× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c97b20c56bb67a172191d3fb2966f9ed61ff7122511ed979db1d09ccb54ffecf
File name: kkkkk
Detection ratio: 34 / 54
Analysis date: 2014-11-07 21:33:56 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.28644 20141108
Yandex Trojan.Buzus!89045JX+LDo 20141107
AhnLab-V3 Win-Trojan/MDA.140610 20141107
Antiy-AVL Trojan/Win32.Buzus 20141107
Avast Win32:Citadel-AX [Cryp] 20141108
AVG Win32/VBCrypt 20141107
Avira (no cloud) TR/Dropper.Gen7 20141108
AVware Trojan.Win32.Generic!BT 20141108
Baidu-International Trojan.Win32.Buzus.aB 20141107
BitDefender Gen:Variant.Symmi.28644 20141108
Bkav HW32.Packed.E3F9 20141107
CAT-QuickHeal VirTool.VBInject 20141107
Comodo UnclassifiedMalware 20141107
DrWeb Trojan.PWS.Panda.2401 20141107
Emsisoft Gen:Variant.Symmi.28644 (B) 20141108
ESET-NOD32 Win32/Spy.Zbot.AAO 20141108
F-Secure Gen:Variant.Symmi.28644 20141108
Fortinet W32/Injector.AJJL!tr 20141108
GData Gen:Variant.Symmi.28644 20141108
Ikarus Virus.Win32.Zbot 20141107
Kaspersky Trojan.Win32.Buzus.nyaq 20141107
Kingsoft Win32.Troj.Generic.a.(kcloud) 20141108
Malwarebytes Trojan.Zbot 20141107
McAfee PWS-Zbot.gen.oj 20141108
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20141107
Microsoft PWS:Win32/Zbot 20141107
eScan Gen:Variant.Symmi.28644 20141105
Norman Suspicious_Gen5.ADWLJ 20141107
Qihoo-360 Win32/Trojan.Multi.daf 20141108
Sophos Mal/Generic-S 20141108
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20141108
Symantec Trojan.Zbot 20141108
VBA32 Trojan.Buzus 20141106
VIPRE Trojan.Win32.Generic!BT 20141108
AegisLab 20141108
ByteHero 20141108
ClamAV 20141107
CMC 20141107
Cyren 20141108
F-Prot 20141107
Jiangmin 20141107
K7AntiVirus 20141107
K7GW 20141107
NANO-Antivirus 20141107
nProtect 20141107
Rising 20141107
Tencent 20141108
TheHacker 20141107
TotalDefense 20141107
TrendMicro 20141108
TrendMicro-HouseCall 20141107
ViRobot 20141107
Zillya 20141107
Zoner 20141107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher FileZilla Project
Product Macarena
Original name kkkkk.exe
Internal name kkkkk
File version 3.01.0003
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-13 19:03:46
Entry Point 0x000012E0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
__vbaAryMove
__vbaUbound
_adj_fpatan
Ord(594)
__vbaHresultCheck
_adj_fdiv_m32i
__vbaStrCopy
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaUI1Var
_adj_fdivr_m16i
__vbaCopyBytes
_adj_fdiv_r
Ord(564)
_CItan
__vbaFreeVar
Ord(100)
__vbaObjSetAddref
__vbaAryConstruct2
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
__vbaR8Str
_CIlog
__vbaAryLock
_CIcos
__vbaFreeStr
_adj_fptan
__vbaVarDup
__vbaObjSet
Ord(703)
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaVar2Vec
__vbaFreeStrList
__vbaI2I4
__vbaFpI2
_adj_fdiv_m16i
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_ICON 2
RT_BITMAP 2
RT_CURSOR 2
ACEQVKNA 1
ASASA 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ITALIAN 4
SPANISH MEXICAN 2
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
3.1

FileSubtype
0

FileVersionNumber
3.1.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
282624

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
3.01.0003

TimeStamp
2013:08:13 20:03:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kkkkk

FileAccessDate
2014:11:08 01:38:33+01:00

ProductVersion
3.01.0003

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:11:08 01:38:33+01:00

OriginalFilename
kkkkk.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FileZilla Project

CodeSize
45056

ProductName
Macarena

ProductVersionNumber
3.1.0.3

EntryPoint
0x12e0

ObjectFileType
Executable application

File identification
MD5 390f87c1df181d99e1a8cb698d5c4ae4
SHA1 b60a4724224256a5c03c2f9278d7df083d499d64
SHA256 c97b20c56bb67a172191d3fb2966f9ed61ff7122511ed979db1d09ccb54ffecf
ssdeep
6144:CSrJGStUcVOxuEN+gUBxaUNIcDJe+05LAVE:ILU+p+1xrWGJoMV

authentihash 4070602d6008e64b4494174508e6cd2ba8b2b12bdeb7886f43992b805e87418c
imphash 809da0cb0fd9c520220c11115c9380e4
File size 316.0 KB ( 323584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-16 16:48:30 UTC ( 3 years, 10 months ago )
Last submission 2013-08-16 16:48:30 UTC ( 3 years, 10 months ago )
File names kkkkk.exe
kkkkk
b60a4724224256a5c03c2f9278d7df083d499d64
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.