× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ccee2c8c0cbc5515d9ab4b552c081c3d6bf7c55c1be1b81d502a11546d5e4a71
File name: c094dc5205506e600bd78d2db3d551d224f7b9dd
Detection ratio: 19 / 48
Analysis date: 2014-01-05 14:26:28 UTC ( 3 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.37160 20140105
AhnLab-V3 Trojan/Win32.Zbot 20140105
AntiVir TR/Dropper.VB.Gen8 20140105
Avast Win32:Malware-gen 20140105
AVG Luhe.Gen.C 20140105
BitDefender Gen:Variant.Symmi.37160 20140105
Emsisoft Gen:Variant.Symmi.37160 (B) 20140105
ESET-NOD32 a variant of Win32/Injector.AUMI 20140105
F-Secure Gen:Variant.Symmi.37160 20140105
GData Gen:Variant.Symmi.37160 20140105
Ikarus Trojan-Spy.Win32.Zbot 20140105
Kaspersky Trojan-Spy.Win32.Zbot.rcga 20140105
Malwarebytes Trojan.Zbot.RV 20140105
eScan Gen:Variant.Symmi.37160 20140105
Panda Generic Malware 20140104
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140105
Sophos Mal/Generic-S 20140105
Symantec Trojan.Zbot 20140105
VIPRE Trojan.Win32.Generic!BT 20140105
Yandex 20140105
Antiy-AVL 20140104
Baidu-International 20131213
Bkav 20140105
ByteHero 20131227
CAT-QuickHeal 20140105
ClamAV 20140102
Commtouch 20140105
Comodo 20140105
DrWeb 20140105
F-Prot 20140105
Fortinet 20140105
Jiangmin 20140104
K7AntiVirus 20140103
K7GW 20140103
Kingsoft 20130829
McAfee 20140105
McAfee-GW-Edition 20140105
Microsoft 20140105
NANO-Antivirus 20140105
Norman 20140105
nProtect 20140103
SUPERAntiSpyware 20140105
TheHacker 20140105
TotalDefense 20140105
TrendMicro 20140105
TrendMicro-HouseCall 20140105
VBA32 20140105
ViRobot 20140105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright © 1998-2005 Mark Russinovich

Publisher RoseCitySoftware
Product Dhobie smokysee oryctolo retanned
Original name Nonindiv.exe
Internal name Nonindiv
File version 1.00.0002
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-27 18:17:03
Entry Point 0x00001330
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
Ord(554)
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
_CIsin
_adj_fdivr_m64
_adj_fprem
Ord(572)
Ord(712)
_adj_fpatan
Ord(586)
EVENT_SINK_AddRef
__vbaCyStr
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaFPInt
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaObjSetAddref
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
Ord(696)
_CIlog
__vbaI2Cy
_CIcos
Ord(616)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(593)
Ord(664)
Ord(672)
__vbaI4Var
__vbaVarMove
Ord(703)
_CIatan
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
_CItan
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
File identification
MD5 b55aa3397865549a60b6df4ce041eaf9
SHA1 c094dc5205506e600bd78d2db3d551d224f7b9dd
SHA256 ccee2c8c0cbc5515d9ab4b552c081c3d6bf7c55c1be1b81d502a11546d5e4a71
ssdeep
6144:/NkXUNVJ9Dp75HZ/9LLa0YesRrI96LMbi+jjhFw3/mrAXD632NXiA/zmB24NkXUo:liEhFwvLMwZ

File size 248.5 KB ( 254464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-05 14:26:28 UTC ( 3 years, 3 months ago )
Last submission 2014-01-05 14:26:28 UTC ( 3 years, 3 months ago )
File names Nonindiv
Nonindiv.exe
c094dc5205506e600bd78d2db3d551d224f7b9dd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.