× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 966c3b0ad095f0ded416fb8b3c535a95a386a1165b7bda0c62a3625dbe606907
File name: ad6906db4b54b6f961c9f2a85cd80b238c0a03fc
Detection ratio: 36 / 52
Analysis date: 2014-05-21 20:43:32 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.91647 20140521
AhnLab-V3 Spyware/Win32.Zbot 20140521
AntiVir TR/VB.Inject.qopannx 20140521
Antiy-AVL Trojan/Win32.Buzus 20140521
Avast Win32:Trojan-gen 20140521
AVG Inject2.AFWL 20140521
Baidu-International Trojan.Win32.Buzus.Ap 20140521
BitDefender Gen:Variant.Zusy.91647 20140521
Bkav HW32.CDB.9c93 20140521
ClamAV BC.Heuristic.Trojan.SusPacked.BF-6.B 20140521
CMC Heur.Win32.VBKrypt.3!O 20140521
DrWeb Trojan.PWS.Panda.7278 20140521
Emsisoft Gen:Variant.Zusy.91647 (B) 20140521
ESET-NOD32 a variant of Win32/Injector.BDNW 20140521
F-Secure Gen:Variant.Zusy.91647 20140521
Fortinet W32/Buzus.BDNW!tr 20140521
GData Gen:Variant.Zusy.91647 20140521
K7AntiVirus Trojan ( 0049a12d1 ) 20140521
K7GW Trojan ( 0049a12d1 ) 20140521
Kingsoft Win32.Troj.Buzus.on.(kcloud) 20140521
Malwarebytes Spyware.Password 20140521
McAfee RDN/Generic PWS.y!zp 20140521
McAfee-GW-Edition RDN/Generic PWS.y!zp 20140521
Microsoft PWS:Win32/Zbot 20140521
eScan Gen:Variant.Zusy.91647 20140521
Norman Troj_Generic.TZHSO 20140521
Panda Trj/CI.A 20140521
Qihoo-360 HEUR/Malware.QVM03.Gen 20140521
Rising PE:Malware.FakePDF@CV!1.6AB2 20140521
Sophos AV Mal/Generic-S 20140521
SUPERAntiSpyware Trojan.Agent/Gen-Dynamer 20140521
Symantec WS.Reputation.1 20140521
Tencent Win32.Trojan.Buzus.Sxen 20140521
TrendMicro-HouseCall TROJ_GEN.R047B01EJ14 20140521
VBA32 Trojan.Buzus 20140521
VIPRE Trojan.Win32.Generic.pak!cobra 20140521
AegisLab 20140521
Yandex 20140521
ByteHero 20140521
CAT-QuickHeal 20140521
Commtouch 20140521
Comodo 20140520
F-Prot 20140521
Ikarus 20140521
Jiangmin 20140521
NANO-Antivirus 20140521
nProtect 20140521
TheHacker 20140520
TotalDefense 20140521
TrendMicro 20140521
ViRobot 20140521
Zillya 20140521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-09 14:26:08
Entry Point 0x00001134
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(518)
Ord(648)
Ord(685)
Ord(558)
Ord(617)
EVENT_SINK_AddRef
Ord(717)
Ord(600)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(578)
__vbaCopyBytes
Ord(589)
Ord(608)
Ord(561)
Ord(520)
Ord(100)
Ord(526)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(666)
Ord(644)
Ord(588)
Ord(619)
Ord(698)
Number of PE resources by type
RT_ICON 2
Struct(28) 1
RT_HTML 1
Struct(26) 1
Struct(27) 1
RT_GROUP_ICON 1
Number of PE resources by language
VENDA DEFAULT 4
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:09 15:26:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
8.0

FileAccessDate
2014:05:21 21:47:11+01:00

Warning
Error processing PE data dictionary

EntryPoint
0x1134

InitializedDataSize
241664

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:05:21 21:47:11+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 5e317627d95e270420ba40e141fdc09a
SHA1 b725628e01e3bf77346b701f84b2b355bc6f673d
SHA256 966c3b0ad095f0ded416fb8b3c535a95a386a1165b7bda0c62a3625dbe606907
ssdeep
6144:5+A5T66FB7aIUI4fyB6szCXz4lk1ZIR7KySE76cseRL:n5T66b7aIifyRCXclk1ZgKEGcseRL

imphash b39a89a7f472bf88c1e48317fb1cd97b
File size 315.9 KB ( 323528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-19 19:03:00 UTC ( 4 years, 5 months ago )
Last submission 2014-05-21 20:43:32 UTC ( 4 years, 5 months ago )
File names ad6906db4b54b6f961c9f2a85cd80b238c0a03fc
ainquiry.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Shell commands
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications