× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e970efabd0742095580be3a50bae7fd9ad9fda595c54a264d8d58983a1784bd6
File name: aa
Detection ratio: 45 / 54
Analysis date: 2014-07-11 00:11:00 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware Worm.Generic.241855 20140710
Yandex Worm.Koobface!Xa6Aqh/8Esk 20140710
AhnLab-V3 Worm/Win32.Koobface 20140710
AntiVir TR/Dropper.Gen 20140711
Avast Win32:VB-ORG [Trj] 20140711
AVG Dropper.Generic.BXEK 20140710
Baidu-International Worm.Win32.Koobface.Agkv 20140710
BitDefender Worm.Generic.241855 20140710
Bkav W32.Clodd46.Trojan.744f 20140710
CAT-QuickHeal I-Worm.Koobface.r4 20140710
ClamAV Worm.Koobface-291 20140710
Commtouch W32/Koobface.N.gen!Eldorado 20140710
Comodo NetWorm.Win32.Koobface.FE 20140710
DrWeb Trojan.Packed.19767 20140711
Emsisoft Worm.Generic.241855 (B) 20140711
ESET-NOD32 a variant of Win32/Injector.BAU 20140710
F-Prot W32/Koobface.N.gen!Eldorado 20140711
F-Secure Packed:W32/Vbcrypt.K 20140710
Fortinet W32/VBObfus.C!tr 20140710
GData Worm.Generic.241855 20140710
Ikarus Virus.Win32.VBInject 20140710
K7AntiVirus Backdoor ( 04c4da301 ) 20140710
K7GW Backdoor ( 04c4da301 ) 20140710
Kaspersky Net-Worm.Win32.Koobface.fwd 20140710
Kingsoft Worm.Koobface.66560.(kcloud) 20140711
McAfee Artemis!5C1082D44556 20140711
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.A 20140711
Microsoft VirTool:Win32/VBInject.DR 20140710
eScan Worm.Generic.241855 20140710
NANO-Antivirus Trojan.Win32.Koobface.rpmc 20140710
Norman Suspicious_Gen2.UYVMV 20140710
nProtect Worm/W32.Koobface.66560.D 20140710
Panda W32/Koobface.C.worm 20140710
Qihoo-360 Win32/Worm.2e3 20140711
Sophos AV Mal/Koobface-B 20140710
SUPERAntiSpyware Trojan.Agent/Gen-FakeAv[Crypt] 20140711
Symantec Packed.Generic.296 20140711
Tencent Win32.Worm-net.Koobface.Svrc 20140711
TheHacker Trojan/Injector.bau 20140708
TrendMicro WORM_KOOBFACE.XA 20140711
TrendMicro-HouseCall WORM_KOOBFACE.XA 20140711
VBA32 TScope.Trojan.VB 20140710
VIPRE Trojan.Win32.Generic.pak!cobra 20140711
ViRobot Worm.Win32.S.Net-Koobface.66560.A 20140710
Zillya Worm.Koobface.Win32.5470 20140710
AegisLab 20140711
Antiy-AVL 20140710
ByteHero 20140711
CMC 20140710
Jiangmin 20140710
Malwarebytes 20140711
Rising 20140710
TotalDefense 20140710
Zoner 20140708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-11 08:52:36
Entry Point 0x000010AC
Number of sections 4
PE sections
PE imports
ProcCallEngine
__vbaExceptHandler
Ord(537)
Ord(598)
DllFunctionCall
Ord(644)
Ord(631)
Ord(100)
Ord(608)
CreateProcessW
RtlMoveMemory
GetProcAddress
LoadLibraryA
VirtualAllocEx
CallWindowProcA
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
2 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 4
ENGLISH US 1
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
1.0

FileVersionNumber
0.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
54784

MIMEType
application/octet-stream

TimeStamp
2010:03:11 09:52:36+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:07:11 01:06:22+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:07:11 01:06:22+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10240

FileSubtype
0

ProductVersionNumber
0.1.0.0

EntryPoint
0x10ac

ObjectFileType
Executable application

File identification
MD5 5c1082d445565a52ec15c95f5e099c49
SHA1 3692ce37d9b51e4c107605b067fb8c850bc725dc
SHA256 e970efabd0742095580be3a50bae7fd9ad9fda595c54a264d8d58983a1784bd6
ssdeep
768:LFJPVpyH39WGAsnUidSvWMckTLoDjNkVHxbLuJ8VVNoGO8E0cpNY7ltrY2vGaA1:fPlWMckIDkx2eVzKVFNYvrY2Op14EPx

imphash c55793cd604112c3ea7cf607ec551cc1
File size 65.0 KB ( 66560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-03-11 12:15:40 UTC ( 8 years, 10 months ago )
Last submission 2010-03-26 01:55:20 UTC ( 8 years, 10 months ago )
File names QkBh3PQ5.lnk
aa
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!