× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 887e339dde036eba07cd015081bb5431d70eece226976852dd6d7eb949a52c2d
File name: 7d0aac538cb4ae009ed22c54e1dc5d3c
Detection ratio: 43 / 54
Analysis date: 2015-04-23 07:12:07 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2234803 20150423
Yandex Trojan.VBKrypt!StzPI7Sv/i0 20150422
AhnLab-V3 Trojan/Win32.Injector 20150423
Antiy-AVL Trojan/Win32.VBKrypt 20150423
Avast Win32:Emotet-P [Trj] 20150423
AVG Generic_vb.IAF 20150423
Baidu-International Trojan.Win32.VBKrypt.veyj 20150421
BitDefender Trojan.GenericKD.2234803 20150423
ByteHero Virus.Win32.Heur.p 20150423
CAT-QuickHeal Trojan.Emotet.rw3 20150423
Comodo TrojWare.Win32.UMal.~A 20150423
Cyren W32/Trojan.BDOM-9094 20150423
DrWeb Trojan.Emotet.63 20150423
Emsisoft Trojan.GenericKD.2234803 (B) 20150423
ESET-NOD32 Win32/Emotet.AD 20150423
F-Prot W32/Trojan5.LYP 20150423
F-Secure Trojan.GenericKD.2234803 20150423
Fortinet W32/VBKrypt.VEYJ!tr 20150423
GData Trojan.GenericKD.2234803 20150423
Ikarus Trojan.Win32.Emotet 20150423
Jiangmin Trojan/VBKrypt.jgso 20150422
K7AntiVirus Trojan ( 004b8c611 ) 20150423
K7GW Trojan ( 004b8c611 ) 20150423
Kaspersky Trojan.Win32.VBKrypt.veyj 20150423
Malwarebytes Trojan.VBAgent 20150423
McAfee Generic.ux 20150423
McAfee-GW-Edition BehavesLike.Win32.Autorun.ch 20150422
Microsoft Trojan:Win32/Emotet.G 20150423
eScan Trojan.GenericKD.2234803 20150423
NANO-Antivirus Trojan.Win32.VBKrypt.dpidsq 20150422
Norman VBKrypt.VBP 20150423
nProtect Trojan/W32.Agent.125049.D 20150422
Panda Trj/WLT.A 20150422
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150423
Sophos AV Troj/VB-IHA 20150423
Symantec Trojan.Zbot 20150423
Tencent Trojan.Win32.Qudamah.Gen.17 20150423
TotalDefense Win32/Tnega.XZNOPXC 20150422
TrendMicro TSPY_EMOTET.XXQS 20150423
TrendMicro-HouseCall TSPY_EMOTET.XXQS 20150423
VBA32 TScope.Trojan.VB 20150422
VIPRE Trojan.Win32.Generic!BT 20150423
ViRobot Trojan.Win32.U.Agent.125049[h] 20150423
AegisLab 20150423
Alibaba 20150423
Bkav 20150422
ClamAV 20150423
CMC 20150423
Kingsoft 20150423
Rising 20150422
SUPERAntiSpyware 20150423
TheHacker 20150422
Zillya 20150422
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Deutsche Welle
Original name Swork1.exe
Internal name Swork1
File version 1.00.0051
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-19 12:15:51
Entry Point 0x000014A4
Number of sections 3
PE sections
Overlays
MD5 7ff8ad196cda54d720af3530f9c8c169
File type data
Offset 73728
Size 51321
Entropy 7.34
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaStrMove
__vbaGet3
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaObjVar
__vbaVarMod
__vbaRedim
Ord(537)
__vbaVarSetObj
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaObjSetAddref
__vbaFixstrConstruct
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
Ord(616)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
Ord(608)
__vbaFreeStr
Ord(631)
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarTstLt
__vbaFreeVar
__vbaBoolVarNull
Ord(588)
__vbaFileOpen
__vbaUI1I2
Ord(711)
__vbaNew
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaVarNeg
__vbaLsetFixstr
Ord(570)
__vbaAryUnlock
__vbaVarAbs
__vbaStrVarCopy
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaVarOr
__vbaLateMemCallLd
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaVarSub
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
_adj_fdiv_m32
__vbaVarCmpEq
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaVarDiv
__vbaLateMemCall
__vbaObjSet
_CIexp
_CItan
__vbaFpI4
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.51

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x14a4

OriginalFileName
Swork1.exe

MIMEType
application/octet-stream

FileVersion
1.00.0051

TimeStamp
2015:03:19 13:15:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Swork1

ProductVersion
1.00.0051

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Deutsche Welle

CodeSize
40960

ProductName
Deutsche Welle

ProductVersionNumber
1.0.0.51

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 7d0aac538cb4ae009ed22c54e1dc5d3c
SHA1 15ea0abf9d6898a1278ae0ae9cf492623ebc9053
SHA256 887e339dde036eba07cd015081bb5431d70eece226976852dd6d7eb949a52c2d
ssdeep
3072:8PNWsB8PMqZa/PMbNWsBbAbVs+XOyIxCHZiKDIO:OmE6QEbebOpkHZiKD3

authentihash d496864668c1ee8a6cca606008eeee71d73c74c4858289a370507afc6bfbc387
imphash a4a199e8fdb59e30d8828839bb9edb6a
File size 122.1 KB ( 125049 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-19 12:50:05 UTC ( 4 years, 2 months ago )
Last submission 2016-05-27 06:02:49 UTC ( 2 years, 11 months ago )
File names {9458ADDD-C0CA-D6A0-3486-C494354E1857}.exe
file.exe
Swork1
{0980BBD6-4368-73EE-D625-594C2345B093}.exe
mXpNx.xlsm
ups_sendungsdetails_03_2015_loc_de_DE_34958935947_43938949_track_0000039039948_I_OE_Win_wpo39_10.exe
.7fdfb075
Swork1.exe
Dhl_Status_zu_Sendung_03808432561_set_identcodes_do_lang_de_rfn_extendedSearch_true_0000002938 (18).exe
{C80C14FB-9DD8-C94E-A79B-98C08C68CCED}.exe
Dhl_Status_zu_Sendung_03808432561_set_identcodes_do_lang_de_rfn_extendedSearch_true_0000002938.exe
7d0aac538cb4ae009ed22c54e1dc5d3c
{5B1F9BE2-B5ED-C127-A3B2-0BD30371BF10}.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!