× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cb8757540e6d60e95a2187e734fec2d64fe5010f79b2e5fc2b1f7cc0291e8b89
File name: image
Detection ratio: 9 / 47
Analysis date: 2013-09-12 18:47:28 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Fareit 20130912
AntiVir TR/Dropper.Gen 20130912
Avast Win32:Injector-BIG [Trj] 20130912
ESET-NOD32 a variant of Win32/Spy.KeyLogger.OCI 20130912
Kaspersky Trojan.Win32.Agent.absqx 20130912
Malwarebytes Trojan.Inject.VB 20130912
McAfee W32/Worm-FMC!C4EB4BD4B687 20130912
McAfee-GW-Edition W32/Worm-FMC!C4EB4BD4B687 20130912
Rising Suspicious 20130912
Yandex 20130912
Antiy-AVL 20130912
AVG 20130912
Baidu-International 20130912
BitDefender 20130912
ByteHero 20130903
CAT-QuickHeal 20130912
ClamAV 20130912
Commtouch 20130912
Comodo 20130912
DrWeb 20130912
Emsisoft 20130912
F-Prot 20130912
F-Secure 20130912
Fortinet 20130912
GData 20130912
Ikarus 20130912
Jiangmin 20130903
K7AntiVirus 20130912
K7GW 20130912
Kingsoft 20130829
Microsoft 20130912
eScan 20130912
NANO-Antivirus 20130911
Norman 20130912
nProtect 20130912
Panda 20130912
PCTools 20130912
Sophos AV 20130912
SUPERAntiSpyware 20130912
Symantec 20130912
TheHacker 20130912
TotalDefense 20130911
TrendMicro 20130912
TrendMicro-HouseCall 20130912
VBA32 20130912
VIPRE 20130912
ViRobot 20130912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher From
Product From
Original name 1.exe
Internal name 1
File version 56.23.0078
Description From
Comments From
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-11 23:48:16
Entry Point 0x00001C38
Number of sections 3
PE sections
Overlays
MD5 37c3d5ffdd83a7e7a0e5d6176b5700a3
File type ASCII text
Offset 647168
Size 52
Entropy 4.25
PE imports
_adj_fdivr_m64
Ord(518)
__vbaGenerateBoundsError
_allmul
Ord(616)
_adj_fprem
__vbaAryMove
__vbaObjVar
Ord(537)
_adj_fdiv_r
__vbaRecAnsiToUni
__vbaObjSetAddref
Ord(517)
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaLateIdCall
Ord(306)
__vbaRecUniToAnsi
__vbaFreeVar
__vbaFreeStr
Ord(670)
__vbaLateIdCallLd
__vbaStrI2
__vbaStrR8
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(689)
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
Ord(617)
Ord(681)
Ord(576)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarTstLt
__vbaDerefAry1
__vbaVarSetObjAddref
Ord(608)
__vbaBoolVarNull
Ord(100)
__vbaFileOpen
__vbaI2Str
_CIsin
Ord(711)
EVENT_SINK_Release
__vbaVarTstEq
Ord(667)
Ord(716)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaLsetFixstr
__vbaStrCmp
__vbaAryCopy
__vbaVarLateMemSt
__vbaStrVarCopy
__vbaFreeObjList
__vbaVarCmpGt
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaVarOr
__vbaVarTstNe
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
__vbaVarTstGt
Ord(690)
_CIcos
Ord(528)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
_adj_fdiv_m32
__vbaLenVar
__vbaEnd
__vbaPutOwner4
__vbaVarCmpEq
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
__vbaVarForInit
Ord(300)
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
Ord(526)
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
Ord(529)
__vbaObjSet
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI2
Number of PE resources by type
CUSTOM 5
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
From

LinkerVersion
6.0

ImageVersion
56.23

FileSubtype
0

FileVersionNumber
56.23.0.78

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
512000

EntryPoint
0x1c38

OriginalFileName
1.exe

MIMEType
application/octet-stream

FileVersion
56.23.0078

TimeStamp
2013:09:12 00:48:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
1

SubsystemVersion
4.0

ProductVersion
56.23.0078

FileDescription
From

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
From

CodeSize
139264

ProductName
From

ProductVersionNumber
56.23.0.78

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c4eb4bd4b687bf847d6f8051f5d3c242
SHA1 01c394c5217ff258dabcd2dff0f371a838dac5da
SHA256 cb8757540e6d60e95a2187e734fec2d64fe5010f79b2e5fc2b1f7cc0291e8b89
ssdeep
12288:tbqGiyj7zJBMOkce9dgHs+UTVhdK12cJOs60M:MGNJyOkPj+UXoIUN6f

authentihash d29b9c5b2b23c9b252f7c6cce99c74bfe347c2b29b84876c5ebc624ec7fa3195
imphash c94e97d8396963d4aa8422c2086a3199
File size 632.1 KB ( 647220 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (47.8%)
InstallShield setup (25.1%)
Win32 Executable MS Visual C++ (generic) (18.2%)
Win32 Dynamic Link Library (generic) (3.8%)
Win32 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-09-12 18:47:28 UTC ( 3 years, 10 months ago )
Last submission 2013-09-12 18:47:28 UTC ( 3 years, 10 months ago )
File names 1
1.exe
image
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created processes
Created mutexes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications