× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bdfde6c2b6e25759dd1ea25a7d23905b6c55bc16c4ade9ce0658c4b66c440bcc
File name: ypaf.exe
Detection ratio: 10 / 46
Analysis date: 2013-01-23 04:45:36 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Avast Win32:Malware-gen 20130123
ByteHero Virus.Win32.Heur.p 20130122
DrWeb Trojan.PWS.Panda.3035 20130123
Fortinet W32/Zbot.OAA!tr 20130123
GData Win32:Malware-gen 20130123
Kaspersky Trojan-Spy.Win32.Zbot.ijzk 20130123
Kingsoft Win32.Troj.Zbot.ij.(kcloud) 20130121
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20130123
Microsoft PWS:Win32/Zbot 20130123
VIPRE Trojan.Win32.Generic.pak!cobra 20130123
Yandex 20130122
AhnLab-V3 20130122
AntiVir 20130123
Antiy-AVL 20130122
AVG 20130123
BitDefender 20130123
CAT-QuickHeal 20130122
ClamAV 20130123
Commtouch 20130123
Comodo 20130123
Emsisoft 20130122
eSafe 20130120
ESET-NOD32 20130122
F-Prot 20130122
F-Secure 20130123
Ikarus 20130123
Jiangmin 20121221
K7AntiVirus 20130122
Malwarebytes 20130123
McAfee 20130123
eScan 20130123
NANO-Antivirus 20130123
Norman 20130122
nProtect 20130122
Panda 20130122
PCTools 20130121
Rising 20130123
Sophos AV 20130123
SUPERAntiSpyware 20130123
Symantec 20130123
TheHacker 20130122
TotalDefense 20130122
TrendMicro 20130123
TrendMicro-HouseCall 20130123
VBA32 20130121
ViRobot 20130123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-20 19:18:50
Entry Point 0x000012F8
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaFpUI1
__vbaCyI2
_CIcos
EVENT_SINK_QueryInterface
__vbaI4Cy
Ord(713)
_adj_fdivr_m64
__vbaErase
_adj_fprem
__vbaAryMove
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
__vbaVarVargNofree
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaRefVarAry
_adj_fdivr_m16i
__vbaUbound
EVENT_SINK_Release
Ord(581)
_adj_fdiv_r
Ord(100)
__vbaAryLock
_CItan
__vbaFreeVar
__vbaObjSetAddref
__vbaFixstrConstruct
__vbaAryConstruct2
__vbaInStr
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_allmul
__vbaStrVarVal
__vbaLsetFixstr
Ord(595)
_adj_fptan
__vbaVarDup
Ord(628)
__vbaAryUnlock
__vbaVar2Vec
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 8
RESB 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
ExifTool file metadata
UninitializedDataSize
0

Comments
I m in computer class now

InitializedDataSize
278528

ImageVersion
1.1

ProductName
Unread 0

FileVersionNumber
1.1.0.407

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.01.0407

TimeStamp
2013:01:20 20:18:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
a

ProductVersion
1.01.0407

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
a.exe

LegalCopyright
Can anyone test

MachineType
Intel 386 or later, and compatibles

CompanyName
you have a pm

CodeSize
45056

FileSubtype
0

ProductVersionNumber
1.1.0.407

EntryPoint
0x12f8

ObjectFileType
Executable application

File identification
MD5 dc3f94ae190fd6db5f4a675097352768
SHA1 a3c0fbd1f8e7d8f8915ba932f1b8ba77893bf868
SHA256 bdfde6c2b6e25759dd1ea25a7d23905b6c55bc16c4ade9ce0658c4b66c440bcc
ssdeep
6144:iU+GqlVb8kAVRg7YIN0DzsQR1SN+cO1AI9oRomFCU+GqV:ylVblAVR8NxQRAN+c+AI9LV

File size 317.0 KB ( 324608 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-01-23 04:45:36 UTC ( 4 years, 10 months ago )
Last submission 2013-01-23 04:45:36 UTC ( 4 years, 10 months ago )
File names ypaf.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!