× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dd04f0da3862106b9b1c86d18abd194896f3f8c2230e1c6db8e45fa547d86f21
File name: ver_mensaje.exe
Detection ratio: 10 / 44
Analysis date: 2012-12-12 05:41:54 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Worm/Win32.VBNA 20121211
AntiVir BDS/Ruskill.hak.1 20121212
ByteHero Virus.Win32.Heur.p 20121130
Fortinet W32/AutoRun.DVXZ!worm 20121212
Kaspersky Backdoor.Win32.Ruskill.hak 20121212
Kingsoft Win32.Troj.Undef.(kcloud) 20121210
Microsoft Worm:Win32/Dorkbot.A 20121212
Panda Suspicious file 20121211
TrendMicro-HouseCall TROJ_GEN.RFFH1LB 20121212
ViRobot Backdoor.Win32.A.Ruskill.166407 20121212
Yandex 20121211
Antiy-AVL 20121211
Avast 20121212
AVG 20121211
BitDefender 20121212
CAT-QuickHeal 20121212
ClamAV 20121212
Commtouch 20121212
Comodo 20121212
DrWeb 20121212
Emsisoft 20121212
eSafe 20121210
ESET-NOD32 20121211
F-Prot 20121212
F-Secure 20121212
GData 20121212
Ikarus 20121212
Jiangmin 20121212
K7AntiVirus 20121211
Malwarebytes 20121212
McAfee 20121212
McAfee-GW-Edition 20121212
eScan 20121212
NANO-Antivirus 20121212
Norman 20121211
nProtect 20121211
Rising 20121212
Sophos AV 20121212
SUPERAntiSpyware 20121212
Symantec 20121212
TheHacker 20121211
TotalDefense 20121211
TrendMicro 20121212
VIPRE 20121212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Borric
Product Borricu
Original name Borricua.exe
Internal name Borricua
File version 777.8778.0777
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-18 20:06:00
Entry Point 0x00001448
Number of sections 3
PE sections
Overlays
MD5 97e5848ca766e18988dc19fc52344d37
File type data
Offset 73728
Size 92679
Entropy 6.57
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
_adj_fdiv_r
__vbaObjSetAddref
__vbaMidStmtBstr
Ord(100)
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(595)
_adj_fptan
__vbaFileClose
__vbaAryCopy
__vbaFreeStr
__vbaUI1Str
__vbaStrI2
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaLenBstr
Ord(525)
Ord(617)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaFileOpen
__vbaI2Str
Ord(711)
Ord(606)
_CIsqrt
EVENT_SINK_Release
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaStrCmp
Ord(570)
__vbaErase
__vbaFreeObjList
Ord(650)
__vbaVar2Vec
__vbaFreeVarList
Ord(631)
__vbaStrVarMove
__vbaExitProc
__vbaVarTstNe
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
Ord(573)
_CIcos
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
_adj_fdiv_m32
Ord(644)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
_CIsin
__vbaAryLock
__vbaVarCopy
_CIatan
__vbaFpR8
__vbaObjSet
Ord(608)
_CIexp
__vbaStrToAnsi
_CItan
CallWindowProcW
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
SPANISH MODERN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
24576

ImageVersion
777.8778

ProductName
Borricu

FileVersionNumber
777.8778.0.777

LanguageCode
Spanish (Modern)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
777.8778.0777

TimeStamp
2012:07:18 21:06:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Borricua

ProductVersion
777.8778.0777

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
Borricua.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Borric

CodeSize
45056

FileSubtype
0

ProductVersionNumber
777.8778.0.777

EntryPoint
0x1448

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6ba8c9e8bda4b10397622666211628b1
SHA1 942faaa67cea7306cf09734c52d2c8ad87149c9f
SHA256 dd04f0da3862106b9b1c86d18abd194896f3f8c2230e1c6db8e45fa547d86f21
ssdeep
3072:njP5wIQ3uYOYH/R8RN9HFSyhw5huLxuEuXdHeGs8uoPSyU:jh+etO/R8RN9HFSAw5hrEj1x

authentihash f0ea74f4afb0a37e6dad83a58e04ddd108fdb7d1309f46b58270ca72bbe5c8d4
imphash 51abea61300d3ab3b751be16e8679067
File size 162.5 KB ( 166407 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-12-11 04:23:11 UTC ( 6 years, 5 months ago )
Last submission 2012-12-30 21:22:24 UTC ( 6 years, 4 months ago )
File names c3XXqKvgs.com
6ba8c9e8bda4b10397622666211628b1
aa
Borricua.exe
ab757ffb6cb64e377ea32896b5b2593b48ef6e73
Borricua
smona_dd04f0da3862106b9b1c86d18abd194896f3f8c2230e1c6db8e45fa547d86f21.bin
ver_mensaje.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.