× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e87c40ae1e025e1f54acb0143a33fbb37fd226577a15c3f876283bb40429913
File name: 55EB6875447B73F3BBEA8D2636D2193F
Detection ratio: 45 / 54
Analysis date: 2014-07-15 19:20:10 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware Worm.Generic.234138 20140715
Yandex Trojan.VB!aVR1NOFQauc 20140715
AhnLab-V3 Dropper/Win32.Xema 20140715
AntiVir TR/Dropper.Gen 20140715
Avast Win32:Inject-ABT [Trj] 20140715
AVG Worm/VB.7.BK 20140715
Baidu-International Trojan.Win32.Agent.Ac 20140715
BitDefender Worm.Generic.234138 20140715
Bkav W32.KoobfaceDILE.Adware 20140715
CAT-QuickHeal (Suspicious) - DNAScan 20140715
ClamAV Win.Trojan.Adbf 20140715
Commtouch W32/Koobface.N.gen!Eldorado 20140715
Comodo NetWorm.Win32.Koobface.FE 20140715
DrWeb Trojan.PWS.Stealer.189 20140715
Emsisoft Worm.Generic.234138 (B) 20140715
ESET-NOD32 probably a variant of Win32/Injector.BCE 20140715
F-Prot W32/Koobface.N.gen!Eldorado 20140715
F-Secure Worm.Generic.234138 20140715
Fortinet W32/VBObfus.C!tr 20140715
GData Worm.Generic.234138 20140715
Ikarus Virus.Win32.VBInject 20140715
K7AntiVirus Backdoor ( 04c4da301 ) 20140715
K7GW Backdoor ( 04c4da301 ) 20140715
Kaspersky Trojan.Win32.VB.adbf 20140715
Kingsoft Win32.Troj.Generic.(kcloud) 20140715
McAfee Artemis!55EB6875447B 20140715
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.A 20140715
Microsoft VirTool:Win32/VBInject.RT 20140715
eScan Worm.Generic.234138 20140715
NANO-Antivirus Trojan.Win32.VB.rppc 20140715
Norman Suspicious_Gen2.AQJNG 20140715
nProtect Worm.Generic.234138 20140715
Panda Application/GameVance 20140715
Qihoo-360 HEUR/Malware.QVM03.Gen 20140715
Rising PE:Trojan.Win32.Generic.1239CD50!305778000 20140715
Sophos AV Mal/Koobface-B 20140715
SUPERAntiSpyware Trojan.Agent/Gen-KoobFace 20140715
Symantec Packed.Generic.296 20140715
Tencent Win32.Trojan.Vb.Sxyp 20140715
TheHacker Trojan/VB.adbf 20140714
TotalDefense Win32/VBInject.LQ 20140715
TrendMicro TROJ_GEN.R047C0EGF14 20140715
TrendMicro-HouseCall TROJ_GEN.R047C0EGF14 20140715
VIPRE Worm.Win32.Vobfus.mc (v) 20140715
Zillya Trojan.VB.Win32.33506 20140715
AegisLab 20140715
Antiy-AVL 20140715
ByteHero 20140715
CMC 20140714
Jiangmin 20140715
Malwarebytes 20140715
VBA32 20140715
ViRobot 20140715
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-14 12:22:38
Entry Point 0x000010A4
Number of sections 4
PE sections
PE imports
ProcCallEngine
__vbaExceptHandler
Ord(598)
DllFunctionCall
Ord(644)
Ord(631)
Ord(100)
Ord(608)
CreateProcessW
RtlMoveMemory
GetProcAddress
LoadLibraryA
VirtualAllocEx
CallWindowProcA
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
2 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 4
ENGLISH US 1
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
1.0

FileVersionNumber
0.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
56320

MIMEType
application/octet-stream

TimeStamp
2010:03:14 13:22:38+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:07:15 20:26:53+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:07:15 20:26:53+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10240

FileSubtype
0

ProductVersionNumber
0.1.0.0

EntryPoint
0x10a4

ObjectFileType
Executable application

File identification
MD5 55eb6875447b73f3bbea8d2636d2193f
SHA1 611df0174dc856f3bb1548d67bf6af8fc3d24a5d
SHA256 8e87c40ae1e025e1f54acb0143a33fbb37fd226577a15c3f876283bb40429913
ssdeep
1536:/vh3hRgH4sIoOBHSLla6bSjbdd7PK9MxKMfDzRfx:/3RSSo2H4aaSjbDaMh1f

imphash c8d928021809e1782dd04c4a47363bff
File size 66.5 KB ( 68096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-03-14 16:49:52 UTC ( 7 years, 11 months ago )
Last submission 2011-07-17 05:46:09 UTC ( 6 years, 7 months ago )
File names 55EB6875447B73F3BBEA8D2636D2193F
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!