× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dcd62325869a97bc9653b728686f8e1299c063b504cf5d513f35e6519d44df58
File name: 47FE.exe
Detection ratio: 46 / 59
Analysis date: 2017-02-26 04:44:37 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.43186 20170226
AegisLab Worm.W32.Ngrbot!c 20170226
AhnLab-V3 Backdoor/Win32.Ruskill.R107953 20170225
ALYac Gen:Variant.Symmi.43186 20170225
Antiy-AVL Worm/Win32.Ngrbot 20170226
Arcabit Trojan.Symmi.DA8B2 20170226
Avast Win32:GenMalicious-YS [Trj] 20170226
AVG Inject2.AESI 20170226
Avira (no cloud) WORM/Ngrbot.oakdf 20170225
AVware Trojan.Win32.Generic!BT 20170226
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170224
BitDefender Gen:Variant.Symmi.43186 20170226
Bkav W32.Clod714.Trojan.8238 20170225
Comodo UnclassifiedMalware 20170226
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Gen:Variant.Symmi.43186 (B) 20170226
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/Injector.BDIM 20170226
F-Secure Gen:Variant.Symmi.43186 20170226
Fortinet W32/Injector.ADYQ!tr 20170226
GData Gen:Variant.Symmi.43186 20170226
Ikarus Backdoor.Win32.Ruskill 20170225
Sophos ML generic.a 20170203
Jiangmin KVBASE 20170226
K7AntiVirus Trojan ( 004ec86d1 ) 20170226
K7GW Trojan ( 004ec86d1 ) 20170226
Kaspersky Worm.Win32.Ngrbot.aecb 20170226
McAfee Trojan-FABL!9740E33ED6C0 20170225
McAfee-GW-Edition BehavesLike.Win32.Downloader.ct 20170226
eScan Gen:Variant.Symmi.43186 20170226
NANO-Antivirus Trojan.Win32.Ngrbot.ebkinr 20170226
nProtect Worm/W32.Ngrbot.155648.G 20170226
Panda Trj/Dtcontx.L 20170225
Qihoo-360 HEUR/Malware.QVM03.Gen 20170226
Sophos AV Mal/Generic-S 20170226
SUPERAntiSpyware Trojan.Agent/Gen-Ngrbot 20170225
Symantec Trojan.Zbot 20170224
Tencent Win32.Worm.Ngrbot.Hsrw 20170226
TrendMicro TROJ_SPNR.03FJ14 20170226
TrendMicro-HouseCall TROJ_SPNR.03FJ14 20170226
VBA32 TScope.Trojan.VB 20170224
VIPRE Trojan.Win32.Generic!BT 20170226
ViRobot Backdoor.Win32.U.Ruskill.90112[h] 20170225
Webroot Malicious 20170226
Yandex Worm.Ngrbot!wNAgzUTdZ6Y 20170225
Zillya Worm.Ngrbot.Win32.7247 20170224
Alibaba 20170224
CAT-QuickHeal 20170225
ClamAV 20170226
CMC 20170225
Cyren 20170226
DrWeb 20170226
F-Prot 20170226
Kingsoft 20170226
Malwarebytes 20170226
Microsoft 20170226
Rising None
TheHacker 20170223
TotalDefense 20170225
Trustlook 20170226
WhiteArmor 20170222
Zoner 20170226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-23 04:38:01
Entry Point 0x0000132C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32i
__vbaChkstk
__vbaGenerateBoundsError
__vbaVarDup
Ord(516)
__vbaAryCopy
_adj_fdivr_m64
__vbaErase
_adj_fprem
__vbaLenBstr
Ord(525)
__vbaFreeStrList
_adj_fpatan
__vbaFreeObjList
__vbaUI1Str
__vbaInStr
Ord(717)
__vbaExceptHandler
__vbaFreeVarList
Ord(632)
__vbaFPException
__vbaAryVar
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
Zombie_GetTypeInfo
__vbaFreeVar
Ord(570)
__vbaI2Str
Ord(619)
__vbaMidStmtBstr
__vbaFreeObj
__vbaFileOpen
_adj_fdiv_m64
__vbaGet3
__vbaHresultCheckObj
__vbaAryLock
_CIsin
Ord(711)
__vbaStrCopy
_allmul
__vbaStrVarVal
_CIcos
EVENT_SINK_QueryInterface
__vbaFileClose
__vbaAryUnlock
__vbaVar2Vec
__vbaErrorOverflow
Ord(608)
__vbaNew2
Ord(644)
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaVarTstNe
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaVarCopy
_CItan
__vbaI2I4
CallWindowProcW
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
SPANISH MODERN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
28.0

ImageVersion
1.0

FileVersionNumber
1.0.0.0

LanguageCode
Spanish (Modern)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
114688

EntryPoint
0x132c

MIMEType
application/octet-stream

TimeStamp
2012:08:23 05:38:01+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Propie

CodeSize
40960

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9740e33ed6c06c65a041bfcf20e2b20a
SHA1 2dfc5f74bcbb40ef410a6c0936cecb1bb53f8387
SHA256 dcd62325869a97bc9653b728686f8e1299c063b504cf5d513f35e6519d44df58
ssdeep
768:ewSmkH0KxYsUPLqh13xsRrUGZPRh6aNjsyfjXgnW1kRN40GZO28CPnW1t/:fS0KxYs50QGtLjTzgMYN40sO2pMt

authentihash c93d47cb61d0755a0c76dd03038dffa79766c11ebcf580613b34b340b9057776
imphash 3daeb171c2c7b0a7c409bc88a1201ab5
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 system file

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2014-05-07 18:14:21 UTC ( 4 years, 10 months ago )
Last submission 2014-05-07 18:14:21 UTC ( 4 years, 10 months ago )
File names 47FE.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.