× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cfdd3a78a895b3f49a39402eb28b0d2134cc3086849a41a6fdfe7d829a0d4dcd
File name: ActiveX.exe
Detection ratio: 52 / 56
Analysis date: 2016-11-10 05:58:43 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.75 20161110
AegisLab Backdoor.W32.Rbot.hyj!c 20161110
AhnLab-V3 Trojan/Win32.Bifrose.N398207098 20161109
ALYac Gen:Variant.Barys.75 20161110
Arcabit Trojan.Barys.75 20161110
Avast Win32:Rootkit-gen [Rtk] 20161110
AVG Generic_r.GUV 20161110
Avira (no cloud) TR/Crypt.CFI.Gen 20161109
AVware Packed.Win32.Rebhip.a (v) 20161110
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9980 20161110
BitDefender Gen:Variant.Barys.75 20161110
Bkav W32.KazureAJ.Trojan 20161110
CAT-QuickHeal VirTool.DelfInject.AF 20161109
CMC Trojan-Dropper.Win32.Agent!O 20161109
Comodo Backdoor.Win32.Curioso.~dy02 20161110
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Bredolab.O.gen!Eldorado 20161110
DrWeb Trojan.DownLoader.50961 20161110
Emsisoft Gen:Variant.Barys.75 (B) 20161110
ESET-NOD32 Win32/TrojanDropper.Delf.NJH 20161110
F-Prot W32/Bredolab.O.gen!Eldorado 20161110
F-Secure Trojan:W32/Agent.DQKQ 20161110
Fortinet W32/Refroso.BKBI!tr 20161110
GData Gen:Variant.Barys.75 20161110
Ikarus Virus.Win32.DelfInject 20161109
Sophos ML generic.a 20161018
Jiangmin Backdoor/RBot.tkd 20161110
K7AntiVirus Trojan ( 001788e91 ) 20161109
K7GW Trojan ( 001788e91 ) 20161110
Kaspersky Backdoor.Win32.Rbot.aliu 20161110
Kingsoft Win32.Hack.Rbot.(kcloud) 20161110
Malwarebytes Trojan.MalPack.Generic 20161110
McAfee RDN/BackDoor-CEP 20161110
McAfee-GW-Edition BehavesLike.Win32.VirRansom.gc 20161110
Microsoft TrojanDropper:Win32/Agent.BAD 20161110
eScan Gen:Variant.Barys.75 20161110
NANO-Antivirus Trojan.Win32.Llac.dvxar 20161110
nProtect Backdoor/W32.RBot.418064 20161110
Panda Generic Malware 20161109
Qihoo-360 Win32/Trojan.e6d 20161110
Rising Malware.Heuristic!ET#99% (rdm+) 20161110
Sophos AV Mal/BigMole-B 20161110
Symantec Backdoor.Bifrose!gen 20161110
Tencent Win32.Backdoor.Rbot.Dxxc 20161110
TheHacker Trojan/Dropper.Delf.njh 20161109
TrendMicro TROJ_BRDLAB.SMEP 20161110
TrendMicro-HouseCall TROJ_BRDLAB.SMEP 20161110
VBA32 Trojan.Llac 20161109
VIPRE Packed.Win32.Rebhip.a (v) 20161110
ViRobot Trojan.Win32.Z.Rbot.418064[h] 20161109
Yandex Worm.Rebhip.Gen.2 20161109
Zillya Backdoor.RBot.Win32.27870 20161108
Alibaba 20161109
Antiy-AVL 20161110
ClamAV 20161110
SUPERAntiSpyware 20161110
Zoner 20161109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1, 0, 0, 1
Description Protected Application
Comments Is protected with Teggo MoleBox 4.2321
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001004
Number of sections 4
PE sections
Overlays
MD5 b147a3cdcfdcc9499521aa2add0e5bb8
File type data
Offset 417792
Size 272
Entropy 6.68
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegSetValueA
RegDeleteValueA
RegCreateKeyA
RegEnumKeyA
RegEnumValueA
GetCurrentProcess
HeapFree
CreateFileA
GetModuleHandleA
HeapCreate
LCMapStringA
HeapDestroy
HeapAlloc
CloseHandle
VirtualProtect
ExitProcess
GetProcAddress
RtlUnwind
LoadLibraryA
wsprintfA
CreateWindowExA
SetWindowLongA
CloseWindow
CharLowerBuffA
Number of PE resources by type
RT_ICON 1
Struct(25) 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Is protected with Teggo MoleBox 4.2321

LinkerVersion
4.21

ImageVersion
0.0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x1004

MIMEType
application/octet-stream

FileVersion
1, 0, 0, 1

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 1

FileDescription
Protected Application

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
397312

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 185c8d11c0611cae7c81f4458bf1adea
SHA1 6128cc714ab2c12a3fe6e18991e1172a2bbdc1a1
SHA256 cfdd3a78a895b3f49a39402eb28b0d2134cc3086849a41a6fdfe7d829a0d4dcd
ssdeep
12288:x+uEVYYmBd2VgoWNKKliZ8qRP/FwKSJeku:xVEVYYU2AK8qRXFmJW

authentihash 7c3f55660b5f051ba6d114a5fda1f317d3fd13431d411e343980589e5f417471
imphash 39165092bc84217b39cecd014bee10b0
File size 408.3 KB ( 418064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-08-06 20:03:40 UTC ( 5 years, 11 months ago )
Last submission 2016-11-10 05:58:43 UTC ( 8 months, 1 week ago )
File names 9623050f-3203-4a96-b297-99a83c7c463d
ActiveX.exe
08.exe
ActiveX.exe
1042745
output.1671433.txt
file-4122874_exe
90e28dd5-b509-449b-9c55-c5a6aa1c4044
ActiveX.exe
ActiveX.exe
0e46d7be-81da-4526-aa08-fea7494d9f76
myfile
185c8d11c0611cae7c81f4458bf1adea.exe
1671433
ActiveX.ex_
185C8D11C0611CAE7C81F4458BF1ADEA
185c8d11c0611cae7c81f4458bf1adea
test.txt
cfdd3a78a895b3f49a39402eb28b0d2134cc3086849a41a6fdfe7d829a0d4dcd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!