× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c89872f4b61fb8220c1c8fba96ace326340e5edb5aee9495065024f6dcdbe4cc
File name: vt-upload-6wZGC
Detection ratio: 28 / 53
Analysis date: 2014-05-27 09:25:19 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1691521 20140527
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140527
Avast Win32:Malware-gen 20140527
AVG Zbot.JDU 20140527
BitDefender Trojan.GenericKD.1691521 20140527
Bkav HW32.CDB.2c0e 20140523
ByteHero Virus.Win32.Heur.p 20140527
Commtouch W32/Trojan.DXQA-0608 20140527
DrWeb Trojan.PWS.Panda.7278 20140527
Emsisoft Trojan.GenericKD.1691521 (B) 20140527
ESET-NOD32 Win32/Spy.Zbot.AAO 20140527
F-Secure Trojan.GenericKD.1691521 20140527
Fortinet W32/VB.AAO!tr.spy 20140527
GData Trojan.GenericKD.1691521 20140527
Kaspersky Trojan-Spy.Win32.Zbot.swzi 20140527
Malwarebytes Trojan.Dorkbot.ED 20140527
McAfee Artemis!DC8BC111CB0A 20140527
McAfee-GW-Edition Artemis!DC8BC111CB0A 20140526
eScan Trojan.GenericKD.1691521 20140527
nProtect Trojan.GenericKD.1691521 20140526
Panda Generic Malware 20140526
Qihoo-360 HEUR/Malware.QVM03.Gen 20140527
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140526
Sophos AV Mal/VB-ALO 20140527
Tencent Win32.Trojan-spy.Zbot.Wtxj 20140527
TrendMicro TROJ_GEN.R0CBC0REP14 20140527
TrendMicro-HouseCall TROJ_GEN.R0CBC0REP14 20140527
VIPRE Trojan.Win32.Generic!BT 20140527
AegisLab 20140527
Yandex 20140526
AhnLab-V3 20140526
AntiVir 20140527
Baidu-International 20140527
CAT-QuickHeal 20140527
ClamAV 20140527
CMC 20140526
Comodo 20140527
F-Prot 20140525
Ikarus 20140527
Jiangmin 20140527
K7AntiVirus 20140526
K7GW 20140526
Kingsoft 20140527
Microsoft 20140527
NANO-Antivirus 20140527
Norman 20140527
SUPERAntiSpyware 20140526
Symantec 20140527
TheHacker 20140526
TotalDefense 20140526
VBA32 20140526
ViRobot 20140527
Zillya 20140527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Any Video Converter Professional
Product Emparlau autohete
Original name Subaggre.exe
Internal name Subaggre
File version 1.02.0002
Description Hansard jublil
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-23 06:14:16
Entry Point 0x00001408
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_adj_fpatan
__vbaEnd
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
__vbaAryUnlock
Ord(527)
_adj_fprem
Ord(594)
__vbaR4Var
Ord(525)
Ord(512)
Ord(586)
__vbaFreeObjList
__vbaRedimPreserve
__vbaVarForInit
_adj_fdiv_m32i
__vbaInStr
__vbaVarMul
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_CIexp
__vbaStrVarMove
Ord(685)
_adj_fdivr_m16i
__vbaStrMove
EVENT_SINK_Release
Ord(589)
Ord(517)
__vbaDerefAry1
__vbaVarAdd
Ord(599)
__vbaFreeVar
Ord(100)
EVENT_SINK_AddRef
__vbaObjSetAddref
_adj_fdiv_r
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaVarTstGt
__vbaVarInt
_CIcos
Ord(595)
Ord(587)
_adj_fptan
__vbaI4Str
Ord(593)
__vbaObjSet
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaVarForNext
__vbaOnError
_adj_fdivr_m32i
__vbaAryLock
_CItan
Ord(541)
__vbaStrI2
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
Ord(609)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
FINNISH DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
16384

ImageVersion
1.2

ProductName
Emparlau autohete

FileVersionNumber
1.2.0.2

UninitializedDataSize
0

LanguageCode
Finnish

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Subaggre.exe

MIMEType
application/octet-stream

FileVersion
1.02.0002

TimeStamp
2014:05:23 07:14:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Subaggre

FileAccessDate
2014:05:27 10:23:59+01:00

ProductVersion
1.02.0002

FileDescription
Hansard jublil

OSVersion
4.0

FileCreateDate
2014:05:27 10:23:59+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Any Video Converter Professional

CodeSize
278528

FileSubtype
0

ProductVersionNumber
1.2.0.2

EntryPoint
0x1408

ObjectFileType
Executable application

File identification
MD5 dc8bc111cb0ab4fec94a84eff2717d08
SHA1 ae0729b4b4618c37a59194f273d5e476a36ead37
SHA256 c89872f4b61fb8220c1c8fba96ace326340e5edb5aee9495065024f6dcdbe4cc
ssdeep
6144:rdrruHaMge4L3F0p7R6jfONNzSK1esJe9Gk:Be4LNf/so9

imphash acec990dbe16b18b7309d2d396ee0eec
File size 291.0 KB ( 298001 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-27 09:25:19 UTC ( 4 years, 8 months ago )
Last submission 2014-05-27 09:25:19 UTC ( 4 years, 8 months ago )
File names Subaggre
Subaggre.exe
vt-upload-6wZGC
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications