× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c842211a8c96a4599c85327e2628dc76825100dfb486df45d78f8f1d2712fb56
File name: pat.exe
Detection ratio: 11 / 46
Analysis date: 2013-03-30 00:19:08 UTC ( 1 year ago )
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20130329
AntiVir TR/Dropper.Gen 20130330
BitDefender Gen:Variant.Symmi.17260 20130330
Comodo UnclassifiedMalware 20130330
F-Secure Gen:Variant.Symmi.17260 20130329
Fortinet W32/Injector.FJX!tr 20130329
GData Gen:Variant.Symmi.17260 20130330
McAfee PWS-Zbot-FARH!8C005816A75D 20130330
McAfee-GW-Edition PWS-Zbot-FARH!8C005816A75D 20130330
Sophos Mal/VBCheMan-B 20130329
Symantec WS.Reputation.1 20130330
AVG 20130329
Agnitum 20130329
Antiy-AVL 20130329
Avast 20130330
ByteHero 20130322
CAT-QuickHeal 20130329
ClamAV 20130329
Commtouch 20130329
DrWeb 20130330
ESET-NOD32 20130329
Emsisoft 20130330
F-Prot 20130329
Ikarus 20130329
Jiangmin 20130329
K7AntiVirus 20130328
Kaspersky 20130329
Kingsoft 20130325
Malwarebytes 20130330
MicroWorld-eScan 20130329
Microsoft 20130330
NANO-Antivirus 20130329
Norman 20130329
PCTools 20130330
Panda 20130329
Rising 20130328
SUPERAntiSpyware 20130329
TheHacker 20130329
TotalDefense 20130329
TrendMicro 20130330
TrendMicro-HouseCall 20130330
VBA32 20130328
VIPRE 20130329
ViRobot 20130329
eSafe 20130328
nProtect 20130329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher korrie mala manya
Product normand jo
Original name pat.exe
Internal name pat
File version 17.33.0025
Description dory evona kinman
Comments heddy berri meta
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-29 17:20:39
Entry Point 0x00001180
Number of sections 4
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
Ord(560)
EVENT_SINK_Release
__vbaEnd
EVENT_SINK_QueryInterface
Ord(648)
__vbaVarDup
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(572)
EVENT_SINK_AddRef
__vbaLenBstr
Ord(525)
_adj_fpatan
Ord(594)
__vbaInStr
_adj_fdiv_m32i
__vbaStrCopy
Ord(702)
__vbaExceptHandler
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
Ord(536)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(645)
Ord(606)
_allmul
_CIcos
Ord(616)
_adj_fptan
Ord(593)
Ord(667)
__vbaObjSet
_CIlog
_CIatan
__vbaNew2
__vbaErrorOverflow
_adj_fdivr_m32i
Ord(631)
_CItan
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_CURSOR 21
RT_GROUP_CURSOR 15
RT_ICON 3
RT_BITMAP 2
Struct(158) 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 40
NEUTRAL 4
ARABIC NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

Comments
heddy berri meta

InitializedDataSize
126976

ImageVersion
17.33

ProductName
normand jo

FileVersionNumber
17.33.0.25

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
17.33.0025

TimeStamp
2013:03:29 17:20:39+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
pat

ProductVersion
17.33.0025

FileDescription
dory evona kinman

OSVersion
4.0

OriginalFilename
pat.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
korrie mala manya

CodeSize
32768

FileSubtype
0

ProductVersionNumber
17.33.0.25

EntryPoint
0x1180

ObjectFileType
Executable application

File identification
MD5 8c005816a75d63853bcff5c815c638d7
SHA1 ac7fc8ed50ec42e6da77f7f1c5c71c7830c60f36
SHA256 c842211a8c96a4599c85327e2628dc76825100dfb486df45d78f8f1d2712fb56
ssdeep
3072:cbaBZh8A59UqHjzrFD1XQ+Tj6GzX/HNR9zv:78yUojfo+f6C9v

File size 161.4 KB ( 165240 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (91.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-30 00:19:08 UTC ( 1 year ago )
Last submission 2013-03-30 00:19:08 UTC ( 1 year ago )
File names 8c005816a75d63853bcff5c815c638d7.ac7fc8ed50ec42e6da77f7f1c5c71c7830c60f36
pat
pat.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.