× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ebbc0706a7f3a37cd15897fdac5cdfdf547a43a0392e0d38b5a4db1aa9001fdf
File name: ywayyiuyip.vbs
Detection ratio: 39 / 57
Analysis date: 2016-05-19 02:02:59 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Worm.VBS.Dunihi.W 20160519
AegisLab Worm.Vbs.Dinihou!c 20160518
ALYac Worm.VBS.Dunihi.W 20160519
Arcabit Worm.VBS.Dunihi.W 20160519
Avast VBS:Decode-KG [Trj] 20160519
AVG BackDoor.Generic_c.XMA 20160519
Avira (no cloud) VBS/Dunihi.B 20160519
Baidu VBS.Trojan.Kryptik.fp 20160518
BitDefender Worm.VBS.Dunihi.W 20160519
Comodo UnclassifiedMalware 20160519
Cyren VBS/Dunihi.H 20160519
DrWeb VBS.Siggen.7530 20160519
Emsisoft Worm.VBS.Dunihi.W (B) 20160519
ESET-NOD32 VBS/Kryptik.L 20160519
F-Prot VBS/Dunihi.H 20160519
F-Secure Worm.VBS.Dunihi.W 20160519
Fortinet VBS/Dinihou.B!tr 20160519
GData Worm.VBS.Dunihi.W 20160519
Ikarus Worm.Win32.VBS.Dinihou 20160518
Jiangmin Worm.VBS.afs 20160519
K7AntiVirus NetWorm ( 0040f5d41 ) 20160518
K7GW NetWorm ( 0040f5d41 ) 20160519
Kaspersky Worm.VBS.Dinihou.c 20160518
McAfee VBS/Autorun.worm.aapd 20160519
McAfee-GW-Edition VBS/Autorun.worm.aapd 20160518
Microsoft Worm:VBS/Jenxcus 20160518
eScan Worm.VBS.Dunihi.W 20160518
NANO-Antivirus Trojan.Script.Hworm.dmiovx 20160519
nProtect Worm.VBS.Dunihi.W 20160518
Panda VBS/Autorun.BC.worm 20160518
Qihoo-360 virus.vbs.crypt.c 20160519
Sophos AV Troj/VBS-BS 20160519
Symantec VBS.Downloader.Trojan 20160519
Tencent Vbs.Worm.Dinihou.Hvjn 20160519
TrendMicro VBS_DUNIHI.SM3 20160519
TrendMicro-HouseCall VBS_DUNIHI.SM3 20160519
ViRobot VBS.S.Agent.179260[h] 20160518
Yandex Trojan.VBS.MegaBot.A 20160518
Zillya Worm.Dinihou.VBS.15 20160518
AhnLab-V3 20160518
Alibaba 20160516
Antiy-AVL 20160519
AVware 20160518
Baidu-International 20160518
Bkav 20160518
CAT-QuickHeal 20160518
ClamAV 20160519
CMC 20160516
Kingsoft 20160519
Malwarebytes 20160519
Rising 20160519
SUPERAntiSpyware 20160519
TheHacker 20160518
TotalDefense 20160519
VBA32 20160518
VIPRE 20160519
Zoner 20160519
The file being studied is a Portable Executable file! More specifically, it is a Text file.
FileVersionInfo properties
Publisher House
Version 2, 5, 3, 2
File version 5, 2, 9, 1
Description Depo
Packers identified
Command UPX
F-PROT UPX
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-15 14:07:16
Entry Point 0x00003C61
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
DeleteFileW
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
GetEnvironmentVariableA
HeapCreate
VirtualFree
GetFileType
ExitProcess
GetVersion
VirtualAlloc
IsDlgButtonChecked
PE exports
Number of PE resources by type
RT_RCDATA 380
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 380
ENGLISH US 3
PE resources
ExifTool file metadata
FileAccessDate
2015:02:10 20:19:21+01:00

FileCreateDate
2015:02:10 20:19:21+01:00

Compressed bundles
File identification
MD5 2dc3f51d0f2f0ce82f8555d51951e239
SHA1 12613b18146b861ae6d7f41bc5a7a7f19b1cf09a
SHA256 ebbc0706a7f3a37cd15897fdac5cdfdf547a43a0392e0d38b5a4db1aa9001fdf
ssdeep
96:Qs9tQw7tCXHSC7Vey7KB+wxRcyY9szPDyath+8xccF71fPw4QvMX2ilp2zjbx2l7:j7

File size 175.1 KB ( 179260 bytes )
File type Text
Magic literal
ASCII text, with very long lines, with CRLF line terminators

TrID Unknown!
Tags
text usb-autorun

VirusTotal metadata
First submission 2013-08-20 17:47:28 UTC ( 5 years, 8 months ago )
Last submission 2015-12-06 11:34:37 UTC ( 3 years, 4 months ago )
File names pvblmmaewx.vbs
pvblmmaewx.vbs
pvblmmaewx.vbs
pvblmmaewx.vbs
PVBLMMAEWX.VBS.Muestra EliStartPage v28.49
ywayyiuyip.vbs
pvblmmaewx.vbs
pvblmmaewx.vbs
NEWVBS~1.VBS
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!