× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ae8b0582f87140028051538b197a16415054790e7d1b232e8038a31aa71448fa
File name: Neuraxit
Detection ratio: 44 / 54
Analysis date: 2015-10-26 18:44:10 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Yandex TrojanSpy.Zbot!H3xlonxMqGw 20151026
AhnLab-V3 Trojan/Win32.FakeAV 20151026
ALYac Gen:Variant.Graftor.101770 20151027
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151027
Arcabit Trojan.Graftor.D18D8A 20151027
Avast Win32:Zbot-SXI [Drp] 20151027
AVG Win32/VBCrypt 20151026
Avira (no cloud) TR/Spy.ZBot.rofo 20151027
AVware Trojan.Win32.Zbot.pj (v) 20151026
Baidu-International Trojan.Win32.Zbot.rofo 20151026
BitDefender Gen:Variant.Graftor.101770 20151027
Bkav HW32.Packed.8A9A 20151026
ByteHero Virus.Win32.Heur.p 20151027
CAT-QuickHeal VirTool.VBInject.LE3 20151026
Comodo TrojWare.Win32.Injector.AZVT 20151027
Cyren W32/Trojan.TSUV-9190 20151027
DrWeb Trojan.PWS.Panda.2401 20151027
Emsisoft Gen:Variant.Graftor.101770 (B) 20151027
ESET-NOD32 a variant of Win32/Injector.BCCG 20151026
F-Secure Gen:Variant.Graftor.101770 20151027
Fortinet W32/VB.ALO!tr 20151026
GData Gen:Variant.Graftor.101770 20151027
Ikarus Trojan.Signed 20151027
Jiangmin TrojanSpy.Zbot.hahd 20151026
K7AntiVirus Trojan ( 004ab3e91 ) 20151026
K7GW Trojan ( 004ab3e91 ) 20151026
Kaspersky Trojan-Spy.Win32.Zbot.rofo 20151027
Malwarebytes Spyware.PasswordStealer.VB 20151026
McAfee Generic-FAUS!98BCBFFF632C 20151027
McAfee-GW-Edition Generic-FAUS!98BCBFFF632C 20151027
Microsoft PWS:Win32/Zbot 20151026
eScan Gen:Variant.Graftor.101770 20151027
NANO-Antivirus Trojan.Win32.Zbot.ctrytr 20151026
Panda Generic Malware 20151026
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos Troj/Zbot-HUC 20151027
Symantec Trojan.Zbot!gen74 20151026
Tencent Trojan.Win32.YY.Gen.17 20151027
TotalDefense Win32/Zbot.DEOSNMD 20151026
TrendMicro TROJ_SPNR.35CD14 20151027
TrendMicro-HouseCall TROJ_SPNR.35CD14 20151027
VBA32 TrojanSpy.Zbot 20151026
VIPRE Trojan.Win32.Zbot.pj (v) 20151027
Zillya Trojan.Zbot.Win32.148693 20151026
AegisLab 20151026
Alibaba 20151026
ClamAV 20151027
CMC 20151026
F-Prot 20151027
nProtect 20151026
SUPERAntiSpyware 20151027
TheHacker 20151026
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Anhima intransc mR 2000

Publisher Dino Nuhagic (nuhi)
Product Cowpock montem's untillin textuali
Original name Neuraxit.exe
Internal name Neuraxit
File version 1.57.0062
Description Allergin winds
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-16 17:09:50
Entry Point 0x00001330
Number of sections 3
PE sections
Overlays
MD5 983d6c697b646b0b21714922bca379e2
File type data
Offset 294912
Size 32241
Entropy 7.74
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
__vbaLenVar
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(697)
EVENT_SINK_AddRef
Ord(546)
_adj_fpatan
_adj_fdiv_m32i
Ord(594)
__vbaDateVar
__vbaCyAdd
__vbaStrCopy
Ord(583)
__vbaR8Sgn
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_CIexp
__vbaStrVarMove
_adj_fdivr_m16i
Ord(563)
_adj_fdiv_r
Ord(100)
__vbaFreeObj
__vbaFreeVar
_adj_fdiv_m64
Ord(651)
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_CIcos
Ord(616)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(579)
Ord(541)
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(543)
_CItan
Ord(609)
__vbaI2I4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.57

FileSubtype
0

FileVersionNumber
1.57.0.62

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x1330

OriginalFileName
Neuraxit.exe

MIMEType
application/octet-stream

LegalCopyright
Anhima intransc mR 2000

FileVersion
1.57.0062

TimeStamp
2014:02:16 18:09:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Neuraxit

ProductVersion
1.57.0062

FileDescription
Allergin winds

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Dino Nuhagic (nuhi)

CodeSize
278528

ProductName
Cowpock montem's untillin textuali

ProductVersionNumber
1.57.0.62

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 98bcbfff632cb5e2024494a08712e864
SHA1 b3fc69da431600f87f01258bcfc7e93bf7fe3cdf
SHA256 ae8b0582f87140028051538b197a16415054790e7d1b232e8038a31aa71448fa
ssdeep
6144:hso0VaGWtbxcBcCd8RFXG5Zltuu6Istun/3MQeyJKxIR8d++kAjr1vth:hsJ2xzDRFmZW9u/FzrZAtv7

authentihash c8aad8b32f206090c286c180079f1b0eb054e2879244230155fa50b48aec775f
imphash 32d968f9174c7809ee9acd81e8ab086a
File size 319.5 KB ( 327153 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-02-19 08:14:20 UTC ( 3 years, 2 months ago )
Last submission 2014-04-04 21:16:32 UTC ( 3 years ago )
File names 204.exe
file-6765153_exe
9c0df48e53e10baa6664f0d182eed3befcabe8b4
nmoratti.exe
Neuraxit.exe
Neuraxit
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.