× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c842211a8c96a4599c85327e2628dc76825100dfb486df45d78f8f1d2712fb56
File name: pat
Detection ratio: 40 / 56
Analysis date: 2015-02-07 07:51:37 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
ALYac Gen:Heur.VB.Krypt.13 20150207
AVG PSW.Generic10.CMJJ 20150207
AVware Worm.Win32.Phorpiex.ba (v) 20150207
Ad-Aware Gen:Heur.VB.Krypt.13 20150207
AhnLab-V3 Spyware/Win32.Zbot 20150206
Antiy-AVL Trojan/Win32.SGeneric 20150207
Avast Win32:VB-AFVX [Trj] 20150206
Avira TR/Dropper.Gen 20150207
Baidu-International Trojan.Win32.Inject.AH 20150206
BitDefender Gen:Heur.VB.Krypt.13 20150207
Bkav HW32.Packed.438D 20150206
CAT-QuickHeal Trojan.Inject.r4 20150205
Comodo UnclassifiedMalware 20150207
Cyren W32/Trojan.ITSG-8071 20150207
DrWeb Trojan.DownLoader10.9120 20150207
ESET-NOD32 a variant of Win32/Injector.APLP 20150207
Emsisoft Gen:Heur.VB.Krypt.13 (B) 20150207
F-Secure Gen:Heur.VB.Krypt.13 20150207
Fortinet W32/Injector.FKNG!tr 20150207
GData Gen:Heur.VB.Krypt.13 20150207
Ikarus Trojan.Win32.Inject 20150207
K7AntiVirus Backdoor ( 04c4c16f1 ) 20150207
K7GW Backdoor ( 04c4c16f1 ) 20150207
Kaspersky Trojan.Win32.Inject.fueb 20150207
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150207
McAfee PWSZbot-FBSY!8C005816A75D 20150207
McAfee-GW-Edition PWSZbot-FBSY!8C005816A75D 20150206
MicroWorld-eScan Gen:Heur.VB.Krypt.13 20150207
Microsoft Worm:Win32/Phorpiex.T 20150207
NANO-Antivirus Trojan.Win32.Injector.bmsaoe 20150207
Norman Troj_Generic.JOAAZ 20150207
Panda Trj/Genetic.gen 20150206
Qihoo-360 HEUR/Malware.QVM03.Gen 20150207
Sophos Mal/VBCheMan-P 20150207
Symantec Trojan.Zbot 20150207
Tencent Win32.Trojan.Inject.Eadc 20150207
TotalDefense Win32/Inject.TBfNYO 20150206
TrendMicro TROJ_SPNR.14E413 20150207
TrendMicro-HouseCall TROJ_SPNR.14E413 20150207
VIPRE Worm.Win32.Phorpiex.ba (v) 20150207
AegisLab 20150207
Agnitum 20150206
Alibaba 20150206
ByteHero 20150207
CMC 20150205
ClamAV 20150207
F-Prot 20150207
Malwarebytes 20150207
Rising 20150206
SUPERAntiSpyware 20150207
TheHacker 20150206
VBA32 20150206
ViRobot 20150207
Zillya 20150206
Zoner 20150206
nProtect 20150206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Publisher Internet Widgits Pty Ltd
Product normand jo
Original name pat.exe
Internal name pat
File version 17.33.0025
Description dory evona kinman
Comments heddy berri meta
Signature verification A certificate chain could not be built to a trusted root authority.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-29 17:20:39
Link date 6:20 PM 3/29/2013
Entry Point 0x00001180
Number of sections 4
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
Ord(560)
EVENT_SINK_Release
__vbaEnd
EVENT_SINK_QueryInterface
Ord(648)
__vbaVarDup
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(572)
EVENT_SINK_AddRef
__vbaLenBstr
Ord(525)
_adj_fpatan
Ord(594)
__vbaInStr
_adj_fdiv_m32i
__vbaStrCopy
Ord(702)
__vbaExceptHandler
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
Ord(536)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(645)
Ord(606)
_allmul
_CIcos
Ord(616)
_adj_fptan
Ord(593)
Ord(667)
__vbaObjSet
_CIlog
_CIatan
__vbaNew2
__vbaErrorOverflow
_adj_fdivr_m32i
Ord(631)
_CItan
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_CURSOR 21
RT_GROUP_CURSOR 15
RT_ICON 3
RT_BITMAP 2
Struct(158) 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 40
NEUTRAL 4
ARABIC NEUTRAL 1
ExifTool file metadata
UninitializedDataSize
0

Comments
heddy berri meta

LinkerVersion
6.0

ImageVersion
17.33

FileSubtype
0

FileVersionNumber
17.33.0.25

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
126976

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
17.33.0025

TimeStamp
2013:03:29 18:20:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pat

SubsystemVersion
4.0

FileAccessDate
2015:02:07 08:47:28+01:00

ProductVersion
17.33.0025

FileDescription
dory evona kinman

OSVersion
4.0

FileCreateDate
2015:02:07 08:47:28+01:00

OriginalFilename
pat.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
korrie mala manya

CodeSize
32768

ProductName
normand jo

ProductVersionNumber
17.33.0.25

EntryPoint
0x1180

ObjectFileType
Executable application

File identification
MD5 8c005816a75d63853bcff5c815c638d7
SHA1 ac7fc8ed50ec42e6da77f7f1c5c71c7830c60f36
SHA256 c842211a8c96a4599c85327e2628dc76825100dfb486df45d78f8f1d2712fb56
ssdeep
3072:cbaBZh8A59UqHjzrFD1XQ+Tj6GzX/HNR9zv:78yUojfo+f6C9v

authentihash 0faa93a3319848814df2f5d96fde1d79f19a2cb36fd93e612fa837c6cc22aedf
imphash 192cef28f9a27761e616a6cdf5c4a60f
File size 161.4 KB ( 165240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-30 00:19:08 UTC ( 2 years, 3 months ago )
Last submission 2013-03-30 00:19:08 UTC ( 2 years, 3 months ago )
File names 8c005816a75d63853bcff5c815c638d7.ac7fc8ed50ec42e6da77f7f1c5c71c7830c60f36
pat
pat.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.