× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ea1a416ae50fb0bcef2411eea5bdf51cdb09523462fa2c985500d43f768ef6c
File name: 865bb9fd3bf715ee64c234a5f6259d39528329c8
Detection ratio: 29 / 56
Analysis date: 2015-07-28 01:34:15 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2583037 20150728
Yandex Trojan.Qhost!LQzP5eX0rfw 20150727
AhnLab-V3 Trojan/Win32.Bublik 20150727
ALYac Trojan.GenericKD.2583037 20150728
Arcabit Trojan.Generic.D2769FD 20150728
Avast Win32:Dropper-gen [Drp] 20150728
Avira (no cloud) TR/Dropper.VB.11788 20150728
AVware Trojan.Win32.Generic!BT 20150727
Baidu-International Trojan.Win32.Qhost.PLQ 20150727
BitDefender Trojan.GenericKD.2583037 20150728
Emsisoft Trojan.GenericKD.2583037 (B) 20150728
ESET-NOD32 Win32/Qhost.PLQ 20150727
F-Secure Trojan.GenericKD.2583037 20150728
Fortinet W32/Qhost.PLQ!tr 20150728
GData Trojan.GenericKD.2583037 20150728
Ikarus Trojan.Win32.Qhost 20150727
K7AntiVirus Trojan ( 004c8d161 ) 20150727
K7GW Trojan ( 004c8d161 ) 20150727
Kaspersky UDS:DangerousObject.Multi.Generic 20150728
McAfee Artemis!EEA24808D687 20150728
McAfee-GW-Edition BehavesLike.Win32.VBObfus.ch 20150728
Microsoft Trojan:Win32/Dynamer!ac 20150728
eScan Trojan.GenericKD.2583037 20150728
nProtect Trojan.GenericKD.2583037 20150727
Panda Trj/CI.A 20150727
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150728
Sophos AV Mal/Generic-S 20150727
TrendMicro TROJ_GEN.R047C0DGO15 20150728
VIPRE Trojan.Win32.Generic!BT 20150728
AegisLab 20150727
Alibaba 20150727
Antiy-AVL 20150728
AVG 20150728
Bkav 20150727
ByteHero 20150728
CAT-QuickHeal 20150727
ClamAV 20150728
Comodo 20150728
Cyren 20150728
DrWeb 20150728
F-Prot 20150728
Jiangmin 20150727
Kingsoft 20150728
Malwarebytes 20150727
NANO-Antivirus 20150727
Rising 20150722
SUPERAntiSpyware 20150728
Symantec 20150728
Tencent 20150728
TheHacker 20150727
TotalDefense 20150728
TrendMicro-HouseCall 20150728
VBA32 20150727
ViRobot 20150728
Zillya 20150727
Zoner 20150728
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-30 10:11:05
Entry Point 0x000013D8
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaVarDup
__vbaAryLock
EVENT_SINK_QueryInterface
_allmul
Ord(516)
__vbaStrMove
_adj_fdivr_m64
__vbaErase
_adj_fprem
__vbaLenBstr
Ord(685)
_adj_fpatan
__vbaFreeObjList
Ord(681)
__vbaUI1Str
Ord(717)
__vbaMidStmtBstr
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaAryVar
__vbaStrVarMove
__vbaPowerR8
Ord(578)
__vbaVar2Vec
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaFreeVar
__vbaVarTstNe
_adj_fprem1
__vbaI2Str
Ord(619)
_CItan
__vbaFreeObj
__vbaFileOpen
_adj_fdiv_m64
__vbaStrBool
__vbaHresultCheckObj
__vbaStrVarVal
_CIsin
Ord(711)
Ord(606)
__vbaStrCopy
_CIsqrt
EVENT_SINK_Release
Ord(713)
__vbaFreeStr
_adj_fptan
__vbaGet3
__vbaFileClose
Ord(581)
__vbaI4Var
_CIcos
__vbaAryUnlock
__vbaObjSet
__vbaAryCopy
_CIlog
_CIatan
Ord(608)
__vbaNew2
Ord(644)
__vbaVarCat
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrI2
__vbaStrToAnsi
__vbaStrI4
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaI2I4
__vbaFpI2
CallWindowProcW
Number of PE resources by type
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:09:30 11:11:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
147456

SubsystemVersion
4.0

EntryPoint
0x13d8

OSVersion
4.0

ImageVersion
6.544

UninitializedDataSize
0

File identification
MD5 eea24808d687fd572a036689bef6ae38
SHA1 865bb9fd3bf715ee64c234a5f6259d39528329c8
SHA256 7ea1a416ae50fb0bcef2411eea5bdf51cdb09523462fa2c985500d43f768ef6c
ssdeep
3072:mY25Htsqiipb9TVgqkf4VUEx22aGfVUEiTIVUEiTIVUEiTIVUEiTIVUEiTIVUEiT:mjwqiiV9TVd8cl7aGdliTsliTsliTsl2

authentihash 857a91ee25289197c0ebd716116f3fa51fb8233c81e66e94162af4a0121148bd
imphash e0889cd332ec944b8fed722a0432c9e4
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-21 01:27:58 UTC ( 3 years, 7 months ago )
Last submission 2015-07-21 01:27:58 UTC ( 3 years, 7 months ago )
File names 7EA1A416AE50FB0BCEF2411EEA5BDF51CDB09523462FA2C985500D43F768EF6C.EXE
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DGO15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.