× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d95b8490be0a37d7b90cdeebc6cd0fb922c85846adf4a56c55b8ffdbe2d6429
File name: 0B133E9DAFBBB21A6E8FFFD96D4A6B24.bin
Detection ratio: 38 / 42
Analysis date: 2012-08-07 05:56:13 UTC ( 6 years, 6 months ago )
Antivirus Result Update
AhnLab-V3 Win32/Vbna4.worm.Gen 20120805
AntiVir Worm/VBNA.jdy 20120806
Avast Win32:VB-NKZ [Wrm] 20120806
AVG Worm/VB.7.E 20120806
BitDefender Trojan.VB.Chinky.K 20120806
CAT-QuickHeal Trojan.Vobfus.gen 20120806
ClamAV Trojan.Dropper-31262 20120806
Commtouch W32/VB.X.gen!Eldorado 20120806
Comodo Worm.Win32.VBNA.jdy0 20120806
DrWeb Trojan.MulDrop.39230 20120806
Emsisoft Worm.Win32.Vobfus!IK 20120806
ESET-NOD32 Win32/AutoRun.VB.GJ 20120806
F-Prot W32/VB.X.gen!Eldorado 20120806
F-Secure Worm:W32/Vinkus.gen!A 20120806
Fortinet W32/VBNA.D!tr 20120806
GData Trojan.VB.Chinky.K 20120806
Ikarus Worm.Win32.Vobfus 20120806
Jiangmin Worm/VBNA.nxn 20120806
K7AntiVirus EmailWorm 20120805
Kaspersky Trojan.Win32.VB.bbhv 20120806
McAfee VBObfus 20120806
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.I 20120806
Microsoft Worm:Win32/Vobfus.F 20120806
Norman W32/VBNA.A 20120805
nProtect Trojan/W32.Agent.61440.QI 20120806
Panda W32/Vobfus.BA 20120806
PCTools Malware.Changeup 20120806
Rising Trojan.Win32.VBCode.cez 20120806
Sophos AV W32/SillyFDC-DV 20120806
SUPERAntiSpyware Trojan.Agent/Gen-Frauder[Packed] 20120805
Symantec W32.Changeup 20120806
TheHacker Trojan/Vobfus.gen 20120805
TotalDefense Win32/Vobfus!generic 20120806
TrendMicro WORM_VBNA.SMB 20120806
TrendMicro-HouseCall WORM_VBNA.SMB 20120806
VBA32 SScope.Trojan.VB.Svchorse.026 20120803
VIPRE Worm.Win32.VBNA.jdx (v) 20120806
VirusBuster Worm.VBNA.Gen 20120805
Antiy-AVL 20120804
ByteHero 20120801
eSafe 20120805
ViRobot 20120806
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-10-13 10:34:50
Entry Point 0x00001184
Number of sections 3
PE sections
PE imports
MethCallEngine, -, -, -, -, -, -, -, -, -, -, EVENT_SINK_AddRef, -, -, -, DllFunctionCall, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, -, -, ProcCallEngine, -, -, -, -, -, -, -, -, -, -, -
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileVersionNumber
1.1.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
4096

MIMEType
application/octet-stream

TimeStamp
2009:10:13 12:34:50+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName

CodeSize
53248

FileSubtype
0

ProductVersionNumber
1.1.0.0

EntryPoint
0x1184

ObjectFileType
Unknown

File identification
MD5 0b133e9dafbbb21a6e8fffd96d4a6b24
SHA1 f1e8e930728b401a01ad33abfb822a6c518c7615
SHA256 9d95b8490be0a37d7b90cdeebc6cd0fb922c85846adf4a56c55b8ffdbe2d6429
ssdeep
768:fXyx1BU8KanPXmV2D2n/z/D0lbdfs3OfKDHGqHg6WBc:fXi0aE2a/Dxg6WBc

File size 60.0 KB ( 61440 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-07 05:54:02 UTC ( 6 years, 6 months ago )
Last submission 2012-08-07 05:56:13 UTC ( 6 years, 6 months ago )
File names 0B133E9DAFBBB21A6E8FFFD96D4A6B24.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
DNS requests
UDP communications