× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e3787b3837f22f15fd1bc34096034387749d15fa0cfb3c8518724239b7b05264
File name: 1e9a890f92e2b9a327d253f82b24844a.exe
Detection ratio: 38 / 47
Analysis date: 2013-11-18 17:01:27 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
Yandex Trojan.Weelsof!bdKXJtWSsSI 20131118
AhnLab-V3 Trojan/Win32.Weelsof 20131118
AntiVir TR/Zusy.69449.16 20131118
Antiy-AVL Trojan/Win32.Weelsof 20131118
Avast Win32:Malware-gen 20131118
AVG Generic35.TYG 20131118
Baidu-International Trojan.Win32.Weelsof.aB 20131118
BitDefender Gen:Variant.Zusy.69449 20131118
Bkav W32.Clod32a.Trojan.2a3f 20131118
ByteHero Virus.Win32.Heur.p 20131118
Commtouch W32/GenBl.1E9A890F!Olympus 20131118
Comodo UnclassifiedMalware 20131118
Emsisoft Gen:Variant.Zusy.69449 (B) 20131118
ESET-NOD32 Win32/Spy.Zbot.AAO 20131118
F-Secure Gen:Variant.Zusy.69449 20131118
Fortinet W32/Weelsof.QDV!tr 20131118
GData Gen:Variant.Zusy.69449 20131118
Ikarus Trojan.Win32.Weelsof 20131118
Jiangmin Trojan/Weelsof.aaz 20131118
K7AntiVirus Trojan ( 0048df711 ) 20131118
K7GW Trojan ( 0048df711 ) 20131118
Kaspersky Trojan.Win32.Weelsof.qdv 20131118
Kingsoft Win32.Troj.Weelsof.q.(kcloud) 20130829
Malwarebytes Trojan.LockScreen 20131118
McAfee PWSZbot-FKS!1E9A890F92E2 20131118
McAfee-GW-Edition PWSZbot-FKS!1E9A890F92E2 20131117
Microsoft PWS:Win32/Zbot 20131118
eScan Gen:Variant.Zusy.69449 20131118
NANO-Antivirus Trojan.Win32.Weelsof.cmvcsj 20131118
Norman Suspicious_Gen4.FILTA 20131118
Panda Trj/dtcontx.I 20131118
Sophos AV Mal/Generic-S 20131118
SUPERAntiSpyware Trojan.Agent/Gen-FalComp 20131118
Symantec WS.Reputation.1 20131118
TrendMicro TROJ_GEN.R0CBC0PKE13 20131118
TrendMicro-HouseCall TROJ_GEN.R0CBC0PKE13 20131118
VBA32 Trojan.Weelsof 20131118
VIPRE Trojan.Win32.Generic!BT 20131118
CAT-QuickHeal 20131118
ClamAV 20131118
DrWeb 20131118
F-Prot 20131118
nProtect 20131118
Rising 20131118
TheHacker 20131118
TotalDefense 20131115
ViRobot 20131118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product detailed map of Jik and near places. Welcome to the Jik
Internal name NAZikasmel
File version 1.00
Comments detailed map of Jik and near places. Welcome to the Jik
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-28 15:05:22
Entry Point 0x00001600
Number of sections 3
PE sections
Overlays
MD5 950ab0c4695f19290f904a7acefc2b3c
File type data
Offset 65536
Size 288326
Entropy 7.69
PE imports
_adj_fdivr_m64
Ord(546)
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
Ord(596)
__vbaAryMove
__vbaObjVar
__vbaForEachVar
__vbaVarAnd
__vbaRedim
_adj_fdiv_r
__vbaObjSetAddref
__vbaMidStmtBstr
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
Ord(608)
__vbaFreeStr
Ord(631)
__vbaStrI2
__vbaStrI4
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaNextEachVar
__vbaI4Str
__vbaLenBstr
Ord(525)
__vbaResume
__vbaRedimPreserve
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarSetObjAddref
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
__vbaI2Str
Ord(711)
Ord(606)
__vbaInStrVar
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
__vbaAryUnlock
__vbaOnError
_adj_fdivr_m32i
__vbaI4ErrVar
__vbaStrCat
__vbaVarDup
__vbaVarLateMemCallSt
__vbaChkstk
Ord(570)
__vbaAryCopy
__vbaErase
__vbaVarLateMemSt
__vbaFreeObjList
__vbaVarCmpGt
__vbaVarIndexLoad
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarTstGt
_CIcos
Ord(713)
__vbaDateVar
Ord(685)
__vbaVarMove
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
_adj_fdiv_m32
__vbaVarCmpLt
__vbaLenVar
__vbaEnd
__vbaVarCat
__vbaUI1ErrVar
__vbaVarCmpEq
__vbaVarIndexStore
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
__vbaVarForInit
__vbaStrCopy
Ord(632)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaVarDiv
__vbaLateMemCall
Ord(573)
__vbaR8Var
__vbaObjSet
__vbaVarTstLe
Ord(644)
__vbaDateR8
_CIexp
__vbaStrToAnsi
_CItan
Ord(598)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
detailed map of Jik and near places. Welcome to the Jik

InitializedDataSize
20480

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ProductVersio
1.0

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x1600

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2013:10:28 15:05:22+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
NAZikasmel

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
detailed map of Jik and near places. Welcome to the Jik

CodeSize
45056

ProductName
detailed map of Jik and near places. Welcome to the Jik

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1e9a890f92e2b9a327d253f82b24844a
SHA1 0793f2c6f6cda96a19249454c5658ef0dac71433
SHA256 e3787b3837f22f15fd1bc34096034387749d15fa0cfb3c8518724239b7b05264
ssdeep
6144:hIvU6YbXoSjb2/KQV+Lh1Wk8OPxY1k1THJwJu6o3CwCQg/sPGV:YU6qXBv2/KVPWk8sJAu6AQePw

authentihash cd0563f6630471d46fccc3c939a3e7b44c677a2bcc0a3ea59204693d6215698c
imphash 9da4a1611e6e0e05c13f5373f2658275
File size 345.6 KB ( 353862 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (65.7%)
Win64 Executable (generic) (22.1%)
Win32 Dynamic Link Library (generic) (5.2%)
Win32 Executable (generic) (3.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-11-14 17:31:03 UTC ( 5 years, 6 months ago )
Last submission 2013-11-18 17:01:27 UTC ( 5 years, 6 months ago )
File names 1e9a890f92e2b9a327d253f82b24844a.exe
NAZikasmel
1e9a890f92e2b9a327d253f82b24844a
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications