× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c61cd69609d47e484c71c64723bc014362c4db3369961a736b3ff5687a462ffb
File name: vt-upload-e9Ckg
Detection ratio: 44 / 56
Analysis date: 2016-05-17 16:01:48 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.65228 20160517
AegisLab W32.W.Ngrbot.ugx!c 20160517
AhnLab-V3 Worm/Win32.Dorkbot 20160517
ALYac Gen:Variant.Zusy.65228 20160517
Antiy-AVL Worm/Win32.Ngrbot 20160517
Arcabit Trojan.Zusy.DFECC 20160517
Avast Win32:Malware-gen 20160517
AVG Dropper.Generic8.CIDT 20160517
Avira (no cloud) TR/Injector.364544.9 20160517
AVware Trojan.Win32.Generic!BT 20160511
Baidu-International Worm.Win32.Dorkbot.B 20160517
BitDefender Gen:Variant.Zusy.65228 20160517
CAT-QuickHeal Trojan.VB.r3 20160517
CMC Worm.Win32.Ngrbot!O 20160516
Comodo UnclassifiedMalware 20160516
Cyren W32/Trojan.BBEH-6153 20160517
DrWeb Trojan.VbCrypt.8 20160517
ESET-NOD32 Win32/Dorkbot.B 20160517
F-Secure Gen:Variant.Zusy.65228 20160517
Fortinet W32/Refroso.DZP!tr 20160517
GData Gen:Variant.Zusy.65228 20160517
Ikarus Worm.Win32.Dorkbot 20160517
Jiangmin Worm/Ngrbot.byu 20160517
K7AntiVirus Trojan ( 004b8b021 ) 20160517
K7GW Trojan ( 004b8b021 ) 20160517
Kaspersky Worm.Win32.Ngrbot.ugx 20160517
Kingsoft Win32.Troj.Generic.a.(kcloud) 20160517
McAfee Artemis!FDA8A3886FD7 20160517
McAfee-GW-Edition BehavesLike.Win32.Virus.ft 20160517
Microsoft Trojan:Win32/Bulta!rfn 20160517
eScan Gen:Variant.Zusy.65228 20160517
NANO-Antivirus Trojan.Win32.Ngrbot.chlztw 20160517
Panda Generic Malware 20160516
Qihoo-360 Win32/Trojan.BO.78f 20160517
Rising Trjoan.Generic-vQ4Eh8OjG5 (Cloud) 20160517
Sophos AV Mal/VBCheMan-C 20160517
SUPERAntiSpyware Worm.NGRBot/Variant 20160517
Symantec W32.IRCBot.NG 20160517
Tencent Win32.Worm.Ngrbot.Egya 20160517
TrendMicro TROJ_SPNR.11J213 20160517
TrendMicro-HouseCall TROJ_SPNR.11J213 20160517
VIPRE Trojan.Win32.Generic!BT 20160517
Yandex Worm.Ngrbot!U0ESijNGRKM 20160517
Zillya Worm.Ngrbot.Win32.6273 20160517
Alibaba 20160516
Baidu 20160517
Bkav 20160517
ClamAV 20160517
F-Prot 20160517
Malwarebytes 20160517
nProtect 20160517
TheHacker 20160516
TotalDefense 20160517
VBA32 20160517
ViRobot 20160517
Zoner 20160517
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product code2html
Original name code2html.exe
Internal name code2html
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-26 14:22:10
Entry Point 0x00001794
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaStrMove
_adj_fprem
__vbaAryMove
SetMemObj
__vbaCyAdd
__vbaRedim
__vbaRefVarAry
__vbaCyMul
_adj_fdiv_r
__vbaVarIndexStore
__vbaMidStmtBstr
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
_CIlog
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaLateIdCall
Ord(608)
__vbaFreeStr
Ord(709)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(516)
__vbaLenBstr
Ord(681)
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
DllFunctionCall
__vbaUbound
__vbaVarTstLt
__vbaFreeVar
__vbaBoolVarNull
__vbaVargVarMove
__vbaUI1Var
__vbaFileOpen
__vbaI2Str
__vbaUI1I2
Ord(711)
__vbaInStrVar
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
__vbaAryUnlock
__vbaOnError
_adj_fdivr_m32i
__vbaI4ErrVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaErase
Ord(710)
__vbaStrVarCopy
__vbaFreeObjList
__vbaVarCmpGt
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaVarOr
__vbaVarTstNe
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
__vbaVarTstGt
_CIcos
__vbaStrErrVarCopy
__vbaVarCmpNe
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
_adj_fdiv_m32
__vbaLenVar
__vbaCyI4
__vbaEnd
__vbaVarZero
Ord(712)
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
Ord(573)
_CItan
__vbaObjSet
__vbaVarCmpLt
Ord(644)
__vbaVarCat
_CIexp
__vbaVarCmpLe
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x1794

OriginalFileName
code2html.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2013:09:26 15:22:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
code2html

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IntAct InterActive

CodeSize
352256

ProductName
code2html

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fda8a3886fd7c3381005382ff35ba116
SHA1 85f822e81af0b2964cf63045693cfe097626553d
SHA256 c61cd69609d47e484c71c64723bc014362c4db3369961a736b3ff5687a462ffb
ssdeep
3072:jNMsxASSdFAjTqpNKEyUZCu0D7xeiMEaRd7eCS+SmVJ0N6CqheZtOguNE8fgBGxu:jNjAguNhfgdp

authentihash 3d28fabf44242fdd265783cbb75659f06d89b3eded985a6bc71dd4079bf10b8b
imphash 1ab00d482d0eecba61a0ffa5659d3c24
File size 356.0 KB ( 364544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-26 17:15:35 UTC ( 5 years, 4 months ago )
Last submission 2017-10-25 15:46:14 UTC ( 1 year, 3 months ago )
File names code2html
vt-upload-e9Ckg
Abzczc.ex_
Abzczc.ex_
code2html.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.