× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 91998b64003ade8468bb1bc7c12192648939a153a9df7a247f47c65ad4842160
File name: D114.exe
Detection ratio: 49 / 58
Analysis date: 2017-02-26 04:54:28 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.35692 20170226
AegisLab Worm.W32.Ngrbot!c 20170226
AhnLab-V3 Trojan/Win32.NgrBot.R97680 20170225
ALYac Gen:Variant.Symmi.35692 20170225
Antiy-AVL Worm/Win32.Ngrbot 20170226
Arcabit Trojan.Symmi.D8B6C 20170226
Avast Win32:VBCrypt-CRW [Trj] 20170226
AVG Clicker.BFAM 20170226
Avira (no cloud) TR/ATRAPS.A.1378 20170225
AVware Trojan.Win32.Clicker!BT 20170226
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170224
BitDefender Gen:Variant.Symmi.35692 20170226
Comodo UnclassifiedMalware 20170226
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Gen:Variant.Symmi.35692 (B) 20170226
Endgame malicious (high confidence) 20170222
ESET-NOD32 Win32/TrojanClicker.VB.NZZ 20170226
F-Secure Gen:Variant.Symmi.35692 20170226
Fortinet W32/AutoRun.DVXZ!worm 20170226
GData Gen:Variant.Symmi.35692 20170226
Ikarus Worm.Win32.Ngrbot 20170225
Sophos ML trojandownloader.win32.kuluoz.d 20170203
Jiangmin KVBASE 20170226
K7AntiVirus Trojan ( 004b8b021 ) 20170226
K7GW Trojan ( 004b8b021 ) 20170226
Kaspersky Worm.Win32.Ngrbot.wju 20170226
Kingsoft Worm.Ngrbot.w.(kcloud) 20170226
Malwarebytes Trojan.DorkBot 20170226
McAfee GenericR-EEZ!2393A51C7BDD 20170225
McAfee-GW-Edition BehavesLike.Win32.Packed.ch 20170226
Microsoft Trojan:Win32/Bagsu!rfn 20170226
eScan Gen:Variant.Symmi.35692 20170226
NANO-Antivirus Trojan.Win32.Ngrbot.dzfkzv 20170226
nProtect Worm/W32.Ngrbot.151552.D 20170226
Panda Trj/Dtcontx.I 20170225
Qihoo-360 Win32/Worm.BO.e3e 20170226
Sophos AV Mal/Generic-S 20170226
SUPERAntiSpyware Trojan.Agent/Gen-Clicker 20170225
Symantec Downloader 20170224
Tencent Win32.Worm.Ngrbot.Hqln 20170226
TotalDefense Win32/Tnega.XAHF!suspicious 20170225
TrendMicro TROJ_GEN.R047C0CKF16 20170226
TrendMicro-HouseCall TROJ_GEN.R047C0CKF16 20170226
VBA32 Worm.Ngrbot 20170224
VIPRE Trojan.Win32.Clicker!BT 20170226
ViRobot Trojan.Win32.Z.Ngrbot.151552.E[h] 20170225
Webroot Malicious 20170226
Yandex Worm.Ngrbot!Jg/rzjVPAJw 20170225
Zillya Worm.Ngrbot.Win32.9925 20170224
Alibaba 20170224
Bkav 20170225
CAT-QuickHeal 20170225
ClamAV 20170226
CMC 20170225
Cyren 20170226
F-Prot 20170226
Rising 20170225
TheHacker 20170223
Trustlook 20170226
WhiteArmor 20170222
Zoner 20170226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
V10l3t4

Product V10l3t4
Original name V10l3t4.exe
Internal name V10l3t4Û@OriginalFilename
File version 15.48.0007
Description V10l3t4
Comments V10l3t4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-24 09:26:44
Entry Point 0x0000141C
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
Ord(537)
_adj_fdiv_r
__vbaMidStmtBstr
Ord(100)
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(595)
_adj_fptan
__vbaFileClose
Ord(581)
__vbaI4Var
__vbaFreeVar
__vbaFreeStr
__vbaUI1Str
__vbaStrI2
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaLenBstr
Ord(525)
Ord(681)
Ord(631)
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaFileOpen
__vbaUbound
Ord(608)
__vbaPowerR8
__vbaI2Str
Ord(711)
_CIsqrt
EVENT_SINK_Release
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
Ord(570)
__vbaAryCopy
__vbaErase
__vbaStrVarCopy
__vbaFreeObjList
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaVarTstNe
__vbaFreeObj
__vbaVarCopy
__vbaStrVarVal
_CIcos
Ord(713)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
_adj_fdiv_m32
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaStrCopy
Ord(632)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
_adj_fdiv_m64
_CIsin
__vbaAryLock
_adj_fdivr_m32
_CIatan
Ord(644)
__vbaVarCat
_CIexp
_CItan
Ord(598)
__vbaFpI2
CallWindowProcW
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
V10l3t4

SubsystemVersion
4.0

Comments
V10l3t4

LinkerVersion
6.0

ImageVersion
15.48

FileSubtype
0

FileVersionNumber
15.48.0.7

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
V10l3t4

CharacterSet
Unicode

InitializedDataSize
114688

EntryPoint
0x141c

OriginalFileName
V10l3t4.exe

MIMEType
application/octet-stream

LegalCopyright
V10l3t4

FileVersion
15.48.0007

TimeStamp
2012:09:24 10:26:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
V10l3t4

ProductVersion
15.48.0007

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
V10l3t4

CodeSize
36864

ProductName
V10l3t4

ProductVersionNumber
15.48.0.7

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2393a51c7bddc94f60b1da6dc230fe74
SHA1 31dce8ce01dbaba37b88c15bfc7516a0524857a9
SHA256 91998b64003ade8468bb1bc7c12192648939a153a9df7a247f47c65ad4842160
ssdeep
3072:XO953pIe2pq1qxqxqdqPqwqsqAqYoMKq5qpqTqXq/qDqD89JQqvt87H:q0e2pq1qxqxqdqPqwqsqAqQKq5qpqTqC

authentihash 2fb206e0d58297466d66131a7fdf3e6f6a8d34974b01fcc058b1ea971159b156
imphash 9a644c7aed13d977dbf7393aad6750ba
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2013-11-26 22:13:42 UTC ( 5 years, 1 month ago )
Last submission 2014-10-01 22:56:50 UTC ( 4 years, 3 months ago )
File names 49CB.exe
V10l3t4Û@OriginalFilename
D114.exe
AD9E.exe
V10l3t4.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications