× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f45fa658f07f8bd34b6ed2dcfbaa16be18ae3e1a2d807aa5b3f83c8ca0fcaa51
File name: Oime
Detection ratio: 42 / 55
Analysis date: 2014-11-13 14:37:45 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1934223 20141113
Yandex Trojan.Injector!ImcUrqMfg+M 20141113
AhnLab-V3 Malware/Win32.Generic 20141113
Avast Win32:Malware-gen 20141113
AVG Inject2.BBLN 20141113
Avira (no cloud) TR/Dropper.VB.22367 20141113
AVware Trojan.Win32.Generic!BT 20141113
Baidu-International Trojan.Win32.Injector.BBNSN 20141107
BitDefender Trojan.GenericKD.1934223 20141113
ByteHero Virus.Win32.Heur.p 20141113
CAT-QuickHeal Trojan.Generic.r3 20141113
CMC Heur.Win32.Veebee.1!O 20141110
Comodo UnclassifiedMalware 20141113
Cyren W32/Trojan.IEDG-6754 20141113
DrWeb Trojan.PWS.Panda.7278 20141113
Emsisoft Trojan.GenericKD.1934223 (B) 20141113
ESET-NOD32 a variant of Win32/Injector.BNSN 20141113
F-Prot W32/Trojan5.KWG 20141113
F-Secure Trojan.GenericKD.1934223 20141113
Fortinet Riskware/Generic.AC.1783486 20141113
GData Trojan.GenericKD.1934223 20141113
Ikarus Trojan-Spy.Win32.Zbot 20141113
K7AntiVirus Trojan ( 004af59f1 ) 20141113
K7GW Trojan ( 004af59f1 ) 20141113
Kaspersky HEUR:Trojan.Win32.Generic 20141113
Malwarebytes Trojan.PWS.Zbot 20141113
McAfee RDN/Generic PWS.y!bbn 20141113
McAfee-GW-Edition RDN/Generic PWS.y!bbn 20141113
Microsoft PWS:Win32/Zbot 20141113
eScan Trojan.GenericKD.1934223 20141113
NANO-Antivirus Trojan.Win32.Panda.dgyycn 20141113
Norman Troj_Generic.WQBZO 20141113
nProtect Trojan.GenericKD.1934223 20141113
Panda Trj/Genetic.gen 20141110
Qihoo-360 HEUR/QVM18.1.Malware.Gen 20141113
Rising PE:Trojan.Win32.Generic.17837C0B!394492939 20141112
Sophos Mal/Generic-S 20141113
Symantec Infostealer.Banker.C 20141113
Tencent Win32.Trojan.Falsesign.Wnmf 20141113
TrendMicro TROJ_GEN.R0CCC0DJO14 20141113
TrendMicro-HouseCall TROJ_GEN.R0CCC0DJO14 20141113
VIPRE Trojan.Win32.Generic!BT 20141113
AegisLab 20141113
Antiy-AVL 20141112
Bkav 20141113
ClamAV 20141113
Jiangmin 20141112
Kingsoft 20141113
SUPERAntiSpyware 20141113
TheHacker 20141111
TotalDefense 20141113
VBA32 20141113
ViRobot 20141113
Zillya 20141113
Zoner 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Visit please www.Allipance.eu
Product Naologic
Original name Oime.exe
Internal name Oime
File version 4.06.0006
Description Hanoveri reimb
Signature verification The digital signature of the object did not verify.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-16 23:13:52
Entry Point 0x001CAE50
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(546)
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
THAI DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
4.6

FileSubtype
0

FileVersionNumber
4.6.0.6

UninitializedDataSize
1564672

LanguageCode
Thai

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
16384

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
4.06.0006

TimeStamp
2014:10:17 00:13:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Oime

FileAccessDate
2014:11:13 15:38:38+01:00

ProductVersion
4.06.0006

FileDescription
Hanoveri reimb

OSVersion
4.0

FileCreateDate
2014:11:13 15:38:38+01:00

OriginalFilename
Oime.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Visit please www.Allipance.eu

CodeSize
315392

ProductName
Naologic

ProductVersionNumber
4.6.0.6

EntryPoint
0x1cae50

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 63710d614dc333fbbdfd2900f5c933c1
SHA1 24a028b33380198b53d0d10c860cdf90ec2d628d
SHA256 f45fa658f07f8bd34b6ed2dcfbaa16be18ae3e1a2d807aa5b3f83c8ca0fcaa51
ssdeep
6144:WBPF30lZacJAHEoprmOmbSFsl/t387BRv+Lk66a3GuBjuqnrlGQIoS66:WBPFklY2AHXbeSWyBlkvlBBjvn8hoS66

authentihash ca035a0ec0ed33a7b7264632378c08e887298038c20398592201d3f3987d173b
imphash 9f965e238de315597d990bf81c19377f
File size 326.1 KB ( 333977 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-10-20 14:26:11 UTC ( 2 years, 7 months ago )
Last submission 2014-10-20 14:26:11 UTC ( 2 years, 7 months ago )
File names scan001.com_
Oime
Oime.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!