× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f57afe245bca83f3dba81ca9cbbfd3bcd948471b892b23997d8702e6061aa07f
File name: f57afe245bca83f3dba81ca9cbbfd3bcd948471b892b23997d8702e6061aa07f.vir
Detection ratio: 23 / 56
Analysis date: 2016-01-13 04:34:52 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.79565 20160113
ALYac Gen:Variant.Kazy.79565 20160113
Antiy-AVL Trojan/Win32.SGeneric 20160113
Arcabit Trojan.Kazy.D136CD 20160113
AVG Generic18.BFYB 20160113
AVware Trojan.Win32.Generic!BT 20160111
Baidu-International Trojan.Win32.VB.QOD 20160112
BitDefender Gen:Variant.Kazy.79565 20160113
ClamAV Win.Trojan.Agent-406411 20160113
Emsisoft Gen:Variant.Kazy.79565 (B) 20160113
ESET-NOD32 Win32/VB.QOD 20160113
F-Secure Gen:Variant.Kazy.79565 20160113
GData Gen:Variant.Kazy.79565 20160113
McAfee Artemis!4E7A5B335022 20160113
McAfee-GW-Edition BehavesLike.Win32.Trojan.nt 20160113
eScan Gen:Variant.Kazy.79565 20160113
NANO-Antivirus Trojan.Win32.VB.cxhsdf 20160113
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160112
Sophos AV Mal/Generic-S 20160113
Symantec Trojan.Gen.2 20160112
Tencent Win32.Trojan.Generic.bdss 20160113
TheHacker Trojan/VB.qod 20160107
VIPRE Trojan.Win32.Generic!BT 20160113
AegisLab 20160112
Yandex 20160111
AhnLab-V3 20160112
Alibaba 20160113
Avast 20160113
Avira (no cloud) 20160113
Bkav 20160112
ByteHero 20160113
CAT-QuickHeal 20160112
CMC 20160111
Comodo 20160113
Cyren 20160113
DrWeb 20160113
F-Prot 20160111
Fortinet 20160113
Ikarus 20160113
Jiangmin 20160112
K7AntiVirus 20160112
K7GW 20160113
Kaspersky 20160112
Malwarebytes 20160113
Microsoft 20160113
nProtect 20160112
Panda 20160112
Qihoo-360 20160113
SUPERAntiSpyware 20160113
TotalDefense 20160112
TrendMicro 20160113
TrendMicro-HouseCall 20160113
VBA32 20160112
ViRobot 20160113
Zillya 20160112
Zoner 20160113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product OtoEnter
Original name otoEnter.exe
Internal name www.silkroadmax.com
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-12-26 18:28:36
Entry Point 0x000013F8
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(617)
_CIcos
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
Ord(685)
_adj_fpatan
_CIatan
__vbaFreeObjList
Ord(526)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
EVENT_SINK_Release
__vbaExitProc
Ord(100)
__vbaFreeVar
__vbaLateMemCallLd
__vbaObjSetAddref
_adj_fdiv_r
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(597)
__vbaLsetFixstr
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI4Str
__vbaVarDup
__vbaObjSet
__vbaI4Var
__vbaVarMove
_CIlog
__vbaRecUniToAnsi
__vbaRecAnsiToUni
__vbaNew2
__vbaErrorOverflow
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x13f8

OriginalFileName
otoEnter.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2003:12:26 19:28:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
www.silkroadmax.com

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
OtoEnter

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 4e7a5b335022dbbe45febf91969c6353
SHA1 d7c3f45acbdfc2765dbcf21a4a070c980dc082bc
SHA256 f57afe245bca83f3dba81ca9cbbfd3bcd948471b892b23997d8702e6061aa07f
ssdeep
384:oiY01aD5TbsOhMLhmFE3GSzT/2rW02poYk7HD3Wyq:oiY01w5TQvLhmFE3GSzT/2qjzk/Jq

authentihash 8a6d03662bafacfb27cd39f333367f76011ef7090303831c491e5de8201938e2
imphash 3582b8de0d4d1cde806b94a8bf364e3f
File size 36.0 KB ( 36864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2008-07-15 16:49:06 UTC ( 10 years, 5 months ago )
Last submission 2016-01-13 04:34:52 UTC ( 2 years, 11 months ago )
File names oto_enter.exe
074501fb002438b04bf149ac
f57afe245bca83f3dba81ca9cbbfd3bcd948471b892b23997d8702e6061aa07f.vir
output.1778235.txt
f57afe245bca83f3dba81ca9cbbfd3bcd948471b892b23997d8702e6061aa07f
output.1757269.txt
1778235
"oto_enter.exe"
1755330
otoEnter.exe
"index.html"
074501fb002438b04bf149ac
smona_f57afe245bca83f3dba81ca9cbbfd3bcd948471b892b23997d8702e6061aa07f.bin
www.silkroadmax.com
smona131492191587248455683
4E7A5B335022DBBE45FEBF91969C6353.bin
"074501fb002438b04bf149ac"
1757269
074501fb002438b04bf149ac.exe
output.1755330.txt
1740545
"file.bin"
output.1740545.txt
oto_enter (1).exe
enter.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!