× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8fa9875e7925f18f67f25bf99fccd5d3de658cd3bef2e2bca8e3e0116a029b65
File name: jesse
Detection ratio: 36 / 50
Analysis date: 2014-03-13 01:15:12 UTC ( 1 month, 1 week ago )
Antivirus Result Update
AVG PSW.Generic10.CMCZ 20140312
Ad-Aware Trojan.Generic.KD.918627 20140313
Agnitum Trojan.Inject!/LhGK0c6fWA 20140312
AhnLab-V3 Spyware/Win32.Zbot 20140312
AntiVir TR/Dropper.VB.Gen 20140312
Avast Win32:VB-AFVT [Trj] 20140313
Baidu-International Trojan.Win32.Inject.As 20140312
BitDefender Trojan.Generic.KD.918627 20140313
Bkav W32.Clodbb7.Trojan.2d0d 20140312
CAT-QuickHeal Worm.Phorpiex 20140312
Commtouch W32/Trojan.ZKAM-0415 20140313
Comodo UnclassifiedMalware 20140312
DrWeb Trojan.MulDrop4.30092 20140313
ESET-NOD32 a variant of Win32/Injector.APLP 20140312
Emsisoft Trojan.Generic.KD.918627 (B) 20140313
F-Secure Trojan.Generic.KD.918627 20140313
Fortinet W32/Injector.FKNG!tr 20140313
GData Trojan.Generic.KD.918627 20140313
Ikarus Worm.Win32.Phorpiex 20140312
K7AntiVirus Riskware ( 0040eff71 ) 20140312
K7GW Backdoor ( 04c544721 ) 20140312
Kaspersky Trojan.Win32.Inject.fuea 20140313
Kingsoft Win32.Troj.Agent.k.(kcloud) 20140313
McAfee PWS-Zbot-FARH!09FE80ECCB79 20140313
McAfee-GW-Edition PWS-Zbot-FARH!09FE80ECCB79 20140312
MicroWorld-eScan Trojan.Generic.KD.918627 20140313
Microsoft VirTool:Win32/VBInject.gen!KA 20140313
Norman Troj_Generic.JLMMR 20140312
Panda Trj/OCJ.D 20140312
Qihoo-360 HEUR/Malware.QVM03.Gen 20140313
Sophos Mal/Cleaman-B 20140313
Symantec Trojan.Gen 20140313
TrendMicro TROJ_SPNR.35E013 20140313
TrendMicro-HouseCall TROJ_SPNR.35E013 20140313
VIPRE Worm.Win32.Phorpiex.ba (v) 20140313
nProtect Trojan.Generic.KD.918627 20140312
Antiy-AVL 20140311
ByteHero 20140313
CMC 20140312
ClamAV 20140312
F-Prot 20140313
Jiangmin 20140312
Malwarebytes 20140313
NANO-Antivirus 20140312
Rising 20140312
SUPERAntiSpyware 20140313
TheHacker 20140312
TotalDefense 20140312
VBA32 20140312
ViRobot 20140312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Internet Widgits Pty Ltd
Product candice june
Original name jesse.exe
Internal name jesse
File version 1.01.0012
Description eleanora jessalyn harm
Comments kristal elfrieda liesbeth
Signature verification A certificate chain could not be built to a trusted root authority.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-29 02:07:38
Link date 3:07 AM 3/29/2013
Entry Point 0x00001180
Number of sections 4
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
Ord(516)
Ord(616)
_adj_fdivr_m64
_adj_fprem
Ord(572)
EVENT_SINK_AddRef
__vbaLenBstr
_adj_fpatan
_adj_fdiv_m32i
Ord(594)
Ord(535)
__vbaInStr
EVENT_SINK_QueryInterface
__vbaStrCopy
Ord(702)
__vbaExceptHandler
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaStrMove
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
Ord(519)
Ord(561)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(606)
_CIcos
Ord(713)
Ord(587)
_adj_fptan
Ord(593)
__vbaObjSet
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
Ord(631)
_CItan
_CIexp
__vbaStrI2
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_CURSOR 21
RT_GROUP_CURSOR 15
RT_ICON 3
RT_BITMAP 2
Struct(968) 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 40
NEUTRAL 4
ARABIC NEUTRAL 1
ExifTool file metadata
UninitializedDataSize
0

Comments
kristal elfrieda liesbeth

LinkerVersion
6.0

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
1.1.0.12

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
65536

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.01.0012

TimeStamp
2013:03:29 03:07:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jesse

SubsystemVersion
4.0

FileAccessDate
2014:03:13 02:18:14+01:00

ProductVersion
1.01.0012

FileDescription
eleanora jessalyn harm

OSVersion
4.0

FileCreateDate
2014:03:13 02:18:14+01:00

OriginalFilename
jesse.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
merl franklyn ethelind

CodeSize
90112

ProductName
candice june

ProductVersionNumber
1.1.0.12

EntryPoint
0x1180

ObjectFileType
Executable application

File identification
MD5 09fe80eccb798f33f32792fc303504de
SHA1 db3863da768bb774f1b31e85550cc41a92947d1c
SHA256 8fa9875e7925f18f67f25bf99fccd5d3de658cd3bef2e2bca8e3e0116a029b65
ssdeep
3072:Qdnud8M3AFyd9C6sXQAZgCFBSzSXBvN/xCkC31tF0sOk:v3AwGDZgCFsOXS9nOk

imphash 4959df6764a0975982eb0a8f83f841d5
File size 157.4 KB ( 161144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-29 12:47:37 UTC ( 1 year ago )
Last submission 2013-04-08 09:38:12 UTC ( 1 year ago )
File names jesse.exe
8fa9875e7925f18f67f25bf99fccd5d3de658cd3bef2e2bca8e3e0116a029b65
09fe80eccb798f33f32792fc303504de.db3863da768bb774f1b31e85550cc41a92947d1c
jesse
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications