× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dfff036680ef5f11f7d3936a7761c6530f06058a12680cae789b4ce8ddc96500
File name: 2016-01-25-EITest-Angler-EK-post-infection-malware-2-of-2.exe.dat
Detection ratio: 33 / 56
Analysis date: 2016-01-27 14:11:48 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3010265 20160127
AegisLab W32.W.VB 20160127
ALYac Trojan.GenericKD.3010265 20160127
Antiy-AVL Trojan/Win32.VBKryjetor 20160127
Arcabit Trojan.Generic.D2DEED9 20160127
Avast Win32:Malware-gen 20160127
AVG Inject3.YNO 20160127
Avira (no cloud) TR/Injector.126976.111 20160127
BitDefender Trojan.GenericKD.3010265 20160127
Emsisoft Trojan.Win32.Injector (A) 20160127
ESET-NOD32 a variant of Win32/Injector.CQXL 20160127
F-Secure Trojan.GenericKD.3010265 20160127
Fortinet W32/Injector.CQUZ!tr 20160127
GData Trojan.GenericKD.3010265 20160127
Ikarus Trojan.Win32.Injector 20160127
Jiangmin Trojan.PSW.Tepfer.azq 20160127
K7AntiVirus Trojan ( 004dca4a1 ) 20160127
K7GW Trojan ( 004dca4a1 ) 20160127
Kaspersky Trojan.Win32.VBKryjetor.xhc 20160127
Malwarebytes Trojan.Tepfer 20160127
McAfee RDN/Generic.grp 20160127
McAfee-GW-Edition BehavesLike.Win32.VBObfus.ch 20160127
eScan Trojan.GenericKD.3010265 20160127
nProtect Trojan/W32.VBKryjetor.126976.B 20160127
Panda Generic Suspicious 20160126
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20160127
Sophos AV Troj/Zbot-KOK 20160127
Symantec Suspicious.Cloud.9 20160126
Tencent Win32.Trojan.Inject.Wnme 20160127
TrendMicro TROJ_WAUCHOS.YYSIP 20160127
TrendMicro-HouseCall TROJ_WAUCHOS.YYSIP 20160127
VIPRE Trojan.Win32.Generic!BT 20160127
ViRobot Trojan.Win32.Agent.126976.DF[h] 20160127
Yandex 20160126
AhnLab-V3 20160127
Alibaba 20160127
Baidu-International 20160127
Bkav 20160127
ByteHero 20160127
CAT-QuickHeal 20160127
ClamAV 20160127
CMC 20160111
Comodo 20160127
Cyren 20160127
DrWeb 20160127
F-Prot 20160127
Kingsoft 20160127
Microsoft 20160127
NANO-Antivirus 20160127
Rising 20160127
SUPERAntiSpyware 20160127
TheHacker 20160124
TotalDefense 20160127
VBA32 20160127
Zillya 20160127
Zoner 20160127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Motivity7
Original name Gallomaniac3.exe
Internal name Gallomaniac3
File version 1.01.0001
Description Villanously
Comments Prerecital6
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-25 14:44:07
Entry Point 0x000011C4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaPrintObj
Ord(617)
_CIcos
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(607)
_adj_fpatan
EVENT_SINK_AddRef
Ord(693)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
EVENT_SINK_Release
_adj_fptan
_CIatan
Ord(608)
__vbaNew2
_adj_fdivr_m32i
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
_CItan
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 8
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Prerecital6

LinkerVersion
6.0

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
1.1.0.1

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

FileDescription
Villanously

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
36864

EntryPoint
0x11c4

OriginalFileName
Gallomaniac3.exe

MIMEType
application/octet-stream

FileVersion
1.01.0001

TimeStamp
2016:01:25 15:44:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Gallomaniac3

ProductVersion
1.01.0001

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
90112

ProductName
Motivity7

ProductVersionNumber
1.1.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 6a003329c214286b5a923198aaaeb066
SHA1 d6ce3ecb288de8943c2b3e7d241122173767a17e
SHA256 dfff036680ef5f11f7d3936a7761c6530f06058a12680cae789b4ce8ddc96500
ssdeep
1536:FF56dPBhZbfNZILYdYEP/A3dWl0wmnyBEjlsIPhx/+sawPJLFY6MepHFqiAmhL3z:D56vfXILYGLk0vn4EjyIJc25fXIF6

authentihash 4b4b8850114740dd246c272eef243a51fd6a1a6aa7f30140f43cc109cfc1d3d8
imphash 14f52a1911e754fdc0cef5f806987651
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-25 23:09:26 UTC ( 3 years, 1 month ago )
Last submission 2018-10-23 21:29:21 UTC ( 4 months, 4 weeks ago )
File names 2016-01-25-EITest-Angler-EK-post-infection-malware-2-of-2.exe
Gallomaniac3.exe
d6ce3ecb288de8943c2b3e7d241122173767a17e.exe
Samp(26)_6.vir.rename
Gallomaniac3
2016-01-25-EITest-Angler-EK-post-infection-malware-2-of-2.exe.txt
2016-01-25-EITest-Angler-EK-post-infection-malware-2-of-2.exe.dat
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications