× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf54494a09597ea5f873e1617cdfb6dfd32f4704c91cdd23f8d0c7a2de30e173
File name: 433824779.scr-8U4Mgz
Detection ratio: 43 / 49
Analysis date: 2013-12-19 17:13:19 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Ad-Aware Worm.Generic.279735 20131211
Yandex Trojan.VBKrypt!FJKPYvkTfKw 20131217
AhnLab-V3 Win-Trojan/Vbkrypt.151552.D 20131219
AntiVir TR/Dropper.Gen 20131219
Avast Win32:AutoRun-BPN [Wrm] 20131219
AVG Dropper.Generic2.BCTV 20131219
Baidu-International Trojan.Win32.VBKrypt.Al 20131213
BitDefender Worm.Generic.279735 20131211
Bkav W32.Clod559.Trojan.5be2 20131219
CAT-QuickHeal (Suspicious) - DNAScan 20131218
Commtouch W32/VBInject.AN.gen!Eldorado 20131219
Comodo TrojWare.Win32.Jorik.~dy11 20131219
DrWeb Trojan.MulDrop1.48360 20131219
Emsisoft Worm.Generic.279735 (B) 20131219
ESET-NOD32 Win32/Boberog.AQ 20131219
F-Prot <W32/VBInject.AN.gen!Eldorado 20131219
F-Secure Worm.Generic.279735 20131219
Fortinet W32/Refroso.AGEA!tr 20131219
GData Worm.Generic.279735 20131219
Ikarus Trojan.Win32.VBKrypt 20131219
Jiangmin Trojan/VBKrypt.ijsr 20131219
K7AntiVirus Riskware ( f2521e250 ) 20131219
K7GW Backdoor ( 04c4ee5c1 ) 20131219
Kaspersky Trojan.Win32.VBKrypt.jvg 20131219
Kingsoft Win32.Troj.VBKrypt.(kcloud) 20130829
McAfee Generic.dx!02664A09EDF0 20131219
McAfee-GW-Edition Generic.dx!02664A09EDF0 20131219
Microsoft Worm:Win32/Pushbot.gen!C 20131219
eScan Worm.Generic.279735 20131219
NANO-Antivirus Trojan.Win32.MulDrop1.bjjjf 20131219
Norman DLoader 20131219
nProtect Trojan/W32.Agent.151552.QX 20131219
Panda Trj/Genetic.gen 20131219
Rising PE:Trojan.Win32.Generic.124DAE76!307080822 20131218
Sophos AV Mal/VBCheMan-C 20131219
Symantec Trojan.Usuge!gen3 20131219
TheHacker Trojan/Injector.dbt 20131219
TotalDefense Win32/VBInject.O!generic 20131219
TrendMicro TROJ_VBKRYPT.BF 20131219
TrendMicro-HouseCall TROJ_VBKRYPT.BF 20131219
VBA32 Trojan.VBRA.09211 20131219
VIPRE LooksLike.Win32.Malware!vb (v) 20131219
ViRobot Trojan.Win32.VBKrypt.151552.B 20131219
Antiy-AVL 20131219
ByteHero 20130613
ClamAV 20131219
CMC 20131217
Malwarebytes 20131219
SUPERAntiSpyware 20131219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher SbJV
Product LprLJaz3
Original name NhH9LH72hS.exe
Internal name NhH9LH72hS
File version 8.147.0161
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-09-28 20:35:18
Entry Point 0x0000161C
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
_adj_fprem
__vbaAryMove
Ord(665)
__vbaRedim
__vbaCopyBytes
_adj_fdiv_r
__vbaFixstrConstruct
__vbaMidStmtBstr
Ord(100)
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
_adj_fptan
__vbaFreeVar
__vbaFreeStr
Zombie_AddRef
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaI4Str
Ord(607)
__vbaLenBstr
__vbaRedimPreserve
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaDerefAry1
Ord(608)
__vbaLbound
_CIsin
_CIsqrt
EVENT_SINK_Release
__vbaOnError
_adj_fdivr_m32i
__vbaI4ErrVar
__vbaStrCat
__vbaChkstk
__vbaLsetFixstr
__vbaStrCmp
__vbaErase
__vbaStrVarCopy
__vbaVarIndexLoad
__vbaFreeVarList
__vbaStrVarMove
__vbaAryConstruct2
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaVarZero
__vbaUI1ErrVar
Ord(617)
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaUI1I2
__vbaAryLock
_CIatan
Ord(644)
__vbaVarCat
__vbaStr2Vec
_CIexp
_CItan
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_FONT 2
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
ARABIC SAUDI ARABIA 1
TSONGA DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
61440

ImageVersion
8.147

ProductName
LprLJaz3

FileVersionNumber
8.147.0.161

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
8.147.0161

TimeStamp
2010:09:28 21:35:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NhH9LH72hS

FileAccessDate
2013:12:19 18:15:37+01:00

ProductVersion
8.147.0161

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2013:12:19 18:15:37+01:00

OriginalFilename
NhH9LH72hS.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SbJV

CodeSize
86016

FileSubtype
0

ProductVersionNumber
8.147.0.161

EntryPoint
0x161c

ObjectFileType
Executable application

File identification
MD5 02664a09edf0f16d3465d853abf81a7f
SHA1 941d8a0276f722b86cfb33c3d22fa1cf20787771
SHA256 bf54494a09597ea5f873e1617cdfb6dfd32f4704c91cdd23f8d0c7a2de30e173
ssdeep
1536:hcElRJAWdjv1FF5ziLCJqW2nmJnEzTm+aGJLzz7f49RkzveAx:/vD52s+aGxznKR6GAx

File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-09-29 22:55:34 UTC ( 8 years ago )
Last submission 2013-12-19 17:13:19 UTC ( 4 years, 10 months ago )
File names 433824779.scr
aa
433824779.scr-8U4Mgz
NhH9LH72hS.exe
smona130674404202378179329
NhH9LH72hS
dWcgD1.dwg
C3HfNDx.com
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!