× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ccc8d9d3aac7eb87e1792ee99160b1a9f69de2965bd5a34ec60dc6e1a74eeb6f
File name: 5adb27b54b1621de2cf2b5c72da7c0ef
Detection ratio: 33 / 44
Analysis date: 2012-10-09 22:01:49 UTC ( 5 years ago )
Antivirus Result Update
Yandex Trojan.Buzus!KJY+OS90jaM 20121009
AhnLab-V3 Win-Trojan/Adsagent.958464 20121009
AntiVir TR/Dropper.Gen 20121009
Avast Win32:Rootkit-gen [Rtk] 20121009
AVG Dropper.Generic.CEZJ 20121009
BitDefender Trojan.Generic.2436589 20121009
Commtouch W32/VBTrojan.Dropper.4!Maximus 20121009
Comodo TrojWare.Win32.Buzus.kgrw 20121009
DrWeb Trojan.MulDrop2.23784 20121009
Emsisoft Trojan.Win32.Agent2!IK 20120919
eSafe Win32.TRDropper 20121009
ESET-NOD32 a variant of Win32/Injector.KX 20121009
F-Prot W32/VBTrojan.Dropper.4!Maximus 20121009
F-Secure Trojan.Generic.2436589 20121003
Fortinet W32/Buzus.BYLI!tr 20121009
GData Trojan.Generic.2436589 20121009
Ikarus Trojan.Win32.Agent2 20121009
Jiangmin Trojan/Buzus.acbh 20121008
K7AntiVirus Trojan 20121009
Kaspersky Trojan.Win32.Buzus.byli 20121009
McAfee Artemis!5ADB27B54B16 20121009
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20121009
Microsoft VirTool:Win32/Vtub.AB 20121009
eScan Trojan.Generic.2436589 20121009
Norman W32/Suspicious_Gen2.HKNMH 20121009
nProtect Trojan.Generic.2436589 20121009
Panda Suspicious file 20121009
PCTools Trojan.Generic 20121009
SUPERAntiSpyware Trojan.Agent/Gen-MSFake 20121009
Symantec Trojan Horse 20121009
TheHacker Trojan/Buzus.byli 20121009
TrendMicro-HouseCall TROJ_GEN.USD0IJ 20121009
VIPRE Trojan.Win32.VBInject.gen (v) 20121009
Antiy-AVL 20121009
ByteHero 20121009
CAT-QuickHeal 20121009
ClamAV 20121009
Kingsoft 20121008
Rising 20121008
Sophos AV 20121009
TotalDefense 20121009
TrendMicro 20121009
VBA32 20121009
ViRobot 20121009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Microsoft
Product Project1
Original name Project1.exe
Internal name Project1
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-27 10:21:06
Entry Point 0x00001AF4
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(518)
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
__vbaStrMove
_adj_fprem
__vbaAryMove
__vbaRedim
Ord(537)
__vbaRecDestruct
__vbaCopyBytes
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaUI1I2
__vbaRecAnsiToUni
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(616)
_adj_fptan
__vbaFileClose
__vbaI4Var
Ord(601)
__vbaRecUniToAnsi
__vbaFreeVar
__vbaFreeStr
Ord(670)
Ord(631)
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
Ord(648)
Ord(516)
__vbaStrVarCopy
__vbaI4Str
Ord(607)
__vbaLenBstr
Ord(525)
__vbaRedimPreserve
Ord(681)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaGetOwner3
__vbaPowerR8
__vbaUbound
Ord(608)
__vbaBoolVarNull
__vbaLbound
Ord(522)
__vbaFileOpen
_CIsin
__vbaInStrVar
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
__vbaOnError
__vbaVargVarCopy
__vbaI4ErrVar
__vbaStrCat
__vbaVarDup
__vbaStrLike
__vbaChkstk
__vbaStrCmp
Ord(570)
__vbaErase
__vbaAryVarVarg
__vbaVarIndexLoad
Ord(666)
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
Ord(578)
__vbaVarLikeVar
__vbaExitProc
__vbaVarTstNe
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
__vbaVarTstGt
_CIcos
Ord(713)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
Ord(619)
Ord(563)
_adj_fdiv_m32
__vbaEnd
__vbaVarZero
__vbaPutOwner3
__vbaVarCmpEq
_adj_fpatan
Ord(712)
_adj_fdivr_m32i
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
Ord(100)
Ord(561)
__vbaUI1I4
Ord(526)
_CIsqrt
__vbaVarCopy
_CIatan
Ord(617)
Ord(644)
__vbaVarCat
__vbaFileCloseAll
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
Number of PE resources by type
Struct(1000) 28
RT_ICON 9
Struct(103) 3
Struct(102) 3
Struct(100) 3
Struct(101) 3
Struct(107) 3
Struct(111) 3
Struct(110) 3
Struct(104) 3
Struct(105) 3
Struct(108) 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 59
NEUTRAL 10
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
880640

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2008:11:27 11:21:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Project1

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
Project1.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
73728

ProductName
Project1

ProductVersionNumber
1.0.0.0

EntryPoint
0x1af4

ObjectFileType
Executable application

File identification
MD5 5adb27b54b1621de2cf2b5c72da7c0ef
SHA1 96c460a86406dfe51ebddc876f54d6b3bdfa2fba
SHA256 ccc8d9d3aac7eb87e1792ee99160b1a9f69de2965bd5a34ec60dc6e1a74eeb6f
ssdeep
24576:otQMUVjUWOlA68tuvbiHJCgCzKvlxPnqTpgwUP:6QMUVTOirZpCdzKNkTKZ

File size 936.0 KB ( 958464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2011-05-25 17:51:21 UTC ( 6 years, 5 months ago )
Last submission 2012-10-09 22:01:49 UTC ( 5 years ago )
File names Project1.exe
Project1
5adb27b54b1621de2cf2b5c72da7c0ef
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!