× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c26d450b82fd49189316d00ff60486bb2e6f4434583c06ec76117b6918ce3ecc
File name: 9323a2cf0f20cf1267f20f58943c0de7f17f7b3b_Trojan.Win32.VBKrypt.zfqs
Detection ratio: 52 / 68
Analysis date: 2018-06-12 16:24:17 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30449864 20180612
AegisLab Uds.Dangerousobject.Multi!c 20180612
AhnLab-V3 Win-Trojan/VBKrypt.RP02 20180612
ALYac Trojan.VBKrypt.gen 20180612
Antiy-AVL Trojan/Win32.VBKrypt 20180612
Arcabit Trojan.Generic.D1D0A0C8 20180612
Avast Win32:Malware-gen 20180612
AVG Win32:Malware-gen 20180612
Avira (no cloud) TR/Dropper.VB.ugxwe 20180612
AVware Trojan.Win32.Generic!BT 20180612
BitDefender Trojan.GenericKD.30449864 20180612
CAT-QuickHeal Trojan.IGENERIC 20180612
Comodo UnclassifiedMalware 20180612
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.94315b 20180225
Cylance Unsafe 20180612
Cyren W32/VBInject.OX.gen!Eldorado 20180612
DrWeb Trojan.PWS.Stealer.23277 20180612
Emsisoft Trojan.GenericKD.30449864 (B) 20180612
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Injector.DWTL 20180612
F-Prot W32/VBInject.OX.gen!Eldorado 20180612
F-Secure Trojan.GenericKD.30449864 20180612
Fortinet W32/Injector.DWTL!tr 20180612
GData Win32.Trojan.Injector.NA 20180612
Ikarus Trojan.Win32.Injector 20180612
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 0052b3211 ) 20180612
K7GW Trojan ( 0052b3211 ) 20180612
Kaspersky Trojan.Win32.VBKrypt.zfqs 20180612
Malwarebytes Spyware.PasswordStealer 20180612
MAX malware (ai score=99) 20180612
McAfee Fareit-FKQ!9323A2CF0F20 20180612
McAfee-GW-Edition BehavesLike.Win32.Fareit.gm 20180612
Microsoft Trojan:Win32/Tiggre!rfn 20180612
eScan Trojan.GenericKD.30449864 20180612
NANO-Antivirus Trojan.Win32.VBKrypt.ezcgdy 20180612
Palo Alto Networks (Known Signatures) generic.ml 20180612
Panda Trj/GdSda.A 20180612
Qihoo-360 Win32/Trojan.e86 20180612
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/FareitVB-L 20180612
Symantec Downloader.Ponik 20180612
Tencent Win32.Trojan.Vbkrypt.Hqkx 20180612
TrendMicro BKDR_NETWIRED.THCOHAI 20180612
TrendMicro-HouseCall BKDR_NETWIRED.THCOHAI 20180612
VBA32 Trojan.VBKrypt 20180612
VIPRE Trojan.Win32.Generic!BT 20180612
Webroot W32.Trojan.Gen 20180612
Yandex Trojan.VBKrypt!Dqmp3ivN/tM 20180609
Zillya Trojan.VBKrypt.Win32.295392 20180612
ZoneAlarm by Check Point Trojan.Win32.VBKrypt.zfqs 20180612
Alibaba 20180612
Avast-Mobile 20180612
Babable 20180406
Baidu 20180612
Bkav 20180612
ClamAV 20180612
CMC 20180612
eGambit 20180612
Jiangmin 20180612
Kingsoft 20180612
Rising 20180612
SUPERAntiSpyware 20180612
Symantec Mobile Insight 20180605
TACHYON 20180612
TheHacker 20180608
TotalDefense 20180612
Trustlook 20180612
ViRobot 20180612
Zoner 20180612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product LAVASOFt
Original name Calcining.exe
Internal name Calcining
File version 1.01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-21 21:55:12
Entry Point 0x00001330
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaInStrB
_allmul
Ord(616)
_adj_fdivr_m64
Ord(527)
_adj_fprem
__vbaLenBstr
__vbaVarTstNe
_adj_fpatan
EVENT_SINK_AddRef
Ord(526)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_r
Ord(100)
__vbaVarSetObjAddref
__vbaFreeVar
Ord(562)
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(585)
__vbaStrVarVal
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaVarDup
__vbaVarMove
Ord(646)
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
1.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x1330

OriginalFileName
Calcining.exe

MIMEType
application/octet-stream

FileVersion
1.01

TimeStamp
2018:03:21 22:55:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Calcining

ProductVersion
1.01

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
emSISOft gmbH

CodeSize
462848

ProductName
LAVASOFt

ProductVersionNumber
1.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9323a2cf0f20cf1267f20f58943c0de7
SHA1 15489e394315bb73a79f011b2b1d5a1ace626a9b
SHA256 c26d450b82fd49189316d00ff60486bb2e6f4434583c06ec76117b6918ce3ecc
ssdeep
6144:o/vyCXmL3BuKu+nZKEfnst9Oayz8ScfCFuerbo2/6:+yCWzPZ5897OFe

authentihash 5eef097963845b86892571c8b7484fb116eca1a4e284010e1b134fa2bcfd8bc1
imphash e6859d049d5ef9ec1b2e66580665fe0e
File size 480.0 KB ( 491520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-22 14:11:20 UTC ( 4 months ago )
Last submission 2018-06-12 16:24:17 UTC ( 1 month, 1 week ago )
File names fd3f305634a785a53d5a93f3d05a7c194670c182
Confirm.exe
Confirm.exe
.
Calcining.exe
output.113029616.txt
Confirm.exe
Calcining
MSI897D.tmp
Confirm.exe
9323a2cf0f20cf1267f20f58943c0de7f17f7b3b_Trojan.Win32.VBKrypt.zfqs
codexgigas_15489e394315bb73a79f011b2b1d5a1ace626a9b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.