× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f74f8bcdcc49309dac5efb10416cfd0d8fb0a58ce75449edc9c6856ab150f2c6
File name: c3b88dc0305d7b16e769056dccfdfe23
Detection ratio: 40 / 50
Analysis date: 2014-06-04 19:15:15 UTC ( 10 months, 3 weeks ago )
Antivirus Result Update
AVG Clicker.AJBM 20140604
Ad-Aware Trojan.Generic.4089017 20140604
Agnitum Trojan.CL.Small!e/jnXcgfIqw 20140602
AhnLab-V3 Trojan/Win32.Small 20140604
AntiVir TR/Patched.Ren.Gen 20140604
Avast Win32:Malware-gen 20140604
Baidu-International Trojan.Win32.Clicker.al 20140604
BitDefender Trojan.Generic.4089017 20140604
Bkav W32.Clod013.Trojan.8799 20140604
Comodo Packed.Win32.MUPX.Gen 20140604
DrWeb Trojan.Click.64137 20140604
ESET-NOD32 a variant of Win32/TrojanClicker.VB.NOZ 20140604
Emsisoft Trojan.Generic.4089017 (B) 20140604
F-Secure Trojan.Generic.4089017 20140604
Fortinet W32/VB.AGR!tr 20140604
GData Trojan.Generic.4089017 20140604
Ikarus Virus.Win32.Virut 20140604
K7AntiVirus Trojan ( 00386dc51 ) 20140604
K7GW Trojan ( 00386dc51 ) 20140604
Kaspersky Trojan-Clicker.Win32.Small.agr 20140604
Kingsoft Win32.Troj.Small.(kcloud) 20140604
McAfee Generic VB.ho 20140604
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20140604
MicroWorld-eScan Trojan.Generic.4089017 20140604
Microsoft TrojanDownloader:Win32/VB.LV 20140604
NANO-Antivirus Trojan.Win32.Small.jyeaw 20140604
Norman Suspicious_Gen2.KTHIW 20140604
Panda Trj/CI.A 20140604
Qihoo-360 HEUR/Malware.QVM03.Gen 20140604
Rising PE:Trojan.VbClic!1.99F3 20140603
Sophos Mal/Generic-G 20140604
Symantec WS.Reputation.1 20140604
Tencent Win32.Trojan.Small.Syro 20140604
TheHacker Trojan/Clicker.Small.agr 20140602
TrendMicro HT_MASMTASM_0000032.TOMA 20140604
TrendMicro-HouseCall HT_MASMTASM_0000032.TOMA 20140604
VBA32 SScope.Trojan.VBRA.188 20140604
VIPRE Trojan.Win32.Generic!BT 20140604
ViRobot Trojan.Win32.A.Clicker.30208.D 20140604
nProtect Trojan/W32.Small.30208.LO 20140604
AegisLab 20140604
ByteHero 20140604
CAT-QuickHeal 20140604
CMC 20140604
ClamAV 20140604
Commtouch 20140604
F-Prot 20140604
Malwarebytes 20140604
SUPERAntiSpyware 20140604
TotalDefense 20140604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Publisher ????
Product Project1
Original name lb111.exe
Internal name lb111
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-27 02:25:58
Link date 3:25 AM 5/27/2010
Entry Point 0x00001090
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(717)
__vbaExceptHandler
Ord(535)
Ord(632)
MethCallEngine
DllFunctionCall
EVENT_SINK_AddRef
EVENT_SINK_Release
Ord(100)
Ord(594)
Ord(598)
Ord(593)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
CHINESE SIMPLIFIED 1
ExifTool file metadata
UninitializedDataSize
20480

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
4096

OriginalFilename
lb111.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2010:05:27 03:25:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
lb111

FileAccessDate
2014:06:04 20:16:37+01:00

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:06:04 20:16:37+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
4096

ProductName
Project1

ProductVersionNumber
1.0.0.0

EntryPoint
0x1090

ObjectFileType
Executable application

File identification
MD5 c3b88dc0305d7b16e769056dccfdfe23
SHA1 8adf1b1a42f63c0fb4ac066e400baf45bb520666
SHA256 f74f8bcdcc49309dac5efb10416cfd0d8fb0a58ce75449edc9c6856ab150f2c6
ssdeep
192:yakxVaFJBaOXyBCyK0VSWsiqBlMiCTlEi9:bPuOXyXK5WeQ

imphash 9689e75bf16bb89cebf6475877dd0756
File size 29.5 KB ( 30208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-10 13:58:36 UTC ( 2 years, 8 months ago )
Last submission 2014-06-04 19:15:15 UTC ( 10 months, 3 weeks ago )
File names lb111
lb111.exe
c3b88dc0305d7b16e769056dccfdfe23
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications