× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6436b6d0e38dd99c98771104b883f284baa1d921f48f41df113133d84e8d0f0
File name: 3420de55b8de4b837c9cc61a8c7a3dd0.vir
Detection ratio: 57 / 66
Analysis date: 2018-05-18 23:29:42 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.6359758 20180518
AegisLab W32.W.WBNA.aot!c 20180518
AhnLab-V3 Worm/Win32.VBNA.R37147 20180518
ALYac Trojan.Generic.6359758 20180518
Antiy-AVL Worm/Win32.WBNA 20180519
Arcabit Trojan.Generic.D610ACE 20180518
Avast FileRepMetagen [Malware] 20180518
AVG FileRepMetagen [Malware] 20180518
Avira (no cloud) WORM/VBNA.aotb 20180518
AVware Trojan.Win32.Generic!BT 20180518
BitDefender Trojan.Generic.6359758 20180518
Bkav W32.Larwin.Worm 20180518
CAT-QuickHeal Worm.WBNA 20180518
ClamAV Win.Trojan.Wbna-179 20180518
CMC Worm.Win32.WBNA!O 20180518
Cylance Unsafe 20180519
Cyren W32/Trojan.ZBHJ-7235 20180518
DrWeb Worm.Siggen.5117 20180518
Emsisoft Trojan.Generic.6359758 (B) 20180518
Endgame malicious (moderate confidence) 20180507
ESET-NOD32 a variant of Win32/TrojanClicker.VB.NRQ 20180518
F-Prot W32/Trojan2.NNSI 20180518
F-Secure Trojan.Generic.6359758 20180518
Fortinet W32/Generic.AC.22C8D1!tr 20180518
GData Trojan.Generic.6359758 20180518
Ikarus Worm.Win32.WBNA 20180518
Jiangmin Worm/WBNA.cut 20180518
K7AntiVirus Riskware ( 0040eff71 ) 20180518
K7GW Riskware ( 0040eff71 ) 20180518
Kaspersky Worm.Win32.WBNA.app 20180518
Malwarebytes Backdoor.Bot 20180518
MAX malware (ai score=100) 20180519
McAfee Generic BackDoor.se 20180518
McAfee-GW-Edition BehavesLike.Win32.Trojan.kc 20180518
Microsoft Trojan:Win32/VB 20180518
eScan Trojan.Generic.6359758 20180518
NANO-Antivirus Trojan.Win32.WBNA.rafty 20180518
Palo Alto Networks (Known Signatures) generic.ml 20180519
Panda Trj/Genetic.gen 20180518
Qihoo-360 Malware.Radar01.Gen 20180519
Rising Worm.Win32.WBNA.a (CLASSIC) 20180518
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/VB-FJN 20180518
SUPERAntiSpyware Trojan.Agent/Gen-Falprod[Cont] 20180518
Symantec Trojan.Gen.2 20180518
Tencent Win32.Worm.Wbna.Lhcy 20180519
TheHacker W32/WBNA.aot 20180516
TotalDefense Win32/Veebuu.QX 20180518
TrendMicro TROJ_MALAGENT.MI 20180518
TrendMicro-HouseCall TROJ_WBNA_0000000.TOMA 20180518
VBA32 TScope.Trojan.VB 20180518
VIPRE Trojan.Win32.Generic!BT 20180518
ViRobot Worm.Win32.A.WBNA.68368 20180518
Webroot Malicious 20180519
Yandex Worm.WBNA!iEWOM8Ji8Ts 20180518
Zillya Worm.WBNA.Win32.1793 20180516
ZoneAlarm by Check Point Worm.Win32.WBNA.app 20180518
Alibaba 20180518
Avast-Mobile 20180518
Babable 20180406
Baidu 20180518
Comodo 20180518
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180519
Sophos ML 20180503
Kingsoft 20180519
nProtect 20180518
Symantec Mobile Insight 20180518
Trustlook 20180519
Zoner 20180518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product YLRMakVreIGhbYwGaYYN
Original name Y0Za336IN3RUH4RXJnA0G51Uvx3dzfaK.exe
Internal name Y0Za336IN3RUH4RXJnA0G51Uvx3dzfaK
File version 1.00.0001
Packers identified
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-17 16:18:37
Entry Point 0x00034001
Number of sections 5
PE sections
PE imports
GetProcAddress
GetModuleHandleA
LoadLibraryA
__vbaR8FixI4
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
12288

ImageVersion
1.0

ProductName
YLRMakVreIGhbYwGaYYN

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Y0Za336IN3RUH4RXJnA0G51Uvx3dzfaK.exe

MIMEType
application/octet-stream

FileVersion
1.00.0001

TimeStamp
2011:06:17 17:18:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Y0Za336IN3RUH4RXJnA0G51Uvx3dzfaK

ProductVersion
1.00.0001

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
196608

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x34001

ObjectFileType
Executable application

File identification
MD5 3420de55b8de4b837c9cc61a8c7a3dd0
SHA1 d6b26ebbbe92459a2f57ba64cfeefd169f21a1eb
SHA256 f6436b6d0e38dd99c98771104b883f284baa1d921f48f41df113133d84e8d0f0
ssdeep
1536:UfRJODQN4XL1NoVmVMEL+UrMlschkteK:Ufir1NoVl9/lnyA

authentihash a2a4a7a611a610f764a46dfd44dce970e2e3c508546cc82430dd1b78c57bb787
imphash 6bbbfe743771df461c01cb233950006d
File size 68.0 KB ( 69632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe aspack

VirusTotal metadata
First submission 2011-06-18 02:26:56 UTC ( 7 years, 11 months ago )
Last submission 2018-05-18 23:29:42 UTC ( 1 year ago )
File names 1082456
1028998
1028999
1083458
1082683
3420de55b8de4b837c9cc61a8c7a3dd0.exe
1029000
3420de55b8de4b837c9cc61a8c7a3dd0d6b26ebbbe92459a2f57ba64cfeefd169f21a1eb69632.exe
1028997
1053513
1071020
1051579
1035720
1066990
1020850
1035213
6dd16de38ecd7f2462c44e73fed877ed0f3914e1_
1020257
1050996
1070231
1028996
1077899
3420de55b8de4b837c9cc61a8c7a3dd0
1022749
1022748
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!