× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a330482ce98a5bd894257f19c4650e17d9ede78c1b0c29a27cf1201f794909a3
File name: Mache's
Detection ratio: 39 / 56
Analysis date: 2015-01-04 17:28:25 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.166883 20150104
Yandex Trojan.Buzus!jJ1UyeAu43Q 20150104
ALYac Gen:Variant.Graftor.166883 20150104
Antiy-AVL Trojan/Win32.Buzus 20150104
Avast Win32:Injector-CIQ [Trj] 20150104
AVG Luhe.Gen.C 20150104
Avira (no cloud) TR/Dropper.VB.25334 20150104
AVware Trojan.Win32.Generic!BT 20150104
Baidu-International Trojan.Win32.Buzus.arI 20150104
BitDefender Gen:Variant.Graftor.166883 20150104
CAT-QuickHeal VirTool.VBInject.LE3 20150102
CMC Heur.Win32.Veebee.1!O 20150104
Comodo UnclassifiedMalware 20150104
Cyren W32/Trojan.DFRJ-4699 20150104
DrWeb Trojan.PWS.Panda.655 20150104
Emsisoft Gen:Variant.Graftor.166883 (B) 20150104
ESET-NOD32 a variant of Win32/Injector.BRDU 20150104
F-Secure Gen:Variant.Graftor.166883 20150104
Fortinet W32/Injector.BQPX!tr 20150104
GData Gen:Variant.Graftor.166883 20150104
Ikarus Trojan-PWS.Win32.Zbot 20150104
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20150102
K7GW Unwanted-Program ( 004a8e8a1 ) 20150102
Kaspersky Trojan.Win32.Buzus.xbna 20150104
Malwarebytes Trojan.Agent 20150104
McAfee Generic-FAVL!B6D62269A739 20150104
McAfee-GW-Edition BehavesLike.Win32.Downloader.dh 20150104
Microsoft Trojan:Win32/Dynamer!ac 20150104
eScan Gen:Variant.Graftor.166883 20150104
NANO-Antivirus Trojan.Win32.Buzus.dkmbfx 20150104
Norman Troj_Generic.XPNUD 20150104
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150104
Rising PE:Trojan.Win32.Generic.17D96EEC!400125676 20141231
Sophos Mal/Generic-S 20150104
Symantec Trojan.Zbot 20150104
Tencent Win32.Trojan.Inject.Auto 20150104
TrendMicro-HouseCall TROJ_GEN.R047B01LD14 20150104
VBA32 Trojan.Buzus 20150102
VIPRE Trojan.Win32.Generic!BT 20150104
AegisLab 20150104
AhnLab-V3 20150104
Bkav 20141230
ByteHero 20150104
ClamAV 20150104
F-Prot 20150104
Jiangmin 20150103
Kingsoft 20150104
nProtect 20150102
Panda 20150104
SUPERAntiSpyware 20150103
TheHacker 20150103
TotalDefense 20150104
TrendMicro 20150104
ViRobot 20150104
Zillya 20150103
Zoner 20141228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher PetaBit Exlimites
Product Unauthen
Original name Mache's.exe
Internal name Mache's
File version 1.02.0009
Description Chachala subel
Comments TurtleShield 2011
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-09 08:55:18
Entry Point 0x00001450
Number of sections 3
PE sections
PE imports
__vbaWriteFile
_adj_fdiv_m32
Ord(617)
EVENT_SINK_Release
__vbaEnd
__vbaRedim
Ord(648)
__vbaVarDup
EVENT_SINK_AddRef
__vbaStrMove
_adj_fdivr_m64
Ord(534)
_adj_fprem
Ord(584)
Ord(546)
Ord(709)
_adj_fpatan
__vbaFreeObjList
Ord(650)
Ord(707)
Ord(677)
Ord(714)
_adj_fdiv_m32i
__vbaStrCopy
Ord(702)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaAryUnlock
__vbaUbound
Ord(589)
Ord(571)
__vbaDerefAry1
__vbaUI1I2
Ord(704)
__vbaFreeVar
Ord(100)
__vbaChkstk
__vbaObjSetAddref
_adj_fdiv_r
_CItan
__vbaDateVar
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
__vbaR8Str
_CIlog
__vbaVarIdiv
__vbaAryLock
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
__vbaFileClose
__vbaR8Var
__vbaObjSet
__vbaI4Var
__vbaFpI4
_allmul
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
__vbaFileOpen
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
Ord(685)
Ord(540)
_adj_fprem1
_adj_fdivr_m32
Ord(543)
__vbaFreeStrList
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ITALIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
TurtleShield 2011

InitializedDataSize
12288

ImageVersion
1.2

ProductName
Unauthen

FileVersionNumber
1.2.0.9

UninitializedDataSize
0

LanguageCode
Italian

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Mache's.exe

MIMEType
application/octet-stream

FileVersion
1.02.0009

TimeStamp
2014:12:09 09:55:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Mache's

FileAccessDate
2015:01:04 18:28:35+01:00

ProductVersion
1.02.0009

FileDescription
Chachala subel

OSVersion
4.0

FileCreateDate
2015:01:04 18:28:35+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PetaBit Exlimites

CodeSize
237568

FileSubtype
0

ProductVersionNumber
1.2.0.9

EntryPoint
0x1450

ObjectFileType
Executable application

File identification
MD5 b6d62269a739b2665e223101aeb9f00b
SHA1 e2f304b8e7b02e31f9db5163b2b1752c6b8abd35
SHA256 a330482ce98a5bd894257f19c4650e17d9ede78c1b0c29a27cf1201f794909a3
ssdeep
3072:MkHY1cbgsI98GMkTo2004Atq2GDBnQ+UlOYs8GYzVh3QFfjFyrFRx8gpbT:MkkLsI98NHxsuBQ+U281Vh3QFULmgpH

authentihash 4e784cf89b4de0ea7401147737ea55aac06946c6cb64acc042215a5d79210392
imphash 9f93356ed21719024a8a73b87dcc076e
File size 244.5 KB ( 250368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-13 09:26:37 UTC ( 2 years, 4 months ago )
Last submission 2014-12-13 23:51:20 UTC ( 2 years, 4 months ago )
File names Mache's.exe
Mache's
malware (24).exe
33.exe
a330482ce98a5bd894257f19c4650e17d9ede78c1b0c29a27cf1201f794909a3.exe
33.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.