× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8568654ba9c2b585d8a7cebb62d67c236899986dab22602b20a025285e5b25b0
File name: msdb3543b85.exe
Detection ratio: 41 / 57
Analysis date: 2015-05-08 14:51:28 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2343334 20150508
Yandex Trojan.VBKrypt!BmfU93nmWQo 20150506
AhnLab-V3 Trojan/Win32.ZBot 20150508
ALYac Trojan.GenericKD.2343334 20150508
Antiy-AVL Trojan/Win32.VBKrypt 20150508
Avast Win32:Malware-gen 20150508
AVG Crypt_vb.GSI 20150508
Avira (no cloud) TR/Injector.219414 20150508
AVware Trojan.Win32.Generic!BT 20150508
Baidu-International Trojan.Win32.Injector.BZKS 20150508
BitDefender Trojan.GenericKD.2343334 20150508
ByteHero Virus.Win32.Heur.p 20150508
Cyren W32/PWS.XKEB-2809 20150508
DrWeb Trojan.Emotet.78 20150508
Emsisoft Trojan.GenericKD.2343334 (B) 20150508
ESET-NOD32 a variant of Win32/Injector.BZKS 20150508
F-Secure Trojan.GenericKD.2343334 20150508
Fortinet W32/VBKrypt.JBJ!tr 20150508
GData Trojan.GenericKD.2343334 20150508
Ikarus Trojan.Win32.Injector 20150508
Jiangmin Trojan/VBKrypt.jhft 20150506
K7AntiVirus Trojan ( 004b8c611 ) 20150508
K7GW Trojan ( 004b8c611 ) 20150508
Kaspersky Trojan.Win32.VBKrypt.jbj 20150508
Malwarebytes Trojan.Agent.RND 20150508
McAfee PWSZbot-FAKN!D48EB7DB9121 20150508
McAfee-GW-Edition BehavesLike.Win32.VBObfus.dh 20150508
Microsoft Trojan:Win32/Emotet.G 20150508
eScan Trojan.GenericKD.2343334 20150508
NANO-Antivirus Trojan.Win32.VBKrypt.drffpv 20150508
Norman Injector.IIES 20150508
nProtect Trojan.GenericKD.2343334 20150508
Panda Trj/Genetic.gen 20150508
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150508
Sophos AV Troj/VBAgent-AF 20150508
Symantec Trojan.Gen 20150508
Tencent Trojan.Win32.Qudamah.Gen.17 20150508
TrendMicro TROJ_GEN.R00GC0CE515 20150508
TrendMicro-HouseCall TROJ_GEN.R00GC0CE515 20150508
VBA32 TScope.Trojan.VB 20150508
VIPRE Trojan.Win32.Generic!BT 20150508
AegisLab 20150508
Alibaba 20150508
Bkav 20150508
CAT-QuickHeal 20150508
ClamAV 20150508
CMC 20150508
Comodo 20150508
F-Prot 20150508
Kingsoft 20150508
Rising 20150508
SUPERAntiSpyware 20150508
TheHacker 20150507
TotalDefense 20150508
ViRobot 20150508
Zillya 20150507
Zoner 20150507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-29 06:19:38
Entry Point 0x0000110C
Number of sections 3
PE sections
Overlays
MD5 0454e9f849fb238765c2fd8859c791ff
File type data
Offset 114688
Size 104726
Entropy 7.98
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(537)
Ord(570)
Ord(685)
Ord(617)
Ord(525)
EVENT_SINK_AddRef
Ord(650)
Ord(717)
Ord(600)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(599)
Ord(608)
Ord(516)
Ord(100)
Ord(573)
ProcCallEngine
Ord(606)
EVENT_SINK_Release
Ord(595)
Ord(631)
Ord(563)
Number of PE resources by type
RT_ICON 5
Struct(0) 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:29 07:19:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
6.0

EntryPoint
0x110c

InitializedDataSize
49152

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d48eb7db9121dd8359f55d3617947110
SHA1 488b354d1eb919a925d85c50e22307b899836bac
SHA256 8568654ba9c2b585d8a7cebb62d67c236899986dab22602b20a025285e5b25b0
ssdeep
3072:nOQhZzMOQhZ4RH24gHOQhZzMOQhZgbjjOR3hPpGIvWRaYdFpzsmCHtPIUrcs8Ft9:ijjYmsYRsmCHxIUws8RRM0

authentihash 2a50da3aecc3d4246ebbb9a217bb138007f6ce3cc10b6b90cfbbce22eca89a3c
imphash a1276aef814eea4e8675b8ecdb33fc59
File size 214.3 KB ( 219414 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-29 11:46:12 UTC ( 4 years ago )
Last submission 2016-08-17 17:22:35 UTC ( 2 years, 9 months ago )
File names msdb8b48ec5.exe
msdb13e58f3.exe
msdb1d027b1.exe.VIRUS
output.67337751.txt
35n.exe
msdb3543b85.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R034E01GP15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!