× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 970d7591804f2360fa5bc5700aa881a1650c205866cdc3861f19e5e5d63fedff
File name: dro.exe
Detection ratio: 3 / 57
Analysis date: 2015-04-08 03:10:56 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/MDA.B52502 20150407
ESET-NOD32 a variant of Win32/Injector.BXUR 20150408
Kaspersky UDS:DangerousObject.Multi.Generic 20150408
Ad-Aware 20150408
AegisLab 20150408
Yandex 20150407
Alibaba 20150407
ALYac 20150408
Antiy-AVL 20150407
Avast 20150408
AVG 20150408
Avira (no cloud) 20150408
AVware 20150408
Baidu-International 20150407
BitDefender 20150408
Bkav 20150407
ByteHero 20150408
CAT-QuickHeal 20150408
ClamAV 20150408
CMC 20150407
Comodo 20150408
Cyren 20150408
DrWeb 20150408
Emsisoft 20150407
F-Prot 20150408
F-Secure 20150408
Fortinet 20150408
GData 20150408
Ikarus 20150408
Jiangmin 20150406
K7AntiVirus 20150407
K7GW 20150407
Kingsoft 20150408
Malwarebytes 20150408
McAfee 20150408
McAfee-GW-Edition 20150408
Microsoft 20150408
eScan 20150408
NANO-Antivirus 20150408
Norman 20150407
nProtect 20150407
Panda 20150407
Qihoo-360 20150408
Rising 20150406
Sophos AV 20150408
SUPERAntiSpyware 20150408
Symantec 20150408
Tencent 20150408
TheHacker 20150408
TotalDefense 20150407
TrendMicro 20150408
TrendMicro-HouseCall 20150408
VBA32 20150407
VIPRE 20150408
ViRobot 20150408
Zillya 20150407
Zoner 20150407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Homosassa
Original name Unenacted.exe
Internal name Unenacted
File version 1.00
Description Cocq4
Comments Hieronymic
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-08 01:27:30
Entry Point 0x000011D8
Number of sections 3
PE sections
PE imports
[+] MSVBVM60.DLL
_adj_fdiv_m32
__vbaChkstk
_CIcos
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(712)
__vbaR4Var
Ord(678)
_adj_fpatan
EVENT_SINK_AddRef
Ord(714)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaObjSetAddref
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(606)
EVENT_SINK_Release
_adj_fptan
_CItan
_CIatan
__vbaNew2
_adj_fdivr_m32i
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaVarDup
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Hieronymic

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x11d8

OriginalFileName
Unenacted.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2015:04:08 02:27:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Unenacted

SubsystemVersion
4.0

ProductVersion
1.0

FileDescription
Cocq4

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Gymnanthes

CodeSize
86016

ProductName
Homosassa

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 49fb95bc7ea9e8e17b5453d1f5699544
SHA1 18544efcc372cf2bfa82a1f8403108c6d1720039
SHA256 970d7591804f2360fa5bc5700aa881a1650c205866cdc3861f19e5e5d63fedff
ssdeep
1536:tNZshtnlOGGGFsPb2Y9uAYRcbarTWQ6ZehQLIbIyUF1VNyLhunNt:tN+hhFfY0ANaiLIbIyU/yFuN

authentihash 714e2157e9a2f062caea67769a66763e59a7006ec390e31a47e93e6e29a5d413
imphash 466a9da2cf1abb5b9ee14b52f7146f90
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-08 03:10:56 UTC ( 3 years, 6 months ago )
Last submission 2016-03-19 15:13:44 UTC ( 2 years, 7 months ago )
File names Unenacted.exe
mswjcde.exe
Unenacted
dro.exe
970D7591804F2360FA5BC5700AA881A1650C205866CDC3861F19E5E5D63FEDFF.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy