× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4cc2c7b301c0544006d697fadf81cc69154fc45c5c31d9d96f55a7e6f7d7f07
File name: Predetai
Detection ratio: 43 / 68
Analysis date: 2018-08-03 10:57:00 UTC ( 2 weeks, 3 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.97890 20180803
AhnLab-V3 Trojan/Win32.MDA.R110700 20180803
ALYac Gen:Variant.Zusy.97890 20180803
Antiy-AVL Trojan[Spy]/Win32.Zbot 20180803
Arcabit Trojan.Zusy.D17E62 20180803
Avast Win32:Zbot-UFO [Trj] 20180802
AVG Win32:Zbot-UFO [Trj] 20180802
Avira (no cloud) HEUR/AGEN.1008616 20180803
AVware Trojan.Win32.Generic!BT 20180727
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180802
BitDefender Gen:Variant.Zusy.97890 20180803
CAT-QuickHeal TrojanPWS.Zbot.AM3 20180803
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cybereason malicious.4416c4 20180225
Cylance Unsafe 20180803
Cyren W32/Trojan.HPEP-2867 20180803
DrWeb Trojan.PWS.Panda.7278 20180803
Emsisoft Gen:Variant.Zusy.97890 (B) 20180803
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.BHBC 20180803
F-Secure Gen:Variant.Zusy.97890 20180803
Fortinet W32/Injector.BJGR!tr 20180803
Ikarus Trojan-Spy.Win32.Zbot 20180803
Kaspersky Trojan-Spy.Win32.Zbot.tjzq 20180803
MAX malware (ai score=89) 20180803
McAfee PWSZbot-FAUW!9FE63AF4416C 20180803
McAfee-GW-Edition PWSZbot-FAUW!9FE63AF4416C 20180803
Microsoft PWS:Win32/Zbot 20180803
eScan Gen:Variant.Zusy.97890 20180803
NANO-Antivirus Trojan.Win32.Zbot.dbwvpg 20180803
Palo Alto Networks (Known Signatures) generic.ml 20180803
Panda Trj/Genetic.gen 20180802
Qihoo-360 HEUR/Malware.QVM03.Gen 20180803
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/VB-HJX 20180803
Symantec ML.Attribute.HighConfidence 20180803
Tencent Win32.Trojan-spy.Zbot.Hzni 20180803
TrendMicro TROJ_GEN.R002C0DGV18 20180803
TrendMicro-HouseCall TROJ_GEN.R002C0DGV18 20180803
VIPRE Trojan.Win32.Generic!BT 20180803
ViRobot Trojan.Win32.Z.Zbot.963233 20180803
Yandex TrojanSpy.Zbot!U7/3t1lawP4 20180803
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.tjzq 20180803
AegisLab 20180803
Alibaba 20180713
Avast-Mobile 20180802
Babable 20180725
Bkav 20180803
ClamAV 20180803
CMC 20180803
Comodo 20180803
eGambit 20180803
F-Prot 20180803
GData 20180803
Sophos ML 20180717
Jiangmin 20180803
K7AntiVirus 20180803
K7GW 20180803
Kingsoft 20180803
Malwarebytes 20180803
Rising 20180803
SUPERAntiSpyware 20180803
Symantec Mobile Insight 20180801
TACHYON 20180803
TheHacker 20180802
TotalDefense 20180803
Trustlook 20180803
VBA32 20180803
Webroot 20180803
Zillya 20180802
Zoner 20180803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Oryzopsi
Original name Predetai.exe
Internal name Predetai
File version 1.08.0002
Comments Pitapatation antitauon's mealtide httpXXXwww.Crepitacula.com
Signature verification The digital signature of the object did not verify.
Signing date 11:57 AM 8/3/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-28 20:21:56
Entry Point 0x00001458
Number of sections 3
PE sections
Overlays
MD5 9f52d7656afda1dbb708626ab7b8d16e
File type data
Offset 954368
Size 8865
Entropy 6.85
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaObjSetAddref
__vbaCyI2
__vbaCyI4
__vbaEnd
__vbaRedim
Ord(648)
__vbaI4Cy
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(558)
Ord(584)
__vbaR4Var
__vbaLenBstr
Ord(685)
_adj_fpatan
Ord(586)
EVENT_SINK_AddRef
Ord(707)
__vbaCyForInit
Ord(629)
_adj_fdiv_m32i
EVENT_SINK_QueryInterface
__vbaStrCopy
Ord(673)
__vbaSetSystemError
__vbaFreeVarList
Ord(546)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
EVENT_SINK_Release
_adj_fdiv_r
Ord(517)
__vbaDerefAry1
__vbaUI1I2
__vbaFpCmpCy
__vbaFreeVar
__vbaFpCSngR8
__vbaCyMulI2
Ord(100)
Ord(519)
__vbaFreeObj
_adj_fdiv_m64
Ord(651)
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(614)
_allmul
Ord(513)
_CIcos
Ord(587)
_adj_fptan
Ord(577)
_CItan
Ord(664)
__vbaObjSet
__vbaR4Cy
__vbaI4Var
Ord(689)
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaLateIdSt
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
__vbaAryLock
__vbaAryDestruct
_CIexp
__vbaCyForNext
_adj_fprem1
_adj_fdivr_m32
__vbaVarDup
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 11
RT_BITMAP 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Pitapatation antitauon's mealtide httpXXXwww.Crepitacula.com

InitializedDataSize
434176

ImageVersion
1.8

FileSubtype
0

FileVersionNumber
1.8.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x1458

OriginalFileName
Predetai.exe

MIMEType
application/octet-stream

FileVersion
1.08.0002

TimeStamp
2014:06:28 21:21:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Predetai

ProductVersion
1.08.0002

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Copyright (c) 1991-2013 WinZip International LLC - All Rights Reserved

CodeSize
548864

ProductName
Oryzopsi

ProductVersionNumber
1.8.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9fe63af4416c41262a675b97d4d7d978
SHA1 0851bb308d992576b6cd419ccab78008ebd423c3
SHA256 e4cc2c7b301c0544006d697fadf81cc69154fc45c5c31d9d96f55a7e6f7d7f07
ssdeep
12288:dTd9j2Kh2aYbIYbRozmEhYbm/+/C7yS5ziJXN:dTph2aYbIYbsDYb/671ZMd

authentihash f11abf400e0eb5b99b75c93a06f3610fd7772802186fd1d8b7c7b7ef335b4bf9
imphash c756670f467e1c1d3ecbef932fc50c82
File size 940.7 KB ( 963233 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-06-30 08:05:28 UTC ( 4 years, 1 month ago )
Last submission 2014-07-01 18:36:58 UTC ( 4 years, 1 month ago )
File names Predetai.exe
Predetai
contents
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.