× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2b07c6cecb879e32875130d089ae31d6cbadeba289f1a047e43d298633a416a
File name: 512B.exe
Detection ratio: 39 / 54
Analysis date: 2014-11-09 17:12:10 UTC ( 4 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.108848 20141109
Yandex Trojan.Injector!biEVVQRVzR0 20141108
AhnLab-V3 Malware/Win32.Generic 20141109
Avast Win32:VBCrypt-CXK [Trj] 20141109
AVG VBCrypt.GDT 20141109
Avira (no cloud) Worm/Ngrbot.rfdas 20141109
AVware Trojan.Win32.Generic!BT 20141109
Baidu-International Trojan.Win32.Injector.bBMTJ 20141107
BitDefender Gen:Variant.Zusy.108848 20141109
ByteHero Virus.Win32.Heur.p 20141109
CAT-QuickHeal Trojan.Generic.r3 20141108
CMC Heur.Win32.Veebee.1!O 20141107
Comodo UnclassifiedMalware 20141109
Cyren W32/Trojan.DIEP-2010 20141109
Emsisoft Gen:Variant.Zusy.108848 (B) 20141109
ESET-NOD32 a variant of Win32/Injector.BMTJ 20141109
F-Secure Gen:Variant.Zusy.108848 20141109
Fortinet W32/BMNE!tr 20141108
GData Gen:Variant.Zusy.108848 20141109
Ikarus Worm.Win32.Ngrbot 20141109
K7AntiVirus Trojan ( 0040f7b81 ) 20141107
K7GW Trojan ( 0040f7b81 ) 20141107
Kaspersky HEUR:Trojan.Win32.Generic 20141109
Malwarebytes Trojan.LVBP 20141109
McAfee RDN/Generic.dx!dfv 20141109
McAfee-GW-Edition BehavesLike.Win32.VBObfus.ch 20141109
eScan Gen:Variant.Zusy.108848 20141105
NANO-Antivirus Trojan.Win32.BMNE.dfsjdj 20141109
Norman Troj_Generic.WBZDJ 20141109
nProtect Worm/W32.Ngrbot.175132 20141107
Qihoo-360 Win32/Trojan.Dropper.81e 20141109
Rising PE:Trojan.Win32.Generic.1774C04B!393527371 20141108
Sophos AV Mal/Generic-S 20141109
SUPERAntiSpyware Trojan.Agent/Gen-PWS 20141109
Symantec Trojan.Zbot 20141109
TrendMicro TROJ_GEN.R047C0EJR14 20141109
TrendMicro-HouseCall TROJ_GEN.R047C0EJR14 20141109
VBA32 Worm.Ngrbot 20141108
VIPRE Trojan.Win32.Generic!BT 20141109
AegisLab 20141109
Antiy-AVL 20141109
Bkav 20141107
ClamAV 20141109
DrWeb 20141109
F-Prot 20141109
Jiangmin 20141108
Kingsoft 20141109
Microsoft 20141109
Tencent 20141109
TheHacker 20141107
TotalDefense 20141109
ViRobot 20141109
Zillya 20141107
Zoner 20141107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-30 10:11:05
Entry Point 0x000013D8
Number of sections 3
PE sections
Overlays
MD5 4ec2c12d2dac2ada8bbb815c1686ee8a
File type ASCII text
Offset 172032
Size 3100
Entropy 0.00
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaVarDup
__vbaAryLock
EVENT_SINK_QueryInterface
_allmul
Ord(516)
__vbaStrMove
_adj_fdivr_m64
__vbaErase
_adj_fprem
__vbaLenBstr
Ord(685)
_adj_fpatan
__vbaFreeObjList
Ord(681)
__vbaUI1Str
Ord(717)
__vbaMidStmtBstr
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaAryVar
__vbaStrVarMove
__vbaPowerR8
Ord(578)
__vbaVar2Vec
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaFreeVar
__vbaVarTstNe
_adj_fprem1
__vbaI2Str
Ord(619)
_CItan
__vbaFreeObj
__vbaFileOpen
_adj_fdiv_m64
__vbaStrBool
__vbaHresultCheckObj
__vbaStrVarVal
_CIsin
Ord(711)
Ord(606)
__vbaStrCopy
_CIsqrt
EVENT_SINK_Release
Ord(713)
__vbaFreeStr
_adj_fptan
__vbaGet3
__vbaFileClose
Ord(581)
__vbaI4Var
_CIcos
__vbaAryUnlock
__vbaObjSet
__vbaAryCopy
_CIlog
_CIatan
Ord(608)
__vbaNew2
Ord(644)
__vbaVarCat
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrI2
__vbaStrToAnsi
__vbaStrI4
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaI2I4
__vbaFpI2
CallWindowProcW
Number of PE resources by type
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:09:30 11:11:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.99

FileTypeExtension
exe

InitializedDataSize
139264

SubsystemVersion
4.65517

EntryPoint
0x13d8

OSVersion
4.5

ImageVersion
6.544

UninitializedDataSize
0

File identification
MD5 fe7107636c736176c2747ff2b283d171
SHA1 f748b27419998b5f1fabbb4caacdeb5bbcdb226d
SHA256 c2b07c6cecb879e32875130d089ae31d6cbadeba289f1a047e43d298633a416a
ssdeep
3072:yo3zSROKAGppY20wJuenRS6lFussnUCHnpg6VzcYZxWRDgKQZKshc9LbvQGg:yK2AYp8wJueoKFusO5ppVzXZWQEZV7rg

authentihash 5811801c494f43baa16714ae07ddeb74c68a1a71a9cb476c499a42b184500087
imphash 35ea2e2f60c0e6fd591bb1031636670b
File size 171.0 KB ( 175132 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-10-01 05:36:30 UTC ( 4 years, 5 months ago )
Last submission 2014-11-09 17:12:10 UTC ( 4 years, 4 months ago )
File names 512B.exe
99F7.exe
vt-upload-Bbu_5
6DBA.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.