× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b3dd06a077bf51bb577b041878a9d8d60a850f599c5cc9457600172abb4cd03
File name: 0d5d314ba5b226373b2bf48c93cdf142
Detection ratio: 27 / 51
Analysis date: 2014-04-04 22:48:06 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1626885 20140404
AhnLab-V3 Spyware/Win32.Zbot 20140404
Avast Win32:Agent-ATGG [Trj] 20140404
AVG PSW.Generic12.AIIO 20140404
Baidu-International Trojan.Win32.Zbot.ajL 20140404
BitDefender Trojan.GenericKD.1626885 20140404
Bkav HW32.CDB.B12b 20140404
ByteHero Virus.Win32.Heur.p 20140404
CMC Heur.Win32.Veebee.1!O 20140404
Emsisoft Trojan.GenericKD.1626885 (B) 20140404
ESET-NOD32 a variant of Win32/Injector.BAVU 20140404
F-Secure Trojan.GenericKD.1626885 20140404
GData Trojan.GenericKD.1626885 20140404
Ikarus Trojan-Spy.Win32.Zbot 20140404
Kaspersky Trojan-Spy.Win32.Zbot.rypp 20140404
Malwarebytes Trojan.Inject 20140404
McAfee RDN/Generic PWS.y!za 20140404
McAfee-GW-Edition RDN/Generic PWS.y!za 20140404
eScan Trojan.GenericKD.1626885 20140404
nProtect Trojan.GenericKD.1626885 20140404
Panda Trj/CI.A 20140404
Qihoo-360 Malware.QVM03.Gen 20140404
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140404
Sophos AV Mal/VB-ALO 20140404
Symantec Trojan.Zbot 20140404
TrendMicro TSPY_ZBOT.YUNJH 20140404
TrendMicro-HouseCall TSPY_ZBOT.YUNJH 20140404
AegisLab 20140404
Yandex 20140404
AntiVir 20140404
Antiy-AVL 20140404
CAT-QuickHeal 20140404
ClamAV 20140404
Commtouch 20140404
Comodo 20140404
DrWeb 20140404
F-Prot 20140404
Fortinet 20140404
Jiangmin 20140404
K7AntiVirus 20140404
K7GW 20140404
Kingsoft 20140404
Microsoft 20140404
NANO-Antivirus 20140404
Norman 20140404
SUPERAntiSpyware 20140404
TheHacker 20140404
TotalDefense 20140404
VBA32 20140404
VIPRE 20140404
ViRobot 20140404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Daphnite formicid postical 2005

Publisher VLC media player
Product reois
Original name Gaudeamu.exe
Internal name Gaudeamu
File version 1.65.0082
Description Carcinos unign
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-27 16:02:46
Entry Point 0x0000136C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(523)
Ord(546)
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
_CIsin
_adj_fdivr_m64
_adj_fprem
EVENT_SINK_AddRef
__vbaR4Var
__vbaLenBstr
_adj_fpatan
_adj_fdiv_m32i
Ord(594)
Ord(677)
__vbaCyAdd
__vbaStrCopy
__vbaR8Sgn
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
Ord(563)
Ord(589)
Ord(100)
__vbaFreeVar
__vbaFreeStr
__vbaObjSetAddref
_adj_fdiv_r
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
Ord(696)
_CIlog
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(610)
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
_CIexp
Ord(678)
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
_CItan
Ord(609)
__vbaFpI2
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
36864

ImageVersion
1.65

ProductName
reois

FileVersionNumber
1.65.0.82

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

FileDescription
Carcinos unign

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Gaudeamu.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.65.0082

TimeStamp
2014:03:27 17:02:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Gaudeamu

FileAccessDate
2014:04:04 23:47:03+01:00

ProductVersion
1.65.0082

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:04:04 23:47:03+01:00

FileOS
Win32

LegalCopyright
Daphnite formicid postical 2005

MachineType
Intel 386 or later, and compatibles

CompanyName
VLC media player

CodeSize
278528

FileSubtype
0

ProductVersionNumber
1.65.0.82

EntryPoint
0x136c

ObjectFileType
Executable application

File identification
MD5 0d5d314ba5b226373b2bf48c93cdf142
SHA1 48526861b77bcd0a0d63d73b73f90bac938093a0
SHA256 9b3dd06a077bf51bb577b041878a9d8d60a850f599c5cc9457600172abb4cd03
ssdeep
6144:FdKsbPHZGmVgwI0r5fVP+aBKhZRRxcb6TT+fuZA57ZV:FgC/IBwI09nBY/xcbjuG59V

imphash a52056b41e45754e82b11cc538159501
File size 301.3 KB ( 308553 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-04 22:48:06 UTC ( 4 years, 7 months ago )
Last submission 2014-04-04 22:48:06 UTC ( 4 years, 7 months ago )
File names Gaudeamu
Gaudeamu.exe
0d5d314ba5b226373b2bf48c93cdf142
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.