× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4cc2c7b301c0544006d697fadf81cc69154fc45c5c31d9d96f55a7e6f7d7f07
File name: Predetai
Detection ratio: 26 / 53
Analysis date: 2014-07-03 14:39:46 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1737550 20140703
AhnLab-V3 Trojan/Win32.MDA 20140703
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140703
Avast Win32:Zbot-UFO [Trj] 20140703
AVG Inject2.AMHY 20140703
BitDefender Trojan.GenericKD.1737550 20140703
ByteHero Virus.Win32.Heur.p 20140703
CAT-QuickHeal TrojanSpy.Zbot.r3 20140703
CMC Heur.Win32.Veebee.1!O 20140702
Emsisoft Trojan.GenericKD.1737550 (B) 20140703
ESET-NOD32 a variant of Win32/Injector.BHBC 20140703
F-Secure Trojan.GenericKD.1737550 20140703
Fortinet W32/Zbot.TJZQ!tr 20140703
GData Trojan.GenericKD.1737550 20140703
Ikarus Trojan.Win32.Injector 20140703
Kaspersky Trojan-Spy.Win32.Zbot.tjzq 20140703
Malwarebytes Spyware.ZeuS.VB 20140703
McAfee PWSZbot-FBTJ!9FE63AF4416C 20140703
McAfee-GW-Edition Artemis!9FE63AF4416C 20140702
Microsoft PWS:Win32/Zbot 20140703
eScan Trojan.GenericKD.1737550 20140703
Panda Trj/CI.A 20140703
Qihoo-360 HEUR/Malware.QVM03.Gen 20140703
Sophos Troj/VB-HJX 20140703
TrendMicro-HouseCall Suspicious_GEN.F47V0630 20140703
VIPRE Trojan.Win32.Generic!BT 20140703
AegisLab 20140703
Yandex 20140703
AntiVir 20140703
Baidu-International 20140703
Bkav 20140702
ClamAV 20140703
Commtouch 20140703
Comodo 20140703
DrWeb 20140703
F-Prot 20140703
Jiangmin 20140703
K7AntiVirus 20140703
K7GW 20140703
Kingsoft 20140703
NANO-Antivirus 20140703
Norman 20140703
nProtect 20140703
Rising 20140703
SUPERAntiSpyware 20140703
Symantec 20140703
TheHacker 20140703
TotalDefense 20140703
TrendMicro 20140703
VBA32 20140702
ViRobot 20140703
Zillya 20140701
Zoner 20140703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Copyright (c) 1991-2013 WinZip International LLC - All Rights Reserved
Product Oryzopsi
Original name Predetai.exe
Internal name Predetai
File version 1.08.0002
Comments Pitapatation antitauon's mealtide httpXXXwww.Crepitacula.com
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-28 20:21:56
Entry Point 0x00001458
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaObjSetAddref
__vbaCyI2
__vbaCyI4
__vbaEnd
__vbaRedim
Ord(648)
__vbaI4Cy
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(558)
Ord(584)
__vbaR4Var
__vbaLenBstr
Ord(685)
_adj_fpatan
Ord(586)
EVENT_SINK_AddRef
Ord(707)
__vbaCyForInit
Ord(629)
_adj_fdiv_m32i
EVENT_SINK_QueryInterface
__vbaStrCopy
Ord(673)
__vbaSetSystemError
__vbaFreeVarList
Ord(546)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
EVENT_SINK_Release
_adj_fdiv_r
Ord(517)
__vbaDerefAry1
__vbaUI1I2
__vbaFpCmpCy
__vbaFreeVar
__vbaFpCSngR8
__vbaCyMulI2
Ord(100)
Ord(519)
__vbaFreeObj
_adj_fdiv_m64
Ord(651)
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(614)
_allmul
Ord(513)
_CIcos
Ord(587)
_adj_fptan
Ord(577)
_CItan
Ord(664)
__vbaObjSet
__vbaR4Cy
__vbaI4Var
Ord(689)
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaLateIdSt
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
__vbaAryLock
__vbaAryDestruct
_CIexp
__vbaCyForNext
_adj_fprem1
_adj_fdivr_m32
__vbaVarDup
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 11
RT_BITMAP 2
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Pitapatation antitauon's mealtide httpXXXwww.Crepitacula.com

InitializedDataSize
434176

ImageVersion
1.8

FileSubtype
0

FileVersionNumber
1.8.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.08.0002

TimeStamp
2014:06:28 21:21:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Predetai

FileAccessDate
2014:07:03 15:36:57+01:00

ProductVersion
1.08.0002

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:07:03 15:36:57+01:00

OriginalFilename
Predetai.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Copyright (c) 1991-2013 WinZip International LLC - All Rights Reserved

CodeSize
548864

ProductName
Oryzopsi

ProductVersionNumber
1.8.0.2

EntryPoint
0x1458

ObjectFileType
Executable application

File identification
MD5 9fe63af4416c41262a675b97d4d7d978
SHA1 0851bb308d992576b6cd419ccab78008ebd423c3
SHA256 e4cc2c7b301c0544006d697fadf81cc69154fc45c5c31d9d96f55a7e6f7d7f07
ssdeep
12288:dTd9j2Kh2aYbIYbRozmEhYbm/+/C7yS5ziJXN:dTph2aYbIYbsDYb/671ZMd

imphash c756670f467e1c1d3ecbef932fc50c82
File size 940.7 KB ( 963233 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-30 08:05:28 UTC ( 2 years, 9 months ago )
Last submission 2014-07-01 18:36:58 UTC ( 2 years, 9 months ago )
File names Predetai.exe
Predetai
contents
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.