× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c9f6299dec3da7e198c6ac047c0268dbd902c50cecf53035d10c95f862e4b7d5
File name: Maincit Net
Detection ratio: 34 / 46
Analysis date: 2013-08-06 15:25:19 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Yandex HackTool.Inject!Gk+Db+Tablw 20130805
AhnLab-V3 Trojan/Win32.HDC 20130806
AntiVir TR/Kazy.75473.9 20130806
Antiy-AVL Trojan/Win32.Vapsup.gen 20130806
Avast Win32:Malware-gen 20130806
AVG Dropper.Generic6.XZV 20130806
BitDefender Gen:Variant.Graftor.Elzob.3108 20130806
Commtouch W32/Trojan.FOIN-5788 20130806
Comodo TrojWare.Win32.Injector.ADKK 20130806
DrWeb Trojan.Swizzor.17753 20130806
Emsisoft Gen:Variant.Graftor.Elzob.3108 (B) 20130806
ESET-NOD32 a variant of Win32/HackTool.Inject.AD 20130806
F-Secure Gen:Variant.Graftor.Elzob.3108 20130806
Fortinet W32/Vapsup.MFTU!tr 20130806
GData Gen:Variant.Graftor.Elzob.3108 20130806
Ikarus Win32.SuspectCrc 20130806
K7AntiVirus Riskware 20130806
Kaspersky Trojan.Win32.Vapsup.mheu 20130806
McAfee Generic PUP.z!oh 20130806
McAfee-GW-Edition Generic PUP.z!oh 20130806
Microsoft Trojan:Win32/Comisproc 20130806
eScan Gen:Variant.Graftor.Elzob.3108 20130806
NANO-Antivirus Trojan.Win32.Vapsup.tarut 20130806
nProtect Trojan/W32.Vapsup.393216.I 20130806
Panda Trj/Genetic.gen 20130806
Rising Trojan.VBInject!4947 20130806
Sophos AV Mal/Generic-S 20130806
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20130806
Symantec WS.Reputation.1 20130806
TrendMicro TROJ_GEN.USBH01ACN 20130806
TrendMicro-HouseCall TROJ_GEN.USBH01ACN 20130806
VBA32 Trojan.Vapsup 20130806
VIPRE Trojan.Win32.Generic!BT 20130806
ViRobot Trojan.Win32.A.Swizzor.258048.AI 20130806
ByteHero 20130724
CAT-QuickHeal 20130806
ClamAV 20130806
F-Prot 20130806
Jiangmin 20130806
K7GW 20130806
Kingsoft 20130723
Malwarebytes 20130806
Norman 20130806
PCTools 20130806
TheHacker 20130805
TotalDefense 20130806
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Maincit Network

Publisher www.maincit.net
Product MainCit Portable 2.0.1.2
Version 1.00
Original name Maincit Net.exe
Internal name Maincit Net
File version 1.00
Description Maincit Network
Comments www.maincit.net
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-11 16:02:30
Entry Point 0x000014CC
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
_CIcos
__vbaEnd
__vbaGenerateBoundsError
__vbaStrFixstr
__vbaVarDup
Ord(616)
__vbaPutOwner3
__vbaErase
_adj_fprem
__vbaRedimPreserve
__vbaLenBstr
__vbaAryMove
__vbaFreeStrList
_adj_fpatan
_CIatan
EVENT_SINK_AddRef
__vbaStrToUnicode
__vbaVarVargNofree
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
__vbaStrCmp
__vbaFPException
_adj_fdivr_m16i
__vbaCopyBytes
EVENT_SINK_Release
__vbaCastObj
__vbaExitProc
Ord(100)
__vbaUI1I2
_adj_fdivr_m64
__vbaRecAnsiToUni
_adj_fdiv_r
_CItan
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(531)
Ord(645)
__vbaInStrVar
_allmul
__vbaStrVarVal
__vbaLsetFixstr
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
__vbaFileClose
__vbaStrVarCopy
__vbaR8Str
__vbaObjSet
_CIlog
__vbaRecUniToAnsi
__vbaFreeVar
__vbaNew2
__vbaErrorOverflow
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaVar2Vec
Ord(648)
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
CUSTOM 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 2
PE resources
ExifTool file metadata
CodeSize
28672

FileDescription
Maincit Network

Comments
www.maincit.net

LinkerVersion
6.0

ImageVersion
1.0

ProductName
MainCit Portable 2.0.1.2

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
360448

OriginalFilename
Maincit Net.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2012:06:11 09:02:30-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Maincit Net

SubsystemVersion
4.0

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Maincit Network

MachineType
Intel 386 or later, and compatibles

CompanyName
www.maincit.net

LegalTrademarks
Maincit Network

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x14cc

ObjectFileType
Executable application

File identification
MD5 f21ce516986788cc10c217ad93df17d4
SHA1 583029a1556575532c30e32595e2aa1764c75b83
SHA256 c9f6299dec3da7e198c6ac047c0268dbd902c50cecf53035d10c95f862e4b7d5
ssdeep
6144:ZLFmZXLVjMlfo4ZUY8//vnluZql1SQeeaQeeBQeesQeepbQeehQeesLuA+VZ5Mf:ZLoXLVjQNZUY2/vnlPNuAk6

File size 384.0 KB ( 393216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (63.9%)
Win32 Executable MS Visual C++ (generic) (24.3%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Generic Win/DOS Executable (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-12 05:21:38 UTC ( 5 years, 5 months ago )
Last submission 2012-06-27 16:37:30 UTC ( 5 years, 4 months ago )
File names Maincit Net
smona_c9f6299dec3da7e198c6ac047c0268dbd902c50cecf53035d10c95f862e4b7d5.bin
Maincit Net.exe
f21ce516986788cc10c217ad93df17d4
file-4090220_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!