× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dbcd153cd3bb483413b074b6a4836f949706814fb11a2c723c4a2875600b0f27
File name: 0ff30c601ba5a2d2b39df86d28fd4450
Detection ratio: 42 / 55
Analysis date: 2014-09-22 01:02:25 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Palevo.2 20140922
Yandex Trojan.Ircbrute!oy4/KKkWmZw 20140921
AhnLab-V3 Trojan/Win32.Jorik 20140921
Antiy-AVL Trojan[Backdoor]/Win32.LolBot 20140921
Avast Win32:Rootkit-gen [Rtk] 20140922
AVG Generic17.BICJ 20140921
Avira (no cloud) TR/Dropper.Gen 20140921
AVware LooksLike.Win32.Malware!vb (v) 20140920
Baidu-International Backdoor.Win32.LolBot.aO 20140921
BitDefender Gen:Variant.Palevo.2 20140922
Bkav W32.YmfocardB.fam.Worm 20140920
CAT-QuickHeal VirTool.VBInject 20140920
Comodo TrojWare.Win32.VBInject.IK 20140921
Cyren W32/Risk.FKFX-8545 20140922
DrWeb BackDoor.IRC.Bot.260 20140922
Emsisoft Gen:Variant.Palevo.2 (B) 20140922
ESET-NOD32 a variant of Win32/Injector.ABNB 20140921
F-Prot W32/MalwareS.ECL 20140921
F-Secure Gen:Variant.Palevo.2 20140921
Fortinet W32/VBInjector.W!tr 20140922
GData Gen:Variant.Palevo.2 20140922
Ikarus Backdoor.Win32.EggDrop 20140922
K7AntiVirus Backdoor ( 04c4f72e1 ) 20140919
K7GW Backdoor ( 04c4f72e1 ) 20140919
Kaspersky Backdoor.Win32.LolBot.ak 20140922
Kingsoft Win32.Malware.Heur_Generic.A.(kcloud) 20140922
McAfee Artemis!0FF30C601BA5 20140922
McAfee-GW-Edition BehavesLike.Win32.Trojan.ch 20140921
Microsoft VirTool:Win32/VBInject.TE 20140922
eScan Gen:Variant.Palevo.2 20140922
NANO-Antivirus Trojan.Win32.LolBot.bjuluv 20140922
Norman Obfuscated.A!genr 20140921
Panda Trj/Genetic.gen 20140921
Qihoo-360 HEUR/Malware.QVM03.Gen 20140922
Sophos AV Mal/Generic-S 20140922
Symantec W32.SillyIM 20140922
Tencent Win32.Backdoor.Lolbot.Ljn 20140922
TotalDefense Win32/Pushbot.OH 20140921
VBA32 BScope.Trojan.Diple 20140919
VIPRE LooksLike.Win32.Malware!vb (v) 20140921
ViRobot Backdoor.Win32.S.LolBot.192512 20140921
Zillya Backdoor.LolBot.Win32.34 20140921
AegisLab 20140922
ByteHero 20140922
ClamAV 20140921
CMC 20140918
Jiangmin 20140921
Malwarebytes 20140922
nProtect 20140920
Rising 20140921
SUPERAntiSpyware 20140921
TheHacker 20140919
TrendMicro 20140922
TrendMicro-HouseCall 20140922
Zoner 20140919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher LTY8Khe
Product GKsx2W
Original name OHifJHKEa.exe
Internal name OHifJHKEa
File version 16.866.0326
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-22 17:19:32
Entry Point 0x00001694
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
_adj_fprem
__vbaAryMove
__vbaRedim
__vbaRaiseEvent
_adj_fdiv_r
__vbaRecAnsiToUni
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaAryUnlock
__vbaR8Str
_CIlog
_adj_fptan
__vbaFileClose
__vbaRecUniToAnsi
__vbaFreeVar
__vbaFreeStr
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaI4Str
Ord(607)
__vbaLenBstr
__vbaRedimPreserve
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaDerefAry1
Ord(608)
__vbaBoolVarNull
__vbaFileOpen
_CIsin
__vbaInStrVar
_CIsqrt
EVENT_SINK_Release
__vbaOnError
_adj_fdivr_m32i
__vbaI4ErrVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaStrCmp
__vbaErase
__vbaStrVarCopy
__vbaVarIndexLoad
Ord(666)
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
Ord(573)
_CIcos
Ord(713)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
_adj_fdiv_m32
__vbaVarZero
__vbaPutOwner3
__vbaUI1ErrVar
EVENT_SINK_AddRef
_adj_fpatan
Ord(712)
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
__vbaUI1I2
__vbaAryLock
_CIatan
Ord(644)
__vbaVarCat
__vbaStr2Vec
_CIexp
_CItan
__vbaFpI4
Number of PE resources by type
RT_ICON 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_FONTDIR 1
Number of PE resources by language
NEUTRAL 2
URDU PAKISTAN 1
TATAR DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
61440

ImageVersion
16.866

ProductName
GKsx2W

FileVersionNumber
16.866.0.326

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
16.866.0326

TimeStamp
2010:04:22 18:19:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OHifJHKEa

ProductVersion
16.866.0326

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
OHifJHKEa.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LTY8Khe

CodeSize
126976

FileSubtype
0

ProductVersionNumber
16.866.0.326

EntryPoint
0x1694

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0ff30c601ba5a2d2b39df86d28fd4450
SHA1 22f436e2c4b05b78192fec82b8f113ab3dd191fe
SHA256 dbcd153cd3bb483413b074b6a4836f949706814fb11a2c723c4a2875600b0f27
ssdeep
3072:As4CvneH+MEYNw7S/HGsSrJyDf0jhB8VtB10HoBqA:ZnZ+GMGsQywPY9KoB

authentihash c1513e310e4538ee0ad913132c1830a9013d81da27fb32fe1dbc558892f81613
imphash b714c53e7619a16f4d0ce59a9e4e2704
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-04-22 19:34:13 UTC ( 8 years, 5 months ago )
Last submission 2014-09-22 01:02:25 UTC ( 4 years ago )
File names wMZK.scr
aa
OHifJHKEa
0FF30C601BA5A2D2B39DF86D28FD4450
OHifJHKEa.exe
0ff30c601ba5a2d2b39df86d28fd4450
0fpexT.tgz
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!