× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c0b1280e16916ef5a74b51c506932cf490b1082a3f0372cea1aeadfee63c81ed
File name: 83cbb72ffe9be2b7f7cd3f69adc804c5e5f7500b.exe.vir
Detection ratio: 37 / 56
Analysis date: 2015-04-20 10:47:12 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2246910 20150420
Yandex Trojan.Inject!oamwCfp/ejw 20150419
AhnLab-V3 Trojan/Win32.ZBot 20150420
ALYac Trojan.GenericKD.2246910 20150420
Antiy-AVL Trojan/Win32.Inject 20150420
Avast Win32:Emotet-O [Trj] 20150420
AVG Inject2.BUYB 20150420
AVware Trojan.Win32.Generic!BT 20150420
Baidu-International Trojan.Win32.Inject.upts 20150420
BitDefender Trojan.GenericKD.2246910 20150420
ByteHero Virus.Win32.Heur.p 20150420
CAT-QuickHeal Trojan.Inject.r3 20150420
Comodo UnclassifiedMalware 20150420
Cyren W32/Trojan.PGAG-3722 20150420
Emsisoft Trojan.GenericKD.2246910 (B) 20150420
ESET-NOD32 Win32/Emotet.AD 20150420
Fortinet W32/Injector.BWFQ!tr 20150420
GData Trojan.GenericKD.2246910 20150420
Ikarus Trojan.Win32.Emotet 20150420
K7AntiVirus Trojan ( 004ba58f1 ) 20150420
K7GW Trojan ( 004ba58f1 ) 20150420
Malwarebytes Backdoor.Bot 20150420
McAfee RDN/Generic.dx!dnz 20150420
McAfee-GW-Edition RDN/Generic.dx!dnz 20150419
Microsoft Trojan:Win32/Emotet.G 20150420
eScan Trojan.GenericKD.2246910 20150420
NANO-Antivirus Trojan.Win32.Inject.dpyruv 20150420
Norman VBKrypt.VBP 20150420
nProtect Trojan/W32.Agent.169859.B 20150420
Panda Trj/Genetic.gen 20150420
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150420
Sophos AV Troj/VB-IIB 20150420
SUPERAntiSpyware Trojan.Agent/Gen-VB 20150419
Tencent Trojan.Win32.Qudamah.Gen.17 20150420
VIPRE Trojan.Win32.Generic!BT 20150420
ViRobot Trojan.Win32.Agent.169859[h] 20150420
Zillya Trojan.Inject.Win32.161193 20150420
AegisLab 20150420
Alibaba 20150420
Bkav 20150420
ClamAV 20150420
CMC 20150418
DrWeb 20150422
F-Prot 20150422
F-Secure 20150422
Jiangmin 20150417
Kaspersky 20150422
Kingsoft 20150420
Rising 20150422
Symantec 20150420
TheHacker 20150420
TotalDefense 20150420
TrendMicro 20150422
TrendMicro-HouseCall 20150422
VBA32 20150422
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Goodreads
Original name Callstb.exe
Internal name Callstb
File version 1.00.0875
Description Joyee Flynn writes paranormal erotic romance full of hot men who desire nothing more than each other.
Comments Joyee Flynn has 101 books on Goodreads with 62958 ratings. Joyee Flynn's most popular series is Marius World.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-24 18:32:58
Entry Point 0x000014F8
Number of sections 3
PE sections
Overlays
MD5 cc2574957d7f559b5b6e1b6a5aa329d8
File type data
Offset 118784
Size 51075
Entropy 7.97
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaRedim
Ord(537)
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaAryCopy
__vbaFreeStr
Ord(631)
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
__vbaRedimPreserve
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarSetObjAddref
__vbaFreeVar
__vbaLbound
__vbaFileOpen
_CIsin
__vbaAryLock
EVENT_SINK_Release
__vbaVarLateMemCallLdRf
__vbaVarSetVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
Ord(570)
__vbaAryUnlock
__vbaVarLateMemSt
__vbaStrVarCopy
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaVarTstNe
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
_adj_fdiv_m32
Ord(685)
__vbaOnError
_adj_fpatan
EVENT_SINK_AddRef
_adj_fdivr_m32i
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
__vbaUI1I4
__vbaUI1I2
_CIsqrt
_CIatan
__vbaLateMemCall
__vbaObjSet
__vbaVarCat
_CIexp
_CItan
Number of PE resources by type
RT_ICON 2
MIXTYPE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
FINNISH DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Joyee Flynn has 101 books on Goodreads with 62958 ratings. Joyee Flynn's most popular series is Marius World.

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.875

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x14f8

OriginalFileName
Callstb.exe

MIMEType
application/octet-stream

FileVersion
1.00.0875

TimeStamp
2015:03:24 19:32:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Callstb

SubsystemVersion
4.0

ProductVersion
1.00.0875

FileDescription
Joyee Flynn writes paranormal erotic romance full of hot men who desire nothing more than each other.

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Joyee Flynn

CodeSize
98304

ProductName
Goodreads

ProductVersionNumber
1.0.0.875

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2d7d8f25ab6745ae62fb22d6a7145942
SHA1 83cbb72ffe9be2b7f7cd3f69adc804c5e5f7500b
SHA256 c0b1280e16916ef5a74b51c506932cf490b1082a3f0372cea1aeadfee63c81ed
ssdeep
3072:/AClMrcbSWZSWvB0hrd3bote1GkL6lbvlq3qrUuD0u4I7vOyW:/zlMrcbSWZSWvB0hrd3Ute1GkGdsuL4h

authentihash 3146e90267ee1097fa3f475b8dbe284dc12e360f1a06009e11e0f5b07d69748f
imphash d592cc8faed4b7a41206ce7db972024a
File size 165.9 KB ( 169859 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-24 20:02:15 UTC ( 4 years, 2 months ago )
Last submission 2016-05-22 23:22:02 UTC ( 3 years ago )
File names Callstb.exe
83cbb72ffe9be2b7f7cd3f69adc804c5e5f7500b.exe
UPS_.exe.vir
{AF04F19E-E02B-C7B1-E570-FFC8690DC0CF}exe_old
83cbb72ffe9be2b7f7cd3f69adc804c5e5f7500b.exe.vir
Callstb
DHL_Sendungsverfolgung_DE_0024000035548028____Status_0329_member___user____DHLAdmin____002039.exe
8a1.exe
0kyWvJ.pps
DHL_Sendungsverfolgung_DE_0024000035548028____Status_0329_member___user____DHLAdmin____002039.exe-25Mar15.1146.txt
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0CK415.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!