× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e21698cc9c987b2f765b9babd38b8e9928b71618551f3509b19fe02bf33df275
File name: 8CEF34F2095C1E21F824B29D4860B516
Detection ratio: 38 / 43
Analysis date: 2011-12-11 10:10:59 UTC ( 7 years, 4 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.VBKrypt 20111209
AntiVir TR/Dropper.Gen 20111209
Avast Win32:Bifrose-FAH [Trj] 20111210
AVG Generic16.IPE 20111211
BitDefender Trojan.Generic.3020330 20111211
ClamAV Trojan.Agent-140697 20111211
Commtouch W32/MalwareF.AJYA 20111210
Comodo TrojWare.Win32.Injector.APE0 20111211
DrWeb Trojan.Siggen.40345 20111211
Emsisoft Trojan.Win32.VBKrypt!IK 20111211
eSafe Win32.TrojanHorse 20111208
eTrust-Vet Win32/VBKrypt.AZ 20111209
F-Prot W32/MalwareF.AJYA 20111129
F-Secure Trojan.Generic.3020330 20111211
Fortinet W32/Refroso.BLC!tr 20111211
GData Trojan.Generic.3020330 20111211
Ikarus Trojan.Win32.VBKrypt 20111211
Jiangmin Trojan/VBKrypt.oy 20111210
K7AntiVirus Riskware 20111209
Kaspersky Trojan.Win32.VBKrypt.cc 20111211
McAfee Generic.dx!nxt 20111211
McAfee-GW-Edition Generic.dx!nxt 20111211
Microsoft VirTool:Win32/VBInject.gen!BP 20111211
NOD32 Win32/Injector.APE 20111207
Norman W32/VBTroj.CGAM 20111210
nProtect Trojan/W32.VBKrypt.184320.D 20111211
Panda Suspicious file 20111210
PCTools HeurEngine.Cisabim 20111211
Prevx Medium Risk Malware 20111211
Sophos AV Mal/VBKrypt-A 20111211
Symantec Packed.Cisabim!gen1 20111211
TheHacker Trojan/VBKrypt.cc 20111211
TrendMicro TROJ_VBKRYPT.AB 20111211
TrendMicro-HouseCall TROJ_VBKRYPT.AB 20111211
VBA32 SIM.Trojan.VBO.01547 20111209
VIPRE Trojan.Win32.Generic!BT 20111211
ViRobot Trojan.Win32.VBKrypt.78541 20111210
VirusBuster Trojan.VBKrypt!3XCgPlUMzs8 20111210
Antiy-AVL 20111211
ByteHero 20111207
CAT-QuickHeal 20111210
Rising 20111208
SUPERAntiSpyware 20111210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Update
Original name Update.exe
Internal name Update
File version 1.04
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-20 16:04:19
Entry Point 0x0000118C
Number of sections 4
PE sections
PE imports
EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
Zombie_GetTypeInfo
EVENT_SINK_AddRef
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
28 more function(s) imported by ordinal)
ExifTool file metadata
LegalTrademarks

UninitializedDataSize
0

Comments

InitializedDataSize
24576

ImageVersion
1.4

FileSubtype
0

FileVersionNumber
1.4.0.0

LanguageCode
Italian

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.04

TimeStamp
2009:12:20 17:04:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Update

ProductVersion
1.04

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
Update.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName

CodeSize
61440

ProductName
Update

ProductVersionNumber
1.4.0.0

EntryPoint
0x118c

ObjectFileType
Executable application

File identification
MD5 8cef34f2095c1e21f824b29d4860b516
SHA1 c370a388adbe8c3f83f285717b11921905fbe089
SHA256 e21698cc9c987b2f765b9babd38b8e9928b71618551f3509b19fe02bf33df275
ssdeep
3072:Xb1gdE+xlU6q2NvCmv0GtB9/4ImUsfGiUaxieDPSTmauBoE/8LEv:XppZj2NqmsdIm3Vie2T5CoED

File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2009-12-21 02:01:10 UTC ( 9 years, 4 months ago )
Last submission 2011-12-11 10:10:59 UTC ( 7 years, 4 months ago )
File names 8CEF34F2095C1E21F824B29D4860B516
malware.exe
VwS2nDkL.7z
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!