× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f42e38862e03195124439cc30bf599a25c02dbd3d8b8a41331357647e6de3de6
File name: f42e38862e03195124439cc30bf599a25c02dbd3d8b8a41331357647e6de3de6
Detection ratio: 45 / 67
Analysis date: 2017-12-24 23:01:27 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.270288 20171224
AegisLab Troj.W32.Mucc!c 20171224
ALYac Gen:Variant.Zusy.270288 20171224
Antiy-AVL Trojan/Win32.Mucc 20171224
Arcabit Trojan.Zusy.D41FD0 20171224
Avira (no cloud) TR/Dropper.VB.womca 20171224
AVware Trojan.Win32.Generic!BT 20171224
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171222
BitDefender Gen:Variant.Zusy.270288 20171224
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.c44540 20171103
Cylance Unsafe 20171225
Cyren W32/VBTrojan.Dropper.4!Maximus 20171224
Emsisoft Gen:Variant.Zusy.270288 (B) 20171224
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Injector.DUQK 20171224
F-Prot W32/VBTrojan.Dropper.4!Maximus 20171224
F-Secure Gen:Variant.Zusy.270288 20171224
Fortinet W32/GenKryptik.BJFV!tr 20171224
GData Gen:Variant.Zusy.270288 20171224
Ikarus Trojan.Win32.Injector 20171224
Sophos ML heuristic 20170914
Jiangmin Trojan.Mucc.abq 20171221
K7AntiVirus Trojan ( 00520e9f1 ) 20171224
K7GW Trojan ( 00520e9f1 ) 20171224
Kaspersky Trojan.Win32.Mucc.faq 20171224
Malwarebytes Trojan.TrickBot 20171224
MAX malware (ai score=80) 20171224
McAfee GenericRXDP-AN!3B8C2377635D 20171224
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20171224
Microsoft Trojan:Win32/Totbrick.H 20171224
eScan Gen:Variant.Zusy.270288 20171224
NANO-Antivirus Trojan.Win32.Mucc.eweiyt 20171224
Palo Alto Networks (Known Signatures) generic.ml 20171225
Panda Trj/Genetic.gen 20171224
Qihoo-360 Win32/Trojan.7ca 20171225
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/TrickVB-A 20171224
Symantec Trojan.Gen 20171224
Tencent Win32.Trojan.Mucc.Lmbk 20171225
TrendMicro-HouseCall TROJ_GEN.R020C0DLJ17 20171224
VBA32 TScope.Trojan.VB 20171222
VIPRE Trojan.Win32.Generic!BT 20171224
Webroot W32.Adware.Gen 20171225
ZoneAlarm by Check Point Trojan.Win32.Mucc.faq 20171224
AhnLab-V3 20171224
Alibaba 20171222
Avast 20171224
Avast-Mobile 20171224
AVG 20171224
Bkav 20171222
CAT-QuickHeal 20171223
ClamAV 20171224
CMC 20171224
Comodo 20171224
DrWeb 20171224
eGambit 20171225
Kingsoft 20171225
nProtect 20171224
Rising 20171224
SUPERAntiSpyware 20171224
Symantec Mobile Insight 20171222
TheHacker 20171219
TotalDefense 20171224
Trustlook 20171225
ViRobot 20171224
WhiteArmor 20171204
Yandex 20171222
Zillya 20171222
Zoner 20171224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Full title, Pikasm FSE. Year of release 2017

Product Marka Pilos
Original name zwsend.exe
Internal name zwsend
File version 1.00
Description Dedykowane artykuly marki sa dostarczane przez znanych polskich oraz zagranicznych producentуw
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-18 07:38:16
Entry Point 0x000013B8
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
_CIatan
__vbaGenerateBoundsError
_allmul
__vbaStrMove
_adj_fdivr_m64
__vbaErase
_adj_fprem
Ord(661)
__vbaLenBstr
__vbaAryMove
_adj_fpatan
__vbaStrVarCopy
__vbaRedimPreserve
__vbaDateVar
__vbaVarCmpGt
__vbaInStr
_adj_fdiv_m32i
__vbaStrCopy
__vbaVarAnd
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
_CIexp
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
__vbaExitProc
Ord(100)
__vbaAryLock
__vbaFreeVar
__vbaVarTstGe
__vbaUI1Var
_adj_fdiv_r
__vbaAryConstruct2
__vbaPowerR8
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaLenBstrB
__vbaVarMul
__vbaStrVarVal
_CIcos
__vbaFreeStr
_adj_fptan
__vbaI4Str
_CItan
Ord(538)
__vbaAryUnlock
__vbaVarMove
__vbaErrorOverflow
__vbaVarCopy
__vbaNew2
Ord(644)
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
Ord(541)
__vbaAryCopy
Ord(540)
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaVar2Vec
__vbaFreeStrList
__vbaFpI2
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 2
BUILDNUMBER2464 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 7
NEUTRAL 4
ENGLISH US 1
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Dedykowane artykuly marki sa dostarczane przez znanych polskich oraz zagranicznych producent w

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
327680

EntryPoint
0x13b8

OriginalFileName
zwsend.exe

MIMEType
application/octet-stream

LegalCopyright
Full title, Pikasm FSE. Year of release 2017

FileVersion
1.0

TimeStamp
2017:12:18 08:38:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
zwsend

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Marka Pilos

CodeSize
28672

ProductName
Marka Pilos

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3b8c2377635d463a0ac479f9a91c6cdd
SHA1 c647b5ac445400cc6c138d75d260f96cd8888ff6
SHA256 f42e38862e03195124439cc30bf599a25c02dbd3d8b8a41331357647e6de3de6
ssdeep
6144:mkDU8xtP/xnJ7p7PmhID3VjQihR0ZxHqYan4hq5SHvDn5SHvDA:mkPfP/xBpyS3GtzqYakBvyv0

authentihash 7e056513c83e499c36afd68990df3f4f49784ac37f225e5d03c680a950c0c905
imphash 8a170c0035a2a7125f4e6bb59b173d30
File size 352.0 KB ( 360448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-24 00:50:01 UTC ( 1 year, 4 months ago )
Last submission 2018-05-26 18:01:20 UTC ( 11 months ago )
File names zwsend
zwsend.exe
f42e38862e03195124439cc30bf599a25c02dbd3d8b8a41331357647e6de3de6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!