× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d0c574173753f4859e8a4d238d5adbc1a5c30a5f920c82d943aedc5ead19d7b0
File name: vt-upload-s8_x6
Detection ratio: 26 / 53
Analysis date: 2014-07-07 23:41:57 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.11466421 20140707
AhnLab-V3 Spyware/Win32.Zbot 20140707
Avast Win32:Malware-gen 20140707
BitDefender Trojan.Generic.11466421 20140707
Bkav HW32.CDB.3f91 20140707
ByteHero Virus.Win32.Heur.p 20140708
CMC Heur.Win32.Veebee.1!O 20140707
Comodo UnclassifiedMalware 20140707
Emsisoft Trojan.Generic.11466421 (B) 20140707
ESET-NOD32 a variant of Win32/Injector.BHAY 20140707
F-Secure Trojan.Generic.11466421 20140707
Fortinet W32/Zbot.BHAY!tr 20140707
GData Trojan.Generic.11466421 20140707
Ikarus HackTool.Win32.VB 20140707
Kaspersky Trojan-Spy.Win32.Zbot.tkwj 20140707
Kingsoft Win32.Troj.Zbot.tk.(kcloud) 20140708
Malwarebytes Trojan.Dorkbot.ED 20140707
McAfee PWSZbot-FBTJ!AD5C5FACBD82 20140707
McAfee-GW-Edition PWSZbot-FBTJ!AD5C5FACBD82 20140707
eScan Trojan.Generic.11466421 20140707
Qihoo-360 HEUR/Malware.QVM03.Gen 20140708
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140707
Sophos AV Mal/Generic-S 20140707
Tencent Win32.Trojan-spy.Zbot.Lohw 20140708
TrendMicro-HouseCall TROJ_GEN.R08JH06G414 20140708
VIPRE Trojan.Win32.Boaxxe.ljb (v) 20140707
AegisLab 20140707
Yandex 20140707
AntiVir 20140707
AVG 20140707
Baidu-International 20140707
CAT-QuickHeal 20140707
ClamAV 20140707
Commtouch 20140707
DrWeb 20140707
F-Prot 20140707
Jiangmin 20140707
K7AntiVirus 20140707
K7GW 20140707
Microsoft 20140707
NANO-Antivirus 20140707
Norman 20140707
nProtect 20140707
Panda 20140707
SUPERAntiSpyware 20140707
Symantec 20140707
TheHacker 20140704
TotalDefense 20140707
TrendMicro 20140707
VBA32 20140707
ViRobot 20140707
Zillya 20140707
Zoner 20140704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Copyright (C) 2005-2013 by SUPERAntiSpyware
Product Haveable
Original name Superinf.exe
Internal name Superinf
File version 1.09.0002
Description Umbilica nemer
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-02 15:44:14
Entry Point 0x00001404
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
_adj_fpatan
__vbaEnd
__vbaRedim
_allmul
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
__vbaR4Var
Ord(678)
Ord(685)
Ord(545)
Ord(512)
Ord(663)
EVENT_SINK_AddRef
__vbaFpCDblR8
Ord(714)
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_CIexp
__vbaStrVarMove
_adj_fdivr_m16i
EVENT_SINK_Release
Ord(563)
Ord(589)
Ord(100)
__vbaUI1I2
__vbaFreeVar
__vbaObjSetAddref
_adj_fdiv_r
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(614)
__vbaVarMul
__vbaAryLock
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
Ord(577)
__vbaObjSet
__vbaI4Var
__vbaFpI4
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
Ord(541)
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
_CItan
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
28672

ImageVersion
1.9

ProductName
Haveable

FileVersionNumber
1.9.0.2

UninitializedDataSize
0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Superinf.exe

MIMEType
application/octet-stream

FileVersion
1.09.0002

TimeStamp
2014:07:02 16:44:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Superinf

FileAccessDate
2014:07:08 00:46:21+01:00

ProductVersion
1.09.0002

FileDescription
Umbilica nemer

OSVersion
4.0

FileCreateDate
2014:07:08 00:46:21+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Copyright (C) 2005-2013 by SUPERAntiSpyware

CodeSize
294912

FileSubtype
0

ProductVersionNumber
1.9.0.2

EntryPoint
0x1404

ObjectFileType
Executable application

File identification
MD5 ad5c5facbd82c47170255ff9a7986b91
SHA1 6b1e38a6c275ebd5f69412ab159c9ece533a2a66
SHA256 d0c574173753f4859e8a4d238d5adbc1a5c30a5f920c82d943aedc5ead19d7b0
ssdeep
6144:diRFU21bDZQtaOX0S3agpBcXwKRq3LIzfUzY:d+U29DSta6DpBARFfcY

imphash 50859e78855a971a92bf0a442ba2f134
File size 318.9 KB ( 326553 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-07 23:41:57 UTC ( 4 years, 5 months ago )
Last submission 2014-07-07 23:41:57 UTC ( 4 years, 5 months ago )
File names Superinf.exe
Superinf
vt-upload-s8_x6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.