× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88d3747648595ac175ae9ae716daf56a28e62e85e49c4f68c7146b2f83282fe1
File name: Repu
Detection ratio: 34 / 54
Analysis date: 2014-08-04 19:30:35 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39982 20140804
AhnLab-V3 Trojan/Win32.Zbot 20140804
AntiVir TR/Kazy.340412 20140804
Antiy-AVL Trojan/Win32.Badur 20140804
Avast Win32:Zbot-THR [Trj] 20140804
AVG Pakes_c.BGVK 20140804
AVware Trojan.Win32.Generic!BT 20140804
Baidu-International Trojan.Win32.Badur.ACgn 20140804
BitDefender Gen:Variant.Symmi.39982 20140804
Comodo UnclassifiedMalware 20140804
Emsisoft Gen:Variant.Symmi.39982 (B) 20140804
ESET-NOD32 a variant of Win32/TrojanDownloader.VB.QKA 20140804
F-Secure Gen:Variant.Symmi.39982 20140804
Fortinet W32/Badur.GZPB!tr 20140804
GData Gen:Variant.Symmi.39982 20140804
Ikarus Trojan.Win32.Badur 20140804
K7AntiVirus Riskware ( 0040eff71 ) 20140804
K7GW Trojan ( 050000001 ) 20140804
Kaspersky Trojan.Win32.Badur.gzpb 20140804
Malwarebytes Trojan.Dorkbot.ED 20140804
McAfee RDN/Spybot.bfr!l 20140804
McAfee-GW-Edition RDN/Spybot.bfr!l 20140804
Microsoft Trojan:Win32/Sisproc!gmb 20140804
eScan Gen:Variant.Symmi.39982 20140804
Norman Troj_Generic.TDOSX 20140804
Panda Generic Malware 20140804
Qihoo-360 HEUR/Malware.QVM03.Gen 20140804
Sophos Mal/Generic-S 20140804
Symantec WS.Reputation.1 20140804
Tencent Win32.Trojan.Badur.Hwcx 20140804
TrendMicro TROJ_SPNV.03CA14 20140804
TrendMicro-HouseCall TROJ_SPNV.03CA14 20140804
VBA32 Trojan.Badur.gzpb 20140804
VIPRE Trojan.Win32.Generic!BT 20140804
AegisLab 20140804
Yandex 20140804
Bkav 20140804
ByteHero 20140804
CAT-QuickHeal 20140804
ClamAV 20140804
CMC 20140804
Commtouch 20140804
DrWeb 20140804
F-Prot 20140804
Jiangmin 20140804
Kingsoft 20140804
NANO-Antivirus 20140804
nProtect 20140804
Rising 20140804
SUPERAntiSpyware 20140804
TheHacker 20140803
TotalDefense 20140804
ViRobot 20140804
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Underbra schoolma erose's 2010

Publisher Symantec Corporation Art
Product ro veneranc
Original name Repu.exe
Internal name Repu
File version 87.77.0080
Description Nervid nonsuct
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-04 20:43:29
Entry Point 0x000010BC
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(667)
Ord(600)
__vbaExceptHandler
Ord(545)
Ord(100)
MethCallEngine
Ord(543)
Ord(685)
ProcCallEngine
Ord(712)
Ord(546)
Ord(588)
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(716)
Ord(598)
Ord(628)
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
61440

ImageVersion
87.77

ProductName
ro veneranc

FileVersionNumber
87.77.0.80

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Repu.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
87.77.0080

TimeStamp
2014:03:04 21:43:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Repu

FileAccessDate
2014:08:04 20:31:04+01:00

ProductVersion
87.77.0080

FileDescription
Nervid nonsuct

OSVersion
4.0

FileCreateDate
2014:08:04 20:31:04+01:00

FileOS
Win32

LegalCopyright
Underbra schoolma erose's 2010

MachineType
Intel 386 or later, and compatibles

CompanyName
Symantec Corporation Art

CodeSize
8192

FileSubtype
0

ProductVersionNumber
87.77.0.80

EntryPoint
0x10bc

ObjectFileType
Executable application

File identification
MD5 9b9bdd163a2ee929fc03f900a8d67cec
SHA1 772bbecd4689a01b681e65d2e2aeb10c9ab6fba2
SHA256 88d3747648595ac175ae9ae716daf56a28e62e85e49c4f68c7146b2f83282fe1
ssdeep
1536:Vr8Jxasnm4PsMLmb5fjYxxgs/vffffffffffffffm5EfTKs:R4Ppmb5EZgWT/

imphash 2c80cf820202bacc75908af4b02a39f8
File size 68.0 KB ( 69632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-08 14:04:38 UTC ( 3 years, 3 months ago )
Last submission 2014-05-08 15:36:05 UTC ( 3 years, 1 month ago )
File names Repu.exe
aa
22355117
Repu
rename.exe
output.22355117.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
TCP connections