× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0d7a54661c15babb931071a6cd6be0a7457bb435f088a5d283a753850b4b01d
File name: taller.exe
Detection ratio: 33 / 70
Analysis date: 2019-02-27 04:43:40 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.41040872 20190227
ALYac Trojan.GenericKD.41040872 20190227
Arcabit Trojan.Generic.D2723BE8 20190227
Avast FileRepMalware 20190227
AVG FileRepMalware 20190227
Avira (no cloud) TR/Spy.Noon.dwlix 20190226
BitDefender Trojan.GenericKD.41040872 20190227
CrowdStrike Falcon (ML) win/malicious_confidence_60% (W) 20190212
Cylance Unsafe 20190227
DrWeb Trojan.Fbng.8 20190227
Emsisoft Trojan.GenericKD.41040872 (B) 20190227
Endgame malicious (high confidence) 20190215
F-Secure Trojan.TR/Spy.Noon.dwlix 20190227
Fortinet W32/Noon.AALU!tr 20190227
GData Trojan.GenericKD.41040872 20190227
Sophos ML heuristic 20181128
Kaspersky Trojan-Spy.Win32.Noon.aalu 20190227
McAfee RDN/Generic.com 20190227
McAfee-GW-Edition BehavesLike.Win32.Fareit.gh 20190226
Microsoft Trojan:Win32/Zpevdo.B 20190227
eScan Trojan.GenericKD.41040872 20190227
NANO-Antivirus Trojan.Win32.Noon.fnlwoh 20190227
Palo Alto Networks (Known Signatures) generic.ml 20190227
Panda Trj/GdSda.A 20190226
Qihoo-360 Trojan.Generic 20190227
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190227
Symantec Trojan Horse 20190226
Tencent Win32.Trojan.Inject.Auto 20190227
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_GEN.R011C0OBR19 20190227
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.aalu 20190227
AegisLab 20190227
AhnLab-V3 20190226
Alibaba 20180921
Antiy-AVL 20190227
Avast-Mobile 20190226
Babable 20180918
Baidu 20190215
Bkav 20190226
CAT-QuickHeal 20190225
ClamAV 20190226
CMC 20190226
Comodo 20190227
Cybereason 20190109
Cyren 20190227
eGambit 20190227
ESET-NOD32 20190227
F-Prot 20190227
Ikarus 20190226
Jiangmin 20190227
K7AntiVirus 20190226
K7GW 20190227
Kingsoft 20190227
Malwarebytes 20190227
MAX 20190227
Rising 20190227
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190227
TheHacker 20190225
TotalDefense 20190226
TrendMicro-HouseCall 20190227
Trustlook 20190227
VBA32 20190226
ViRobot 20190226
Webroot 20190227
Yandex 20190226
Zillya 20190226
Zoner 20190227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
hP, inC.

Product yahoO, INC.
Original name levemaaderspendlingensperjinketychah.exe
Internal name levemaaderspendlingensperjinketychah
File version 1.00
Description pIrIfORM LtD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-25 13:32:52
Entry Point 0x00001420
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
_allmul
_adj_fprem
Ord(709)
__vbaRecDestruct
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
_CIlog
Ord(595)
_adj_fptan
__vbaI4Var
Ord(608)
__vbaFreeStr
Ord(631)
__vbaStrI2
__vbaFreeStrList
Ord(609)
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(695)
Ord(607)
__vbaLenBstr
Ord(525)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Ord(540)
__vbaFreeVar
__vbaUI1I2
__vbaInStrVar
EVENT_SINK_Release
Ord(677)
Ord(610)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
Ord(516)
__vbaStrCmp
Ord(697)
__vbaVarLateMemSt
__vbaFreeObjList
Ord(647)
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaVarTstNe
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
Ord(513)
_CIcos
Ord(628)
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
Ord(685)
Ord(572)
_adj_fpatan
EVENT_SINK_AddRef
Ord(675)
__vbaStrCopy
Ord(645)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
_CIsin
_CIsqrt
_CIatan
__vbaObjSet
_CIexp
__vbaStrToAnsi
_CItan
Ord(598)
Number of PE resources by type
RT_ICON 9
RES 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ENGLISH US 1
CHINESE MACAU 1
PE resources
ExifTool file metadata
CodeSize
401408

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
pIrIfORM LtD

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x1420

OriginalFileName
levemaaderspendlingensperjinketychah.exe

MIMEType
application/octet-stream

LegalCopyright
hP, inC.

FileVersion
1.0

TimeStamp
2019:02:25 14:32:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
levemaaderspendlingensperjinketychah

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
phIlIPS

LegalTrademarks
lItEcOIn prOJect

ProductName
yahoO, INC.

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 d061e3c704ba43ee5c4d90ed0aa1877a
SHA1 7b6b6fbfd7a99ddbc78e874b03e6187d6e92eb74
SHA256 e0d7a54661c15babb931071a6cd6be0a7457bb435f088a5d283a753850b4b01d
ssdeep
6144:aII1tiFxwVecxYZcc4S7nJTlaeidiR/6kJ4eYTHVmrHY6gvY:vIowVnqce5cQ1TJ7LHY6UY

authentihash 34f8add6305f2a818371e86fc3cd01fe5bedfd461db6618ff664da9a42d6134e
imphash 2240986d358fce23fa8e2fbbd1da87e2
File size 436.0 KB ( 446464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (68.2%)
Win64 Executable (generic) (22.9%)
Win32 Executable (generic) (3.7%)
OS/2 Executable (generic) (1.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-25 07:33:05 UTC ( 2 months, 3 weeks ago )
Last submission 2019-02-27 21:31:08 UTC ( 2 months, 3 weeks ago )
File names vbc.exe
levemaaderspendlingensperjinketychah
levemaaderspendlingensperjinketychah.exe
e0d7a54661c15babb931071a6cd6be0a7457bb435f088a5d283a753850b4b01d.exe
tall.exe
taller.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!