× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7fa78baf99b85edaf32a7cd90cb1be85c1a2d194f0b77b80ef47a1a84482439a
File name: 1eb21bc0cc9532c7a72aa918eae206b0
Detection ratio: 43 / 51
Analysis date: 2014-06-07 08:09:05 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.20211 20140607
Yandex TrojanSpy.Zbot!bhArZcAT7cY 20140606
AhnLab-V3 Trojan/Win32.Zbot 20140606
AntiVir TR/Dropper.Gen 20140606
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20140607
Avast Win32:Malware-gen 20140607
AVG Dropper.Generic7.BRCO 20140607
Baidu-International Trojan.Win32.Zbot.BYW 20140607
BitDefender Gen:Variant.Symmi.20211 20140607
Bkav HW32.CDB.Fb9c 20140606
CAT-QuickHeal VirTool.VBInject 20140606
ClamAV WIN.Trojan.Agent-278844 20140607
CMC Heur.Win32.Veebee.1!O 20140606
Commtouch W32/Trojan.KHKI-1721 20140607
Comodo UnclassifiedMalware 20140607
DrWeb Trojan.PWS.Panda.547 20140607
Emsisoft Gen:Variant.Symmi.20211 (B) 20140607
ESET-NOD32 Win32/Spy.Zbot.YW 20140607
F-Secure Gen:Variant.Symmi.20211 20140607
Fortinet W32/Injector.YMS!tr 20140607
GData Gen:Variant.Symmi.20211 20140607
Ikarus Trojan-PWS.Win32.Zbot 20140607
K7AntiVirus Backdoor ( 04c4ccfe1 ) 20140606
K7GW Backdoor ( 04c4ccfe1 ) 20140606
Kaspersky HEUR:Trojan.Win32.Generic 20140607
Kingsoft Win32.Troj.Undef.(kcloud) 20140607
Malwarebytes Trojan.VBKrypt 20140607
McAfee PWS-Zbot.dx 20140607
McAfee-GW-Edition PWS-Zbot.dx 20140606
Microsoft VirTool:Win32/VBInject.gen!JD 20140607
eScan Gen:Variant.Symmi.20211 20140607
NANO-Antivirus Trojan.Win32.Panda.bomkpk 20140607
Norman Troj_Generic.HWPBE 20140607
Panda Generic Malware 20140606
Qihoo-360 HEUR/Malware.QVM03.Gen 20140607
Sophos Mal/Zbot-LL 20140607
SUPERAntiSpyware Trojan.Agent/Gen-Vbinj 20140607
Symantec Trojan.Zbot 20140607
Tencent Win32.Trojan.Generic.Eckw 20140607
TheHacker Trojan/Spy.Zbot.yw 20140606
TrendMicro TROJ_GEN.R0CBC0ECP14 20140607
TrendMicro-HouseCall TROJ_GEN.R0CBC0ECP14 20140607
VIPRE Trojan.Win32.Generic!BT 20140607
AegisLab 20140607
ByteHero 20140607
F-Prot 20140607
nProtect 20140605
Rising 20140606
TotalDefense 20140607
VBA32 20140606
ViRobot 20140607
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
1997-2008 Postcartilaginous thistlewarp

Publisher Telerik
Product Cheesepresses parter's alzheimer's
Original name Uncomprehened arsmetricks.exe
Internal name Uncomprehened arsmetricks
File version 1.06.0007
Description Plectridium lithonephria intemperament beslavers
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-20 02:07:32
Entry Point 0x0000118C
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(516)
Ord(713)
Ord(685)
Ord(697)
Ord(584)
EVENT_SINK_AddRef
Ord(707)
Ord(714)
Ord(583)
Ord(702)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(540)
Ord(544)
Ord(662)
Ord(519)
Ord(100)
Ord(515)
ProcCallEngine
Ord(614)
Ord(585)
EVENT_SINK_Release
Ord(595)
Ord(587)
Ord(704)
Ord(705)
Ord(538)
Ord(310)
Ord(703)
Ord(304)
Ord(312)
Ord(579)
Ord(541)
Ord(588)
Ord(598)
Ord(698)
Number of PE resources by type
RT_ICON 5
RT_CURSOR 2
RT_GROUP_CURSOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.6

FileSubtype
0

FileVersionNumber
1.6.0.7

UninitializedDataSize
0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
204800

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
1997-2008 Postcartilaginous thistlewarp

FileVersion
1.06.0007

TimeStamp
2013:02:20 03:07:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Uncomprehened arsmetricks

FileAccessDate
2014:06:07 09:06:33+01:00

ProductVersion
1.06.0007

FileDescription
Plectridium lithonephria intemperament beslavers

OSVersion
4.0

FileCreateDate
2014:06:07 09:06:33+01:00

OriginalFilename
Uncomprehened arsmetricks.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Telerik

CodeSize
24576

ProductName
Cheesepresses parter's alzheimer's

ProductVersionNumber
1.6.0.7

EntryPoint
0x118c

ObjectFileType
Executable application

File identification
MD5 1eb21bc0cc9532c7a72aa918eae206b0
SHA1 8677a517a4c06e81769e9d24695a21f51280c12f
SHA256 7fa78baf99b85edaf32a7cd90cb1be85c1a2d194f0b77b80ef47a1a84482439a
ssdeep
6144:1nGbMiZqwp8fZnDHDTCrtZpliOJG3fih2Xuj5CEgVv:Yb5Rp8fZzDKbe6MXu4Emv

imphash 028893db832bdc47b8d4bf8a46039c8c
File size 224.5 KB ( 229888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-27 02:39:50 UTC ( 4 years ago )
Last submission 2014-06-07 08:09:05 UTC ( 2 years, 9 months ago )
File names Uncomprehened arsmetricks
Uncomprehened arsmetricks.exe
1eb21bc0cc9532c7a72aa918eae206b0
1eb21bc0cc9532c7a72aa918eae206b0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.