× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ebb92d444b26791f50ec8ad17eb2200742d6e6e99c3db5a4ca522dda939a9357
File name: Sesquiqu
Detection ratio: 40 / 55
Analysis date: 2015-10-24 17:27:01 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.Jatif.47 20151025
Yandex TrojanSpy.Zbot!CAcJKltMjhU 20151025
AhnLab-V3 Trojan/Win32.Ransomlock 20151025
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151025
Arcabit Trojan.Jatif.47 20151025
Avast Win32:Evo-gen [Susp] 20151025
AVG PSW.Generic12.ABHE 20151025
Avira (no cloud) TR/ZbotCitadel.A.620 20151025
AVware Trojan.Win32.Generic!BT 20151025
Baidu-International Trojan.Win32.Zbot.rkod 20151025
BitDefender Gen:Heur.Jatif.47 20151025
ByteHero Virus.Win32.Heur.p 20151025
CAT-QuickHeal TrojanPWS.Zbot.AM3 20151024
Comodo UnclassifiedMalware 20151025
DrWeb Trojan.PWS.Panda.2401 20151025
Emsisoft Gen:Heur.Jatif.47 (B) 20151025
ESET-NOD32 a variant of Win32/Injector.AYZD 20151025
F-Secure Gen:Heur.Jatif.47 20151023
Fortinet W32/VB.ALO!tr 20151025
GData Gen:Heur.Jatif.47 20151025
Ikarus Trojan-Spy.Win32.Zbot 20151025
Jiangmin TrojanSpy.Zbot.gzmq 20151024
K7AntiVirus Trojan ( 0001140e1 ) 20151025
K7GW Trojan ( 0001140e1 ) 20151025
Kaspersky Trojan-Spy.Win32.Zbot.rkod 20151025
Malwarebytes Trojan.Zbot.FKV 20151025
McAfee Generic-FAUS!EBF99D36F268 20151025
McAfee-GW-Edition Generic-FAUS!EBF99D36F268 20151025
Microsoft PWS:Win32/Zbot 20151025
eScan Gen:Heur.Jatif.47 20151025
NANO-Antivirus Trojan.Win32.Zbot.cttwgg 20151025
Panda Generic Malware 20151025
Qihoo-360 Win32/Trojan.87a 20151025
Sophos Mal/Generic-S 20151025
Symantec Infostealer 20151025
Tencent Win32.Trojan-spy.Zbot.Apcz 20151025
TrendMicro TSPY_ZBOT.YYDDC 20151025
TrendMicro-HouseCall TSPY_ZBOT.YYDDC 20151025
VIPRE Trojan.Win32.Generic!BT 20151025
Zillya Trojan.Zbot.Win32.148364 20151025
AegisLab 20151025
Alibaba 20151023
Bkav 20151025
ClamAV 20151025
CMC 20151021
Cyren 20151025
F-Prot 20151025
nProtect 20151023
Rising 20151025
SUPERAntiSpyware 20151025
TheHacker 20151025
TotalDefense 20151025
VBA32 20151023
ViRobot 20151025
Zoner 20151025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Nanosystems S.r.l.
Product Flavanth undislod palpifer tryparsa
Original name Sesquiqu.exe
Internal name Sesquiqu
File version 1.06.0001
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-03 10:29:10
Entry Point 0x000012D8
Number of sections 3
PE sections
Overlays
MD5 efb1a13f134256c6248cb5540efe9497
File type data
Offset 475136
Size 3089
Entropy 7.62
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
EVENT_SINK_Release
__vbaEnd
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(697)
Ord(525)
_adj_fpatan
EVENT_SINK_AddRef
__vbaCyStr
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
Ord(618)
Ord(589)
Ord(517)
__vbaFreeVar
_adj_fprem1
Ord(100)
_adj_fdiv_r
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(606)
_CIcos
Ord(616)
__vbaFreeStr
_adj_fptan
__vbaI2Var
Ord(610)
__vbaI4Var
Ord(667)
__vbaVarMove
Ord(703)
_CIatan
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
__vbaStrCat
Ord(543)
_CItan
__vbaFpI2
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 7
RT_MENU 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
376832

ImageVersion
1.6

ProductName
Flavanth undislod palpifer tryparsa

FileVersionNumber
1.6.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Sesquiqu.exe

MIMEType
application/octet-stream

FileVersion
1.06.0001

TimeStamp
2014:02:03 11:29:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sesquiqu

ProductVersion
1.06.0001

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nanosystems S.r.l.

CodeSize
102400

FileSubtype
0

ProductVersionNumber
1.6.0.1

EntryPoint
0x12d8

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ebf99d36f2680c219ce14c749fadcd6b
SHA1 26e8cd42e455e66b37f484c01789f464c403eb1f
SHA256 ebb92d444b26791f50ec8ad17eb2200742d6e6e99c3db5a4ca522dda939a9357
ssdeep
12288:t9imBUK1zry/imBUK1rruzRVFP7hrObMqTpzWF:tc0dWq0JruVV9BOQ0

authentihash da5db2b19e64bb589476e594ad4db6d9a03d42e9a2eb4bb9424d5aba13451b99
imphash b19e274fbdbb76481e66b8768dc8e8e9
File size 467.0 KB ( 478225 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-02-12 03:26:19 UTC ( 3 years, 2 months ago )
Last submission 2014-02-12 03:26:19 UTC ( 3 years, 2 months ago )
File names Sesquiqu
xz.exe
Sesquiqu.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.