× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 908f122055be6544e4447eb838dd88f6a4c8c60f3a4a625c3cc5ece6bbeae7a2
File name: 4ebe6eb17e8f2e43b72b18ebe9c2de7d.exe
Detection ratio: 39 / 48
Analysis date: 2014-02-26 01:45:07 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
AVG VBCrypt.EFA 20140225
Ad-Aware Gen:Variant.Injector.13 20140226
Agnitum Trojan.DR.Injector!s+X41RfuNcY 20140225
AntiVir TR/Injector.319497 20140226
Avast Win32:VBCrypter-A [Cryp] 20140226
Baidu-International Trojan.Win32.Injector.AScA 20140225
BitDefender Gen:Variant.Injector.13 20140226
Bkav W32.Clod503.Trojan.11e2 20140225
CAT-QuickHeal Worm.Dorkbot.A 20140226
CMC Packed.Win32.Obfuscated.10!O 20140220
Comodo UnclassifiedMalware 20140226
DrWeb Trojan.PWS.SpySweep.143 20140226
ESET-NOD32 Win32/Injector.NHY 20140226
Emsisoft Gen:Variant.Injector.13 (B) 20140226
F-Secure Gen:Variant.Injector.13 20140226
Fortinet W32/Injector.CL!tr 20140226
GData Gen:Variant.Injector.13 20140226
Ikarus Trojan.VBCrypt 20140226
K7AntiVirus Trojan ( 003711281 ) 20140225
K7GW Trojan ( 003711281 ) 20140225
Kaspersky Trojan-Dropper.Win32.Injector.cgkn 20140226
Kingsoft Win32.Troj.Injector.(kcloud) 20140226
McAfee Generic Backdoor.xo 20140226
McAfee-GW-Edition Generic Backdoor.xo 20140226
MicroWorld-eScan Gen:Variant.Injector.13 20140226
Microsoft VirTool:Win32/VBInject 20140226
NANO-Antivirus Trojan.Win32.Injector.jdlad 20140226
Norman Injector.FOD 20140224
Panda Generic Trojan 20140225
Qihoo-360 HEUR/Malware.QVM03.Gen 20140226
Rising PE:Trojan.Win32.Generic.12B5BAE4!313899748 20140226
Sophos Mal/Rimecud-G 20140226
Symantec Trojan.Gen 20140226
TotalDefense Win32/Rbot.C!generic 20140225
TrendMicro TROJ_GEN.R4AE3JV 20140226
TrendMicro-HouseCall TROJ_GEN.R4AE3JV 20140226
VBA32 TrojanDropper.Injector 20140225
VIPRE Trojan.Win32.Generic!BT 20140226
ViRobot Dropper.A.Injector.319488.W 20140226
AhnLab-V3 20140225
Antiy-AVL 20140226
ByteHero 20130613
ClamAV 20140226
Commtouch 20140226
F-Prot 20140226
Jiangmin 20140226
Malwarebytes 20140226
SUPERAntiSpyware 20140226
TheHacker 20140226
nProtect 20140225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
All rights reserved

Publisher IObit
Product SLRunDlll
File version 3.80.01MC15
Description SLRunDlll
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-20 20:23:36
Link date 9:23 PM 1/20/2012
Entry Point 0x000012DC
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
_adj_fprem
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
__vbaObjSetAddref
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_CIcos
__vbaVarTstEq
_adj_fptan
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
Ord(644)
__vbaVarCat
_adj_fdivr_m32i
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaVarCopy
_CItan
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.0.0.150

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
143360

MIMEType
application/octet-stream

LegalCopyright
All rights reserved

FileVersion
3.80.01MC15

TimeStamp
2012:01:20 21:23:36+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:02:26 08:31:07+01:00

ProductVersion
3.80.01MC15

FileDescription
SLRunDlll

OSVersion
4.0

FileCreateDate
2014:02:26 08:31:07+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IObit

CodeSize
167936

ProductName
SLRunDlll

ProductVersionNumber
5.0.0.150

EntryPoint
0x12dc

ObjectFileType
Executable application

File identification
MD5 4ebe6eb17e8f2e43b72b18ebe9c2de7d
SHA1 35e40dd0cde486af524ee5f513552430c9019c24
SHA256 908f122055be6544e4447eb838dd88f6a4c8c60f3a4a625c3cc5ece6bbeae7a2
ssdeep
6144:mm8lM/MyqED30rTMVVGpuuCQSAVFf+1RvAr5l9eAm:mmoyHD8QvQSAX+6Vm

imphash 140dacdbcca0acd1c63c2db41c99cea7
File size 312.0 KB ( 319488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-01-21 14:48:15 UTC ( 2 years, 3 months ago )
Last submission 2014-02-26 01:45:07 UTC ( 1 month, 3 weeks ago )
File names 35e40dd0cde486af524ee5f513552430c9019c24.bin
1242714
4ebe6eb17e8f2e43b72b18ebe9c2de7d.vxe
shiznizzle.exe
4ebe6eb17e8f2e43b72b18ebe9c2de7d
output.1242714.txt
4ebe6eb17e8f2e43b72b18ebe9c2de7d.exe
test.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!