× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5e8c4bf07f46e9ddb1b3cf5a954795430f6e79be9d35159df23b54798099e0c
File name: Anguillo
Detection ratio: 35 / 55
Analysis date: 2014-12-04 10:37:21 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.165610 20141204
ALYac Gen:Variant.Graftor.165610 20141204
Antiy-AVL Trojan/Win32.Buzus 20141204
Avast Win32:Malware-gen 20141204
AVG BackDoor.Generic18.BDXE 20141204
AVware Trojan.Win32.Generic!BT 20141204
Baidu-International Trojan.Win32.Buzus.ar 20141204
BitDefender Gen:Variant.Graftor.165610 20141204
ByteHero Virus.Win32.Heur.p 20141204
CMC Heur.Win32.Veebee.1!O 20141204
Comodo UnclassifiedMalware 20141204
Cyren W32/Trojan.LDXE-1636 20141204
DrWeb Trojan.PWS.Panda.7278 20141204
ESET-NOD32 a variant of Win32/Injector.BQGW 20141204
F-Secure Gen:Variant.Graftor.165610 20141204
Fortinet W32/Buzus.JR!tr 20141204
GData Gen:Variant.Graftor.165610 20141204
Ikarus Trojan.Win32.Buzus 20141204
K7AntiVirus Trojan ( 004b18ef1 ) 20141203
K7GW Trojan ( 050000001 ) 20141204
Kaspersky Trojan.Win32.Buzus.weun 20141204
Malwarebytes Trojan.Zbot 20141204
McAfee BackDoor-FCHE!B320670D5CA7 20141204
McAfee-GW-Edition BackDoor-FCHE!B320670D5CA7 20141204
Microsoft Trojan:Win32/Dynamer!ac 20141204
eScan Gen:Variant.Graftor.165610 20141204
NANO-Antivirus Trojan.Win32.Buzus.djpvwh 20141204
Panda Trj/CI.A 20141204
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20141204
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141203
Sophos Troj/VBInj-JR 20141204
Symantec Trojan.Gen 20141204
Tencent Win32.Backdoor.Bp-generic.Oayz 20141204
TrendMicro-HouseCall TROJ_GEN.R047C0OL114 20141204
VIPRE Trojan.Win32.Generic!BT 20141204
AegisLab 20141204
Yandex 20141203
AhnLab-V3 20141203
Avira (no cloud) 20141204
Bkav 20141204
CAT-QuickHeal 20141204
ClamAV 20141204
F-Prot 20141204
Jiangmin 20141203
Kingsoft 20141204
Norman 20141204
nProtect 20141204
SUPERAntiSpyware 20141204
TheHacker 20141201
TotalDefense 20141203
TrendMicro 20141204
VBA32 20141204
ViRobot 20141204
Zillya 20141203
Zoner 20141204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Info Soft
Product Adenopat
Original name Anguillo.exe
Internal name Anguillo
File version 1.07.0007
Description Unsacked nonre
Comments TradeMark ® 2011
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-27 16:58:59
Entry Point 0x000014B4
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
Ord(595)
_adj_fprem
Ord(709)
__vbaVarMod
Ord(714)
Ord(540)
__vbaRedim
_adj_fdiv_r
Ord(517)
__vbaHresultCheckObj
__vbaR8Str
_CIlog
Ord(616)
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaFreeStr
__vbaStrI2
Ord(588)
__vbaFreeStrList
Ord(609)
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
__vbaI4Str
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFileOpen
__vbaDerefAry1
__vbaFreeVar
__vbaLbound
__vbaPowerR8
__vbaAryLock
EVENT_SINK_Release
Ord(677)
Ord(593)
Ord(667)
Ord(716)
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
Ord(570)
__vbaAryUnlock
__vbaFreeObjList
Ord(583)
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaLineInputVar
__vbaFreeObj
_adj_fdivr_m32
_CIcos
Ord(713)
__vbaDateVar
__vbaStrErrVarCopy
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaLateIdSt
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m64
_adj_fdiv_m32
__vbaPrintObj
Ord(512)
__vbaEnd
Ord(685)
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaStrCopy
Ord(702)
__vbaFPException
_adj_fdivr_m16i
Ord(100)
Ord(534)
_CIsin
_CIsqrt
_CIatan
Ord(587)
__vbaLateMemCall
__vbaObjSet
_CIexp
_CItan
__vbaFpI4
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
TradeMark 2011

LinkerVersion
6.0

ImageVersion
1.7

FileSubtype
0

FileVersionNumber
1.7.0.7

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
28672

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.07.0007

TimeStamp
2014:11:27 17:58:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Anguillo

SubsystemVersion
4.0

FileAccessDate
2014:12:04 11:33:44+01:00

ProductVersion
1.07.0007

FileDescription
Unsacked nonre

OSVersion
4.0

FileCreateDate
2014:12:04 11:33:44+01:00

OriginalFilename
Anguillo.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Info Soft

CodeSize
315392

ProductName
Adenopat

ProductVersionNumber
1.7.0.7

EntryPoint
0x14b4

ObjectFileType
Executable application

File identification
MD5 b320670d5ca7c08fe1c00f807f3234b8
SHA1 538f00888ad08dd58d03fb2584cc25052aa6dbd7
SHA256 e5e8c4bf07f46e9ddb1b3cf5a954795430f6e79be9d35159df23b54798099e0c
ssdeep
6144:NhMa90K1JUZbyOs2rpadY9dNOMK6/OIXwiFpa21ibYXyaUMu5WfuaSTfEmc:/ey8yY9dNOm/pj/Xydrc

authentihash c9e5e4349b311fd4c03ef4313d0813db42585a7be17a0066d265cba11b6d3db6
imphash 723483d78fb90fb8771ae239f3c676bc
File size 344.0 KB ( 352265 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-01 15:22:43 UTC ( 2 years, 4 months ago )
Last submission 2014-12-03 15:33:54 UTC ( 2 years, 4 months ago )
File names 3975f82d-cdd8-4974-9a10-4bdc80e9d625
b0179a24-8ec6-407c-aa5f-bb8570f068a7
Anguillo
file-7758263_vvv
Anguillo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.