrVarCopy
__vbaR8IntI4
_allmul
_CItan
__vbaFPInt
__vbaAryUnlock
__vbaUI1Var
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
35 more function(s) imported by ordinal)
File identification
MD5 fef771bdf96f8efeb0b64237f8ce799e
SHA1 9f9aab237d4b42707f77b1d882463a9363587462
SHA256 7a3691a79faed1915a2c113c483d40e73fd42494498c7effe4ab49f898c72ce3
ssdeep
6144:79rY764NqZUxAIcbD2PCkNwuvRI6oiXMuk:+6EqZUxAIqmfwuZI6jcu

File size 632.0 KB ( 647168 bytes )
File type unknown
Magic literal

TrID Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
VirusTotal metadata
First submission 2010-07-06 05:52:14 UTC ( 8 years ago )
Last submission 2010-07-06 05:52:14 UTC ( 8 years ago )
File names qrOfe3.dot
aa
noiWsdwHyn.bz2
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!