× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9473d8b515d9a2e142476502568680cbd1dee25e3a351ffeaa3da569728f89cc
File name: 3739c744f33ab816587edae5bc440b5316174cbc
Detection ratio: 40 / 56
Analysis date: 2015-03-26 15:55:20 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2231805 20150326
Yandex Trojan.VBKrypt!cGIUVKMeIGw 20150325
ALYac Trojan.GenericKD.2231805 20150326
Antiy-AVL Trojan/Win32.VBKrypt 20150326
Avast Win32:Malware-gen 20150326
AVG Inject2.BTZZ 20150326
AVware Trojan.Win32.Generic!BT 20150326
Baidu-International Trojan.Win32.VBKrypt.vexu 20150326
BitDefender Trojan.GenericKD.2231805 20150326
Bkav W32.FanraJ.Trojan 20150326
ByteHero Virus.Win32.Heur.p 20150326
CAT-QuickHeal Trojan.VB.r3 20150326
Cyren W32/Trojan.LBTK-1090 20150326
DrWeb Trojan.Siggen6.32056 20150326
Emsisoft Trojan.GenericKD.2231805 (B) 20150326
ESET-NOD32 a variant of Win32/Injector.BWJF 20150326
F-Secure Trojan.GenericKD.2231805 20150326
Fortinet W32/BWJF.IGR!tr 20150326
GData Trojan.GenericKD.2231805 20150326
Ikarus Trojan.Win32.Injector 20150326
K7AntiVirus Trojan ( 004b84a81 ) 20150326
K7GW Trojan ( 004b84a81 ) 20150326
Kaspersky Trojan.Win32.VBKrypt.vexu 20150326
Malwarebytes Trojan.Agent.SOX 20150326
McAfee RDN/Generic.dx!dmz 20150326
McAfee-GW-Edition BehavesLike.Win32.AAEH.fh 20150326
Microsoft Trojan:Win32/Emotet.G 20150326
eScan Trojan.GenericKD.2231805 20150326
NANO-Antivirus Trojan.Win32.VBKrypt.dpgrjy 20150326
Norman MalCrypt.!genr 20150326
nProtect Trojan.GenericKD.2231805 20150326
Panda Trj/Injector.AV 20150326
Qihoo-360 Win32/Trojan.acf 20150326
Sophos AV Troj/VB-IGR 20150326
Symantec Trojan.Gen 20150326
Tencent Trojan.Win32.Qudamah.Gen.17 20150326
TotalDefense Win32/Tnega.HMBUbTD 20150326
TrendMicro TROJ_GEN.R047C0DCN15 20150326
TrendMicro-HouseCall TROJ_GEN.R047C0DCN15 20150326
VIPRE Trojan.Win32.Generic!BT 20150326
AegisLab 20150326
AhnLab-V3 20150326
Alibaba 20150326
Avira (no cloud) 20150326
ClamAV 20150326
CMC 20150325
Comodo 20150326
F-Prot 20150326
Jiangmin 20150325
Kingsoft 20150326
Rising 20150326
SUPERAntiSpyware 20150326
TheHacker 20150324
VBA32 20150326
ViRobot 20150326
Zillya 20150325
Zoner 20150326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
) is a nonprofit public ac

Publisher ension Fortress (Slso known as freeovider on the
Product ellider othe
Original name Sxod.exe
Internal name Sxod
File version 1.00.0017
Description mension known as freeshell.org) is a nonprofit pIX shell provider on the Internet. It has been in continual
Comments ension Fortress (SDF, also known as freeshell.org
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-17 08:44:01
Entry Point 0x00001630
Number of sections 3
PE sections
Overlays
MD5 bba4b0f169eeec4299a1e8d98552e64f
File type data
Offset 221184
Size 130181
Entropy 7.35
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaRedim
Ord(537)
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaAryCopy
__vbaFreeStr
Ord(631)
__vbaVarLateMemStAd
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaLenBstr
Ord(525)
__vbaResume
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarSetObjAddref
__vbaFreeVar
__vbaFileOpen
__vbaUI1I2
Ord(711)
_CIsqrt
EVENT_SINK_Release
__vbaVarTstEq
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
Ord(570)
__vbaErase
__vbaVarLateMemSt
__vbaVarAbs
__vbaStrVarCopy
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaVarTstNe
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
Ord(685)
Ord(712)
__vbaOnError
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
_adj_fdiv_m64
_CIsin
__vbaAryLock
_CIatan
__vbaLateMemCall
__vbaObjSet
__vbaVarCat
_CIexp
_CItan
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
ion FortressUNIX shell provider on the Internet. It has been in continual operation ...

SubsystemVersion
4.0

Comments
ension Fortress (SDF, also known as freeshell.org

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.17

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
mension known as freeshell.org) is a nonprofit pIX shell provider on the Internet. It has been in continual

CharacterSet
Unicode

InitializedDataSize
86016

EntryPoint
0x1630

OriginalFileName
Sxod.exe

MIMEType
application/octet-stream

LegalCopyright
) is a nonprofit public ac

FileVersion
1.00.0017

TimeStamp
2015:03:17 09:44:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sxod

ProductVersion
1.00.0017

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ension Fortress (Slso known as freeovider on the

CodeSize
135168

ProductName
ellider othe

ProductVersionNumber
1.0.0.17

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8e428d5e6cd133bba6aaae992d3ab682
SHA1 3739c744f33ab816587edae5bc440b5316174cbc
SHA256 9473d8b515d9a2e142476502568680cbd1dee25e3a351ffeaa3da569728f89cc
ssdeep
3072:P/jTEnYjTEne/jTEngN81/hYW6K3F9VnDCBID0o2Cw7SjTEne/jTEnYjTEne2l1E:NG9hYiQVzonJPMFZso73HuNRJ5j

authentihash b9d95e4b3d13d7f79c2d2157a6cc5b9a39201bb10d7afa19abcce052537b45ca
imphash 332f1daed1d236e175c0bd4ea4e603e1
File size 343.1 KB ( 351365 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-19 14:21:11 UTC ( 4 years, 2 months ago )
Last submission 2015-03-19 14:21:11 UTC ( 4 years, 2 months ago )
File names Sxod.exe
Sxod
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!