× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a7fc32123daa3be36117b4d5b43b72c85429d9a6e362158b5706d230aaac5176
File name: 3b63667d0d829b570bccb9eec7a60784
Detection ratio: 32 / 43
Analysis date: 2010-12-21 20:22:01 UTC ( 8 years, 2 months ago )
Antivirus Result Update
AntiVir TR/VBKrypt.adwh 20101221
Antiy-AVL Trojan/Win32.VBKrypt.gen 20101221
Avast Win32:Trojan-gen 20101221
Avast5 Win32:Trojan-gen 20101221
AVG Generic20.ATIO 20101221
BitDefender Gen:Variant.Kazy.4527 20101221
CAT-QuickHeal Trojan.VBKrypt.adwh 20101221
Comodo Heur.Suspicious 20101221
Emsisoft Trojan.Win32.VBKrypt!IK 20101221
eSafe Win32.GenVariant.Kaz 20101221
F-Secure Gen:Variant.Kazy.4527 20101221
Fortinet W32/VBKrypt.ADWH!tr 20101221
GData Gen:Variant.Kazy.4527 20101221
Ikarus Trojan.Win32.VBKrypt 20101221
Jiangmin Trojan/VBKrypt.mvw 20101221
K7AntiVirus Trojan 20101221
Kaspersky Trojan.Win32.VBKrypt.adwh 20101221
McAfee Generic.dx!vfj 20101221
McAfee-GW-Edition Generic.dx!vfj 20101221
Microsoft VirTool:Win32/VBInject 20101221
NOD32 a variant of Win32/Injector.DXR 20101221
nProtect Gen:Variant.Kazy.4527 20101221
Panda Generic Trojan 20101221
PCTools Trojan.Gen 20101221
Prevx High Risk Cloaked Malware 20101221
Sophos AV Mal/Generic-L 20101221
Symantec Trojan.Gen 20101221
TheHacker Trojan/VBKrypt.adwh 20101221
TrendMicro TROJ_GEN.R47C3LF 20101221
TrendMicro-HouseCall TROJ_GEN.R47C3LF 20101221
VBA32 Trojan.VBKrypt.adwh 20101221
VIPRE Trojan.Win32.Generic!BT 20101221
AhnLab-V3 20101221
ClamAV 20101221
Command 20101221
DrWeb 20101221
eTrust-Vet 20101221
F-Prot 20101221
Norman 20101221
Rising 20101221
SUPERAntiSpyware 20101221
ViRobot 20101221
VirusBuster 20101221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Number of sections 3
PE sections
PE imports
__vbaStrI2
_CIcos
_adj_fptan
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaUI1I2
_CIsqrt
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaUbound
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
9 more function(s) imported by ordinal)
ExifTool file metadata
FileDescrip

UninitializedDataSize
0

ProductVer

Internal

InitializedDataSize
110592

ImageVersion
1.0

FileVersionNumber
6.1.33.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

Company

CharacterSet
Unicode

LinkerVersion
6.0

CodeSize
49152

MIMEType
application/octet-stream

TimeStamp
2010:12:10 08:40:56+01:00

FileType
Win32 EXE

PEType
PE32

Product

LegalCopyr

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileVers

FileSubtype
0

ProductVersionNumber
6.1.33.0

EntryPoint
0x1c48

ObjectFileType
Executable application

File identification
MD5 3b63667d0d829b570bccb9eec7a60784
SHA1 fdcd65a36ea912685392a59b9a6b827e6f7dabc2
SHA256 a7fc32123daa3be36117b4d5b43b72c85429d9a6e362158b5706d230aaac5176
ssdeep
3072:/Nlti5raoBFfnOUOKgYyUP/ljCd6TssGB2DM:/rti5r9O17Yttjk6Tb82I

File size 160.0 KB ( 163840 bytes )
File type Win32 EXE
Magic literal

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
VirusTotal metadata
First submission 2010-12-12 13:28:39 UTC ( 8 years, 2 months ago )
Last submission 2010-12-21 20:22:01 UTC ( 8 years, 2 months ago )
File names J_LqGY.gz
gN80HVLi6.tar.bz2
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!