× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b14a282a26205d896ed3c8d50ab595521ec1a2345eb8c221bea462cadcbd381a
File name: d00748ea78ea27cd1b435d7d897dae5a
Detection ratio: 28 / 67
Analysis date: 2018-10-29 22:24:48 UTC ( 6 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Jaik.32199 20181029
Arcabit Trojan.Jaik.D7DC7 20181029
Avast Win32:Malware-gen 20181029
AVG Win32:Malware-gen 20181029
Avira (no cloud) TR/Dropper.Gen 20181029
BitDefender Gen:Variant.Jaik.32199 20181029
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cylance Unsafe 20181029
Cyren W32/Trojan.BJI.gen!Eldorado 20181029
Emsisoft Gen:Variant.Jaik.32199 (B) 20181029
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZRT 20181029
F-Prot W32/Trojan.BJI.gen!Eldorado 20181029
F-Secure Gen:Variant.Jaik.32199 20181029
GData Gen:Variant.Jaik.32199 20181029
K7AntiVirus EmailWorm ( 004c16271 ) 20181029
K7GW EmailWorm ( 004c16271 ) 20181029
Kaspersky UDS:DangerousObject.Multi.Generic 20181029
Malwarebytes Backdoor.Bot 20181029
MAX malware (ai score=84) 20181029
McAfee Artemis!D00748EA78EA 20181029
McAfee-GW-Edition BehavesLike.Win32.Trojan.tc 20181029
Microsoft Trojan:Win32/Fuerboos.C!cl 20181029
eScan Gen:Variant.Jaik.32199 20181029
Palo Alto Networks (Known Signatures) generic.ml 20181029
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181029
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181029
AegisLab 20181029
AhnLab-V3 20181029
Alibaba 20180921
ALYac 20181029
Antiy-AVL 20181029
Avast-Mobile 20181029
Babable 20180918
Baidu 20181029
Bkav 20181029
CAT-QuickHeal 20181028
ClamAV 20181029
CMC 20181029
Cybereason 20180225
DrWeb 20181029
eGambit 20181029
Fortinet 20181029
Ikarus 20181029
Sophos ML 20180717
Jiangmin 20181029
Kingsoft 20181029
NANO-Antivirus 20181029
Panda 20181029
Qihoo-360 20181029
Rising 20181029
Sophos AV 20181029
SUPERAntiSpyware 20181029
Symantec Mobile Insight 20181026
TACHYON 20181029
Tencent 20181029
TheHacker 20181025
TotalDefense 20181029
TrendMicro 20181029
TrendMicro-HouseCall 20181029
Trustlook 20181029
VBA32 20181029
ViRobot 20181029
Webroot 20181029
Yandex 20181026
Zillya 20181029
Zoner 20181029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Project1
Original name 1.exe
Internal name 1
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-05 15:41:39
Entry Point 0x00002D58
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(610)
Ord(518)
__vbaGenerateBoundsError
_allmul
Ord(616)
EVENT_SINK_Invoke
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaGetOwner3
__vbaRedim
__vbaRaiseEvent
_adj_fdiv_r
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaR8Str
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaLateIdCallSt
__vbaI4Var
__vbaLateIdCall
Ord(306)
Ord(608)
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaStrI2
__vbaStrR8
__vbaStrR4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(516)
__vbaLenBstr
Ord(594)
Ord(681)
Ord(576)
__vbaUI1Str
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Zombie_GetTypeInfoCount
__vbaUbound
__vbaFreeVar
__vbaFileOpen
_CIsin
Ord(711)
__vbaAryLock
EVENT_SINK_Release
__vbaStrMove
Ord(593)
Ord(667)
Ord(716)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaStrCmp
Ord(570)
__vbaAryUnlock
__vbaBoolVar
__vbaVarLateMemSt
__vbaFreeObjList
EVENT_SINK_GetIDsOfNames
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(578)
__vbaExitProc
Zombie_GetTypeInfo
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaLateIdSt
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
__vbaPutOwner3
Ord(685)
__vbaRedimPreserve
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
__vbaVarForInit
Ord(300)
__vbaStrCopy
Ord(632)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
Ord(561)
__vbaUI1I4
__vbaUI1I2
_CIsqrt
__vbaVarCopy
_CIatan
Ord(529)
__vbaPut4
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
_CItan
__vbaFpI4
__vbaFpI2
Number of PE resources by type
RT_ICON 3
LOL 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
622592

EntryPoint
0x2d58

OriginalFileName
1.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2018:10:05 08:41:39-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
1

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
786432

ProductName
Project1

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d00748ea78ea27cd1b435d7d897dae5a
SHA1 86ada520f609a33e22341413417f32681b8bbd37
SHA256 b14a282a26205d896ed3c8d50ab595521ec1a2345eb8c221bea462cadcbd381a
ssdeep
24576:S37RNtohpzzUar7nEqp0VJovZl43UJyLY4H2/Ou5kjzZ2w4PZx:S3fqTzzUarTpo+4xH2/v5KAw4PZx

authentihash 966b45a32b0953982b5e415cd88956598512d8be9a423aca72ba4ae318d96571
imphash 79c43578097e012126503343eae96d69
File size 1.3 MB ( 1413120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (68.2%)
Win64 Executable (generic) (22.9%)
Win32 Executable (generic) (3.7%)
OS/2 Executable (generic) (1.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-29 22:24:48 UTC ( 6 months, 4 weeks ago )
Last submission 2018-11-14 06:48:27 UTC ( 6 months, 1 week ago )
File names 1
1.exe
jagaja.exe
jagaja.exe
d00748ea78ea27cd1b435d7d897dae5a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.