× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d4b9b7343ea1c925217ea41630d31e66a6cec021b784fc4de0e2bbef4d10ef85
File name: ccc4cbd091ae4f4a1a02306f89f0954c
Detection ratio: 24 / 56
Analysis date: 2014-12-21 21:31:25 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.519548 20141221
Yandex TrojanSpy.Zbot!IKTWENs6mGo 20141221
ALYac Gen:Variant.Kazy.519548 20141221
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141221
AVG Zbot.WCH 20141221
Baidu-International Trojan.Win32.Zbot.apY 20141221
BitDefender Gen:Variant.Kazy.519548 20141221
Bkav HW32.Packed.A93F 20141220
ByteHero Virus.Win32.Heur.p 20141221
Emsisoft Gen:Variant.Kazy.519548 (B) 20141221
ESET-NOD32 a variant of Win32/Injector.BRLV 20141221
F-Secure Gen:Variant.Kazy.519548 20141221
Fortinet W32/Zbot.USCZ!tr 20141221
GData Gen:Variant.Kazy.519548 20141221
Ikarus Trojan.Win32.Injector 20141221
Kaspersky Trojan-Spy.Win32.Zbot.uscz 20141221
Malwarebytes Trojan.Zbot 20141221
McAfee RDN/Generic PWS.y!bcd 20141221
McAfee-GW-Edition BehavesLike.Win32.VBObfus.dc 20141221
Microsoft PWS:Win32/Zbot.gen!VM 20141221
eScan Gen:Variant.Kazy.519548 20141221
Panda Generic Suspicious 20141221
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20141221
Sophos AV Mal/Generic-S 20141221
AegisLab 20141221
AhnLab-V3 20141221
Avast 20141221
Avira (no cloud) 20141221
AVware 20141221
CAT-QuickHeal 20141219
ClamAV 20141221
CMC 20141218
Comodo 20141221
Cyren 20141221
DrWeb 20141221
F-Prot 20141221
Jiangmin 20141221
K7AntiVirus 20141219
K7GW 20141220
Kingsoft 20141221
NANO-Antivirus 20141221
Norman 20141221
nProtect 20141219
Rising 20141218
SUPERAntiSpyware 20141221
Symantec 20141221
Tencent 20141221
TheHacker 20141219
TotalDefense 20141221
TrendMicro 20141221
TrendMicro-HouseCall 20141221
VBA32 20141221
VIPRE 20141221
ViRobot 20141221
Zillya 20141221
Zoner 20141219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Free file storage service. Share files with your friends and colleagues, access yo...
Product DecemberCalender
Original name DecemberCalender.exe
Internal name DecemberCalender
File version 1.00.0066
Description Free file storage service. Share files with your friends and colleagues, access your account
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-15 10:26:02
Entry Point 0x00001530
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaObjVar
Ord(537)
_adj_fdiv_r
__vbaUI1I2
__vbaObjSetAddref
__vbaFixstrConstruct
Ord(100)
__vbaHresultCheckObj
_CIlog
Ord(616)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaAryCopy
__vbaFreeStr
Ord(631)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaI4Str
__vbaLenBstr
__vbaResume
__vbaStrToUnicode
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaVarTstLt
__vbaFreeVar
__vbaFileOpen
_CIsin
Ord(711)
__vbaAryLock
EVENT_SINK_Release
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaVarLateMemCallSt
__vbaChkstk
__vbaLsetFixstr
__vbaAryUnlock
__vbaVarLateMemSt
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
Ord(578)
__vbaExitProc
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaVarSub
__vbaVarTstGt
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
_adj_fdiv_m32
Ord(685)
Ord(712)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
Ord(632)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
Ord(526)
_CIsqrt
_CIatan
__vbaLateMemCall
__vbaObjSet
Ord(608)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
Number of PE resources by type
RT_ICON 11
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
28672

ImageVersion
1.0

ProductName
DecemberCalender

FileVersionNumber
1.0.0.66

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
DecemberCalender.exe

MIMEType
application/octet-stream

FileVersion
1.00.0066

TimeStamp
2014:12:15 11:26:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DecemberCalender

FileAccessDate
2014:12:21 22:31:39+01:00

ProductVersion
1.00.0066

FileDescription
Free file storage service. Share files with your friends and colleagues, access your account

OSVersion
4.0

FileCreateDate
2014:12:21 22:31:39+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Free file storage service. Share files with your friends and colleagues, access your account

CodeSize
45056

FileSubtype
0

ProductVersionNumber
1.0.0.66

EntryPoint
0x1530

ObjectFileType
Executable application

File identification
MD5 ccc4cbd091ae4f4a1a02306f89f0954c
SHA1 be14cf697b0ff84264c51231839ec73c064caca5
SHA256 d4b9b7343ea1c925217ea41630d31e66a6cec021b784fc4de0e2bbef4d10ef85
ssdeep
3072:JNKDde/Owqh12SQ4hNSrxlzkNT8NgQez5ilBLotJ5zrX1t5bFHfeiJv58vQkBe3:N2Q3vkWazQlZOJJrFBpAQQe3

authentihash e30dd46ae1e5c2bddda16728989a5d0df8deb156ac8a5d9863d28211910e26ff
imphash 32f1f66b4a0bd7745d9907bb75d3b66c
File size 237.6 KB ( 243297 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-21 21:31:25 UTC ( 4 years, 3 months ago )
Last submission 2014-12-21 21:31:25 UTC ( 4 years, 3 months ago )
File names ccc4cbd091ae4f4a1a02306f89f0954c
DecemberCalender.exe
DecemberCalender
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.