× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8cd791a0723a478795283b65db709b282988daaa1009bbac16792b687760e39c
File name: LoadSpam.exe
Detection ratio: 37 / 46
Analysis date: 2013-05-03 21:39:39 UTC ( 6 years ago )
Antivirus Result Update
Yandex Trojan.DL.Banload!PObNz4zNA+w 20130503
AhnLab-V3 Win-Trojan/Downloader.40960.XZ 20130503
AntiVir TR/VB.Downloader.Gen 20130503
Avast Win32:Trojan-gen 20130503
AVG unknown virus Win32/DH{ICMlV2c4Vgk} 20130503
BitDefender Gen:Trojan.Heur.cm0@s5R0Uuei2 20130503
CAT-QuickHeal Trojan.Agent.ni 20130503
Commtouch W32/VBTrojan.Downloader.1D!Maximus 20130503
Comodo UnclassifiedMalware 20130503
DrWeb Trojan.DownLoader6.50025 20130503
Emsisoft Gen:Trojan.Heur.cm0@s5R0Uuei2 (B) 20130503
eSafe Win32.Trojan 20130501
ESET-NOD32 Win32/TrojanDownloader.Banload.RIZ 20130503
F-Prot W32/VBTrojan.Downloader.1D!Maximus 20130503
F-Secure Gen:Trojan.Heur.cm0@s5R0Uuei2 20130503
Fortinet W32/Banload.RIZ!tr.dldr 20130503
GData Gen:Trojan.Heur.cm0@s5R0Uuei2 20130503
Ikarus Trojan.Win32.Spy 20130503
K7AntiVirus Trojan 20130503
K7GW Riskware 20130503
Kaspersky HEUR:Trojan-Downloader.Win32.Generic 20130503
Kingsoft Win32.Troj.Undef.(kcloud) 20130502
Malwarebytes Trojan.Banker.Gen 20130503
McAfee Generic VB.iv 20130503
McAfee-GW-Edition Generic VB.iv 20130503
Microsoft Trojan:Win32/Camec.L 20130503
eScan Gen:Trojan.Heur.cm0@s5R0Uuei2 20130503
NANO-Antivirus Trojan.Win32.ATRAPS.wapat 20130503
Norman Troj_Generic.DSLSJ 20130503
Panda Generic Trojan 20130503
PCTools Trojan.Gen 20130503
Symantec Trojan.Gen 20130503
TheHacker Trojan/Downloader.Banload.riz 20130503
TotalDefense Win32/SillyDl.YUL 20130503
TrendMicro TROJ_SPNR.30I712 20130503
TrendMicro-HouseCall TROJ_SPNR.30I712 20130503
VIPRE Trojan.Win32.Generic!BT 20130503
Antiy-AVL 20130503
ByteHero 20130424
ClamAV 20130503
Jiangmin 20130503
nProtect 20130503
Sophos AV 20130503
SUPERAntiSpyware 20130503
VBA32 20130503
ViRobot 20130503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher _
Product dba
Original name LoadSpam.exe
Internal name LoadSpam
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-24 18:40:40
Entry Point 0x0000158C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
_CIcos
__vbaEnd
EVENT_SINK_QueryInterface
Ord(648)
__vbaVarDup
_adj_fdivr_m64
__vbaBoolVar
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
Ord(685)
_adj_fpatan
__vbaFreeObjList
Ord(526)
Ord(580)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
EVENT_SINK_Release
__vbaExitProc
Ord(100)
__vbaFreeVar
__vbaBoolVarNull
Ord(519)
__vbaFixstrConstruct
_adj_fdiv_r
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_allmul
__vbaStrVarVal
__vbaLsetFixstr
Ord(616)
_adj_fptan
Ord(577)
__vbaFileClose
__vbaObjSet
Ord(529)
Ord(667)
__vbaPut3
__vbaVarMove
_CIatan
__vbaNew2
__vbaVarCat
__vbaOnError
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaVarCopy
__vbaFreeStrList
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
12288

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2012:08:24 19:40:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LoadSpam

FileAccessDate
2013:05:03 22:39:44+01:00

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2013:05:03 22:39:44+01:00

OriginalFilename
LoadSpam.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
*

CodeSize
24576

ProductName
dba

ProductVersionNumber
1.0.0.0

EntryPoint
0x158c

ObjectFileType
Executable application

File identification
MD5 1a6ee6fabc9cde0a9d82421db6210ca8
SHA1 402f4c8ef875a4563338f80d9ce4ab95eabbe0a6
SHA256 8cd791a0723a478795283b65db709b282988daaa1009bbac16792b687760e39c
ssdeep
384:j172f4JBoit9WjznsUC0/WxCEy6GYgqD3W46p/6T:1KIBoitgp/W0EJ765U

File size 40.0 KB ( 40960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe mz

VirusTotal metadata
First submission 2012-08-29 11:12:21 UTC ( 6 years, 8 months ago )
Last submission 2013-05-03 21:39:39 UTC ( 6 years ago )
File names file-4440310_com
1a6ee6fabc9cde0a9d82421db6210ca8
Arquivo27082012.com_
40960_1a6ee6fabc9cde0a9d82421db6210ca8.exe
LoadSpam.exe
output.2144357.txt
2144352
Arquivo27082012.com
Arquivo27082012.ex
aa
2144357
LoadSpam
34964e4a8221791f0348545884aa7dd058aa0416
402f4c8ef875a4563338f80d9ce4ab95eabbe0a6.exe
58940652697d331d391aa710078a69b1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!