× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b5e8589e92fc001674046f50da35a9f5b8b45ed040366f40e99277f5844f1224
File name: vt-upload-B7j6b
Detection ratio: 20 / 54
Analysis date: 2014-07-15 10:01:34 UTC ( 4 years, 5 months ago )
Antivirus Result Update
AntiVir TR/Dropper.VB.15401 20140715
Antiy-AVL Trojan/Win32.Fsysna 20140715
Avast Win32:Malware-gen 20140715
AVG SHeur4.BYDY 20140715
Bkav HW32.CDB.148d 20140714
ByteHero Virus.Win32.Heur.p 20140715
Commtouch W32/Trojan.WOZT-5129 20140715
ESET-NOD32 Win32/Spy.Zbot.AAO 20140715
Fortinet W32/Fsysna.AAO!tr 20140715
K7AntiVirus Trojan ( 0049d2621 ) 20140714
K7GW Trojan ( 0049d2621 ) 20140714
Kaspersky Trojan.Win32.Fsysna.ahtq 20140715
Kingsoft Win32.Troj.Fsysna.ah.(kcloud) 20140715
McAfee RDN/Spybot.bfr!n 20140715
McAfee-GW-Edition BehavesLike.Win32.Autorun.fc 20140715
Qihoo-360 HEUR/Malware.QVM03.Gen 20140715
Sophos AV Mal/Generic-S 20140715
Symantec WS.Reputation.1 20140715
Tencent Win32.Trojan.Fsysna.Hprk 20140715
VIPRE Trojan.Win32.Generic!BT 20140715
Ad-Aware 20140715
AegisLab 20140715
Yandex 20140714
AhnLab-V3 20140715
Baidu-International 20140715
BitDefender 20140715
CAT-QuickHeal 20140715
ClamAV 20140714
CMC 20140714
Comodo 20140715
DrWeb 20140715
Emsisoft 20140715
F-Prot 20140715
F-Secure 20140715
GData 20140715
Ikarus 20140715
Jiangmin 20140715
Malwarebytes 20140715
Microsoft 20140715
eScan 20140715
NANO-Antivirus 20140715
Norman 20140715
nProtect 20140714
Panda 20140714
Rising 20140715
SUPERAntiSpyware 20140715
TheHacker 20140714
TotalDefense 20140715
TrendMicro 20140715
TrendMicro-HouseCall 20140715
VBA32 20140715
ViRobot 20140715
Zillya 20140714
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-10 22:11:42
Entry Point 0x000010F4
Number of sections 3
PE sections
PE imports
GetProcAddress
EVENT_SINK_QueryInterface
Ord(616)
Ord(717)
Ord(716)
__vbaExceptHandler
Ord(535)
Ord(608)
Ord(516)
DllFunctionCall
Ord(644)
Ord(631)
ProcCallEngine
Ord(100)
EVENT_SINK_Release
Ord(586)
EVENT_SINK_AddRef
Ord(598)
Ord(592)
SHGetFileInfoA
SetLayeredWindowAttributes
VerQueryValueA
Number of PE resources by type
RT_ICON 5
Struct(771) 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:07:10 23:11:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
6.0

FileAccessDate
2014:07:15 10:58:48+01:00

Warning
Invalid Version Info block

EntryPoint
0x10f4

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
8.4

OSVersion
4.0

FileCreateDate
2014:07:15 10:58:48+01:00

UninitializedDataSize
0

File identification
MD5 930838420e16d5f6cccc5b19eec0cfb1
SHA1 1c507880a1adc74c59eb953cb41671a5c7d0744c
SHA256 b5e8589e92fc001674046f50da35a9f5b8b45ed040366f40e99277f5844f1224
ssdeep
6144:qtK5FLyX8Sk3qhV21wp6LNh0ijEIKY12+ASnF6yf5:1fu8/3qhIqp6LhjEHJmFLR

imphash dc0393033b7fb1bd96f129e8f1bc7b24
File size 329.5 KB ( 337445 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-15 10:01:34 UTC ( 4 years, 5 months ago )
Last submission 2014-07-15 10:01:34 UTC ( 4 years, 5 months ago )
File names vt-upload-B7j6b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.