× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d42eba38d0dc6a418946735b4d5e72568e26bc39a3b21db580c27989a2904300
File name: tubrans.exe
Detection ratio: 42 / 46
Analysis date: 2013-01-21 23:45:57 UTC ( 6 years, 2 months ago )
Antivirus Result Update
Yandex Trojan.DL.VB!0szk6KF7FEI 20130121
AhnLab-V3 Win-Adware/Zlob.45056.B 20130121
AntiVir TR/Dldr.VB.wtb 20130121
Avast Win32:Malware-gen 20130122
AVG Downloader.VB.ECM 20130121
BitDefender Trojan.Generic.KD.8026 20130122
CAT-QuickHeal TrojanDownloader.VB.wtb 20130121
ClamAV Win.Trojan.Downloader-1640 20130121
Commtouch W32/Trojan2.MLPV 20130121
Comodo UnclassifiedMalware 20130122
DrWeb Trojan.DownLoad2.38911 20130122
Emsisoft Trojan.Downloader.Win32.VB.AMN (A) 20130121
eSafe Win32.TRDldr.VB.Wtb 20130120
ESET-NOD32 Win32/TrojanDownloader.VB.OGE 20130121
F-Prot W32/Trojan2.MLPV 20130121
F-Secure Trojan.Generic.KD.8026 20130122
Fortinet W32/VB.WTB!tr.dldr 20130121
GData Trojan.Generic.KD.8026 20130121
Ikarus Trojan.Win32.VB 20130121
Jiangmin TrojanDownloader.VB.wug 20121221
K7AntiVirus Trojan 20130121
Kaspersky Trojan-Downloader.Win32.VB.wtb 20130121
Kingsoft Win32.TrojDownloader.VB.(kcloud) 20130121
Malwarebytes Trojan.VB 20130121
McAfee Generic Downloader.x!drw 20130122
McAfee-GW-Edition Generic Downloader.x!drw 20130121
Microsoft TrojanDownloader:Win32/Troxen!rts 20130121
eScan Trojan.Generic.KD.8026 20130122
NANO-Antivirus Trojan.Win32.VB.dtohf 20130121
Norman W32/VBTroj.CVYC 20130121
nProtect Trojan/W32.Small.45056.ALP 20130121
Panda Adware/AccesMembre 20130121
PCTools 34762 20130121
Rising Trojan.Win32.Generic.12A67AE8 20130121
Sophos AV Mal/Generic-L 20130121
Symantec Downloader 20130121
TheHacker Trojan/Downloader.VB.wtb 20130121
TrendMicro TROJ_GEN.R47C1HD 20130122
TrendMicro-HouseCall TROJ_GEN.R47C1HD 20130121
VBA32 Trojan-Downloader.VB.wtb 20130121
VIPRE Trojan.Win32.Generic!BT 20130121
ViRobot Trojan.Win32.Downloader.45056.ZC 20130121
Antiy-AVL 20130121
ByteHero 20130121
SUPERAntiSpyware 20130121
TotalDefense 20130121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher tubrans
Product tubrans
Original name tubrans.exe
Internal name tubrans
File version 3.03.0001
Comments tubrans
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-19 21:35:13
Entry Point 0x00001700
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
_CIcos
__vbaEnd
__vbaGenerateBoundsError
__vbaVarDup
_adj_fpatan
_adj_fdivr_m64
_adj_fprem
__vbaFreeObjList
__vbaLenBstr
__vbaObjVar
__vbaR8IntI2
Ord(594)
__vbaFixstrConstruct
__vbaStrToUnicode
__vbaVarIndexLoad
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaForEachCollObj
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
EVENT_SINK_Release
_adj_fdiv_r
Ord(100)
__vbaVarAdd
_CItan
__vbaFreeVar
__vbaCastObjVar
__vbaLateMemCallLd
EVENT_SINK_AddRef
__vbaObjSetAddref
__vbaNextEachCollObj
__vbaAryConstruct2
_adj_fdiv_m64
_CIlog
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(711)
_allmul
__vbaStrVarVal
__vbaLsetFixstr
Ord(616)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(685)
Ord(593)
__vbaLateIdCall
__vbaObjSet
Ord(607)
_CIatan
__vbaFreeStr
__vbaErrorOverflow
__vbaLateIdSt
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
Ord(598)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
ExifTool file metadata
LegalTrademarks
tubrans

UninitializedDataSize
0

Comments
tubrans

InitializedDataSize
12288

ImageVersion
3.3

FileSubtype
0

FileVersionNumber
3.3.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
3.03.0001

TimeStamp
2010:04:19 22:35:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
tubrans

ProductVersion
3.03.0001

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
tubrans.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
tubrans

CodeSize
28672

ProductName
tubrans

ProductVersionNumber
3.3.0.1

EntryPoint
0x1700

ObjectFileType
Executable application

File identification
MD5 5e7c398812b5e4d5bf7082b2bbb39913
SHA1 0700f767fa32c7d16cf158636885e7c1b9cf4c2e
SHA256 d42eba38d0dc6a418946735b4d5e72568e26bc39a3b21db580c27989a2904300
ssdeep
768:+qQdCiR+IFXnt1riKzMIxUfwCRY3nY7ONWIxdf:qrlCKR+ONWIXf

File size 44.0 KB ( 45056 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (96.9%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-04-20 04:57:31 UTC ( 9 years ago )
Last submission 2012-12-25 15:51:58 UTC ( 6 years, 3 months ago )
File names 004.exe
tubrans
dwn.exe
LB_EC100420AAGBK-000004
EC100420AAGBK-000004.exe
1.exe
1271788232.eacsnd.exe
eacsnd.exe-20apr10.txt
eacsnd.exe
5e7c398812b5e4d5bf7082b2bbb39913
3BED6CBD00728374B028007D7B904100F53AD904.exe
daupdate.exe
tubrans.exe
smona127188171315640868395
000004.exe
output.522635.txt
wmpscnfg.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!