× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e675db537290dec1b3e9d36b3a010b397cd2540bf3d03ff55e30718d67e1e18b
File name: MN741AQ_IJ08
Detection ratio: 38 / 49
Analysis date: 2014-02-02 15:16:24 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.38009 20140202
Yandex TrojanSpy.Zbot!aKI3yydWugM 20140202
AhnLab-V3 Trojan/Win32.Inject 20140202
AntiVir TR/Dropper.VB.6824 20140202
Antiy-AVL Trojan/Win32.Zbot 20140202
Avast Win32:Zbot-SEZ [Trj] 20140202
AVG PSW.Generic12.RPO 20140202
Baidu-International Trojan.Win32.Zbot.apft 20140202
BitDefender Gen:Variant.Symmi.38009 20140202
ByteHero Virus.Win32.Heur.p 20140127
CAT-QuickHeal TrojanSpy.Zbot.qxkc 20140202
Comodo UnclassifiedMalware 20140202
DrWeb Trojan.Winlock.10644 20140202
Emsisoft Gen:Variant.Symmi.38009 (B) 20140202
ESET-NOD32 a variant of Win32/Injector.ATPO 20140202
Fortinet W32/Zbot.ATPO!tr 20140202
GData Gen:Variant.Symmi.38009 20140202
Ikarus Trojan.Win32.Inject 20140202
Jiangmin TrojanSpy.Zbot.fsya 20140202
K7AntiVirus Trojan ( 004917a31 ) 20140131
K7GW Trojan ( 004917a31 ) 20140131
Kaspersky Trojan-Spy.Win32.Zbot.qxkc 20140202
Kingsoft Win32.Troj.Zbot.qx.(kcloud) 20130829
Malwarebytes Trojan.LVBP 20140202
McAfee RDN/Generic PWS.y!wn 20140202
McAfee-GW-Edition RDN/Generic PWS.y!wn 20140202
Microsoft PWS:Win32/Zbot 20140202
eScan Gen:Variant.Symmi.38009 20140202
Norman Troj_Generic.RQVGS 20140202
Panda Trj/Zbot.Q 20140202
Qihoo-360 HEUR/Malware.QVM03.Gen 20140127
Sophos Troj/VB-GYP 20140202
Symantec Backdoor.Trojan 20140202
TheHacker Trojan/Injector.atpo 20140201
TrendMicro TROJ_GEN.R01TC0FLO13 20140202
TrendMicro-HouseCall TROJ_GEN.R01TC0FLO13 20140202
VBA32 TrojanSpy.Zbot 20140131
VIPRE Trojan.Win32.Generic!BT 20140202
Bkav 20140125
ClamAV 20140202
CMC 20140122
Commtouch 20140202
F-Prot 20140201
NANO-Antivirus 20140202
nProtect 20140202
Rising 20140202
SUPERAntiSpyware 20140201
TotalDefense 20140202
ViRobot 20140202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Flash
Product Flash game you run forward as an alien in outer space. You can run and jump on the floor, walls, and even the ceiling.
Original name MN741AQ_IJ08.exe
Internal name MN741AQ_IJ08
File version 1.00.0114
Comments Flash game you run forward as an alien in outer space. You can run and jump on the floor, walls, and even the ceiling.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-13 15:38:05
Entry Point 0x00001510
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
Ord(596)
__vbaAryMove
__vbaObjVar
__vbaForEachVar
__vbaVarAnd
__vbaForEachCollObj
_adj_fdiv_r
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
__vbaVarMul
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaAryCopy
__vbaFreeStr
__vbaLateIdCallLd
__vbaStrI4
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaNextEachVar
__vbaLenBstr
__vbaResume
__vbaCheckType
__vbaStrToUnicode
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
Ord(711)
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(610)
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaVarLateMemCallSt
__vbaChkstk
__vbaPrintFile
__vbaLsetFixstr
Ord(570)
__vbaErase
__vbaVarLateMemSt
__vbaFreeObjList
__vbaVarCmpGt
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarTstGt
_CIcos
__vbaVarMove
__vbaVarCmpEq
__vbaNew2
__vbaLateIdSt
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaLenVar
__vbaEnd
__vbaLateMemSt
__vbaVarIndexStore
__vbaOnError
_adj_fpatan
Ord(712)
__vbaVarSetVar
__vbaVarForInit
__vbaObjIs
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaCastObjVar
EVENT_SINK_AddRef
__vbaNextEachCollObj
_CIsin
_CIsqrt
__vbaVarCopy
Ord(612)
_CIatan
__vbaVarDiv
__vbaLateMemCall
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
Ord(598)
Number of PE resources by type
Struct(0) 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Flash game you run forward as an alien in outer space. You can run and jump on the floor, walls, and even the ceiling.

InitializedDataSize
20480

ImageVersion
1.0

FileVersionNumber
1.0.0.114

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

yourunforwardasanalieninouterspaceYoucanrunandjumponthefloorwallsandeventheceiling
ProductName

LinkerVersion
6.0

shgameyourunforwardasanalieninouterspaceYoucanrunandjumponthefloorwallsandeventheceiling
4FileVersion

MIMEType
application/octet-stream

TimeStamp
2013:12:13 16:38:05+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:12:17 11:15:07+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2013:12:17 11:15:07+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Flash

Tag00114
<InternalName

CodeSize
57344

FileSubtype
0

ProductVersionNumber
1.0.0.114

EntryPoint
0x1510

ObjectFileType
Executable application

Tag41AQ_IJ08
L"OriginalFilename

Compressed bundles
File identification
MD5 46150cd7dccb62be632c73116fe09c60
SHA1 8991e6fd9f244e96420093b4c97abdad39e726fc
SHA256 e675db537290dec1b3e9d36b3a010b397cd2540bf3d03ff55e30718d67e1e18b
ssdeep
6144:tRdEqMuyTDVw/6s+s+QKBTfF4wqyEi1na3d:fMuAVsXaQaRpoN

imphash fa125710ca933a6f48768c27c0cb6b4b
File size 300.2 KB ( 307434 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-17 08:16:00 UTC ( 3 years, 6 months ago )
Last submission 2013-12-17 08:16:00 UTC ( 3 years, 6 months ago )
File names MN741AQ_IJ08.exe
MN741AQ_IJ08
vt-upload-UYB32
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!