× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca717c3c24eade2e3edb3be7ed7d662e2e3e3116ee54bcb76070d822dffe715f
File name: gzrwrzedkb..vbs
Detection ratio: 39 / 57
Analysis date: 2016-04-19 03:08:42 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Worm.VBS.Dunihi.W 20160419
AegisLab Worm.Script.Generic!c 20160418
ALYac Worm.VBS.Dunihi.W 20160419
Arcabit Worm.VBS.Dunihi.W 20160419
Avast VBS:Downloader-KB [Trj] 20160419
AVG ASP/BackDoor 20160419
Avira (no cloud) VBS/Dinihou.A.1 20160419
AVware Worm.VBS.Jenxcus.l (v) 20160419
BitDefender Worm.VBS.Dunihi.W 20160419
Bkav W32.MassiveVBS.TC.Worm 20160415
CAT-QuickHeal JS/Agent.PLU 20160418
Comodo UnclassifiedMalware 20160418
Cyren VBS/Dunihi.G 20160419
DrWeb Trojan.Hworm.1 20160419
Emsisoft Worm.VBS.Dunihi.W (B) 20160419
ESET-NOD32 VBS/Kryptik.R 20160419
F-Prot VBS/Dunihi.G 20160419
Fortinet VBS/Dinihou.A!tr 20160419
GData Worm.VBS.Dunihi.W 20160419
Ikarus Worm.Win32.VBS.Jenxcus 20160418
K7AntiVirus NetWorm ( 0040f5d41 ) 20160418
K7GW NetWorm ( 0040f5d41 ) 20160419
Kaspersky Worm.VBS.Dinihou.bl 20160419
McAfee VBS/Excedow 20160419
eScan Worm.VBS.Dunihi.W 20160419
NANO-Antivirus Trojan.Script.Siggen.dntiyi 20160419
nProtect Worm.VBS.Dunihi.W 20160418
Panda Generic Malware 20160417
Qihoo-360 virus.vbs.crypt.k 20160419
Sophos AV VBS/Dinihou-A 20160419
Symantec VBS.Downloader.Trojan 20160419
Tencent Vbs.Worm.Dinihou.Tayv 20160419
TotalDefense Tnega.XADZ!suspicious 20160419
TrendMicro VBS_DUNIHI.SM1 20160419
TrendMicro-HouseCall VBS_DUNIHI.SM1 20160419
VIPRE Worm.VBS.Jenxcus.l (v) 20160419
ViRobot VBS.S.Agent.101659[h] 20160419
Yandex Trojan.VBS.Udod.A 20160416
Zillya Worm.Dinihou.VBS.9 20160418
AhnLab-V3 20160418
Alibaba 20160418
Antiy-AVL 20160418
Baidu 20160418
Baidu-International 20160418
ClamAV 20160418
CMC 20160415
F-Secure 20160419
Jiangmin 20160419
Kingsoft 20160419
Malwarebytes 20160419
McAfee-GW-Edition 20160419
Microsoft 20160419
Rising 20160419
SUPERAntiSpyware 20160419
TheHacker 20160417
VBA32 20160418
Zoner 20160419
The file being studied is a Portable Executable file! More specifically, it is a Text file.
FileVersionInfo properties
Copyright
Copyright (C) ACDC 911 2012

Product ACDC 911
Version 1.0.0.1
File version 1.0.0.1
Description ACDC 911
Packers identified
Command UPX
F-PROT appended
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-15 04:41:57
Entry Point 0x0000136A
Number of sections 4
PE sections
PE imports
OpenSCManagerA
FillRgn
GetTextCharset
CreateBitmap
PolyBezierTo
EqualRgn
MaskBlt
GetROP2
CopyMetaFileA
StrokeAndFillPath
CheckColorsInGamut
ImmSetCompositionFontA
ImmSetCompositionStringA
VerLanguageNameA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
LoadLibraryW
LockResource
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
IsProcessorFeaturePresent
HeapSetInformation
HeapReAlloc
DecodePointer
InterlockedIncrement
SetHandleCount
GetConsoleCursorInfo
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
LeaveCriticalSection
GetCPInfo
GetModuleFileNameW
TlsFree
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetComputerNameA
GetACP
ScrollConsoleScreenBufferA
GetStringTypeW
GetModuleHandleW
FreeResource
LocalFree
TerminateProcess
IsValidCodePage
LoadResource
DebugActiveProcess
LocalFileTimeToFileTime
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
PrepareTape
FindResourceA
GetCurrentProcessId
SetLastError
ReadConsoleOutputA
DragAcceptFiles
DuplicateIcon
SetFocus
SendMessageTimeoutA
SetSysColors
GetScrollPos
GetCapture
GetFocus
mouse_event
GetFileVersionInfoSizeA
joyGetThreshold
midiStreamPause
mixerGetNumDevs
mmioFlush
PE exports
Number of PE resources by type
RT_RCDATA 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
FileAccessDate
2014:12:18 16:24:46+01:00

FileCreateDate
2014:12:18 16:24:46+01:00

File identification
MD5 cf5d9b3d6fc19b262c8cebfc54cbfe3d
SHA1 1092c06fb606ab364fd6bc2e354e624086b244aa
SHA256 ca717c3c24eade2e3edb3be7ed7d662e2e3e3116ee54bcb76070d822dffe715f
ssdeep
384:8f4So8ot5orHoYbBX8oxbytb9snoooWo00dkrf5JWpId0U:C/UG0U

File size 99.3 KB ( 101659 bytes )
File type Text
Magic literal
ASCII text, with very long lines, with CRLF line terminators

TrID Unknown!
Tags
text usb-autorun

VirusTotal metadata
First submission 2013-08-23 03:20:02 UTC ( 5 years, 6 months ago )
Last submission 2017-01-16 17:34:12 UTC ( 2 years, 1 month ago )
File names jbjoluoezz. (2).vbs
game skype.vbs
game_skype.vbs
gzrwrzedkb..vbs
game skype.vbs
file-5990973_vbs
game skype.vbs
jbjoluoezz..vbs
game skype.vbs1
game skype.vbs
game skype.vbs
game skype.vb_
game skype.vbs
game skype.vbs
game skype.vbs
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!