× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bbe4ef632f3a8043b8adac6bb03b8a8b4ba6842154a018075644c16265a19176
File name: 4adeff84dde436360c3e45b9806b8dc1f8155816-23a61e44dfadf5dcc931b325...
Detection ratio: 48 / 56
Analysis date: 2015-08-25 19:29:04 UTC ( 1 week, 1 day ago )
Antivirus Result Update
AVG Generic_r.PK 20150825
AVware Trojan.Win32.Generic!BT 20150825
Ad-Aware Gen:Trojan.Heur.VP2.cmW@auaHEvgO 20150825
Agnitum Trojan.VBKrypt!S8SdR6w9dOI 20150822
AhnLab-V3 Win-Trojan/Vbcrypt.43008 20150825
Antiy-AVL Trojan/Win32.VBKrypt 20150825
Arcabit Trojan.Heur.VP2.ECA3E5 20150825
Avast Win32:VB-PRD [Wrm] 20150825
Avira TR/Dropper.Gen 20150825
Baidu-International Adware.Win32.Agent.Elnx 20150825
BitDefender Gen:Trojan.Heur.VP2.cmW@auaHEvgO 20150825
CAT-QuickHeal Trojan.VB.rw3 20150825
ClamAV Trojan.Agent-165630 20150825
Comodo TrojWare.Win32.VB.~kwb 20150825
Cyren W32/AgentP.IZU 20150825
DrWeb Trojan.Oficla.38 20150825
ESET-NOD32 Win32/Oficla.GN 20150825
Emsisoft Gen:Trojan.Heur.VP2.cmW@auaHEvgO (B) 20150825
F-Prot W32/Trojan3.BWA 20150825
F-Secure Gen:Trojan.Heur.VP2.cmW@auaHEvgO 20150825
Fortinet W32/VBInjector.AGB!tr 20150825
GData Gen:Trojan.Heur.VP2.cmW@auaHEvgO 20150825
Ikarus Trojan.Win32.Jorik 20150825
Jiangmin Trojan/VBKrypt.jgvj 20150823
K7AntiVirus Backdoor ( 04c4e5231 ) 20150825
K7GW Backdoor ( 04c4e5231 ) 20150825
Kaspersky Trojan.Win32.VBKrypt.dig 20150825
Kingsoft Win32.Troj.VBKrypt.(kcloud) 20150825
Malwarebytes Worm.KoobFace 20150825
McAfee Bredolab.gen.c 20150825
McAfee-GW-Edition BehavesLike.Win32.Downloader.ph 20150825
MicroWorld-eScan Gen:Trojan.Heur.VP2.cmW@auaHEvgO 20150825
Microsoft TrojanDropper:Win32/Oficla.G 20150825
NANO-Antivirus Trojan.Win32.VBKrypt.bjskgs 20150825
Panda Trj/Genetic.gen 20150825
Qihoo-360 Malware.Radar01.Gen 20150825
Rising PE:Trojan.Win32.Generic.123065E5!305161701[F1] 20150824
Sophos Troj/Agent-NYX 20150825
Symantec Trojan.Usuge!gen3 20150824
Tencent Win32.Trojan.Vbkrypt.Hqvm 20150825
TheHacker Trojan/VBKrypt.dig 20150824
TrendMicro TROJ_FAKEAV.SMZQ 20150825
TrendMicro-HouseCall TROJ_FAKEAV.SMZQ 20150825
VBA32 SScope.Trojan.VB.0602 20150825
VIPRE Trojan.Win32.Generic!BT 20150825
ViRobot Trojan.Win32.VBKrypt.43008[h] 20150825
Zillya Trojan.VBKrypt.Win32.3638 20150825
nProtect Trojan/W32.Small.43008.AO 20150825
ALYac 20150825
AegisLab 20150825
Alibaba 20150825
Bkav 20150825
ByteHero 20150825
CMC 20150825
SUPERAntiSpyware 20150825
Zoner 20150825
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-07-16 08:53:51
Link date 9:53 AM 7/16/2010
Entry Point 0x00001144
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(518)
Ord(697)
Ord(607)
EVENT_SINK_AddRef
Ord(717)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(522)
Ord(520)
Ord(100)
Ord(526)
Ord(696)
ProcCallEngine
Ord(524)
EVENT_SINK_Release
Ord(617)
Ord(528)
Ord(644)
Ord(631)
Ord(619)
LoadResource
LockResource
FreeLibrary
ExitProcess
GetProcAddress
LoadLibraryA
CallWindowProcA
Number of PE resources by type
Struct(15) 11
RT_ICON 6
12 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 7
ARABIC NEUTRAL 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:07:16 09:53:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
14848

LinkerVersion
7.1

EntryPoint
0x1144

InitializedDataSize
27136

SubsystemVersion
4.0

ImageVersion
2.2

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 23a61e44dfadf5dcc931b325ff1939ec
SHA1 4adeff84dde436360c3e45b9806b8dc1f8155816
SHA256 bbe4ef632f3a8043b8adac6bb03b8a8b4ba6842154a018075644c16265a19176
ssdeep
768:gXbxeb/brqBqBuOU8rgWFTdBRQdvnKXfjwyd:E8BuOBrjFBBWfMEyd

authentihash f781eb49a3f56b3bc8e4f99391c462c780d852658fddd2809b98728f6d5c5100
imphash f8281bf34d5c8c2cb24da96042414545
File size 42.0 KB ( 43008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-07-16 11:51:45 UTC ( 5 years, 1 month ago )
Last submission 2015-08-25 19:29:04 UTC ( 1 week, 1 day ago )
File names 4adeff84dde436360c3e45b9806b8dc1f8155816-23a61e44dfadf5dcc931b325ff1939ec.01.exe7379.vir
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!