× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f90c975e11c3bebc719175a87edfe6aa00a4580a041198e995749da0c19e9ac8
File name: msdb242ec7c.exe
Detection ratio: 39 / 57
Analysis date: 2015-04-01 08:33:37 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2248221 20150401
Yandex Trojan.Inject!sk/1kd0AIOM 20150331
AhnLab-V3 Trojan/Win32.ZBot 20150331
ALYac Trojan.GenericKD.2248221 20150401
Antiy-AVL Trojan/Win32.Inject 20150401
AVG Inject2.BUZJ 20150331
Avira (no cloud) TR/Dropper.VB.27955 20150401
AVware Trojan.Win32.Generic!BT 20150401
Baidu-International Trojan.Win32.Inject.upvr 20150331
BitDefender Trojan.GenericKD.2248221 20150401
ByteHero Virus.Win32.Heur.p 20150401
Comodo UnclassifiedMalware 20150401
DrWeb Trojan.Emotet.63 20150401
Emsisoft Trojan.GenericKD.2248221 (B) 20150401
ESET-NOD32 a variant of Win32/Injector.BXAS 20150401
F-Secure Trojan.GenericKD.2248221 20150401
Fortinet W32/BWYM!tr 20150401
GData Trojan.GenericKD.2248221 20150401
Ikarus Trojan.Win32.Injector 20150401
K7AntiVirus Trojan ( 004b8c611 ) 20150401
K7GW Trojan ( 004b8c611 ) 20150401
Kaspersky Trojan.Win32.Inject.upvr 20150401
Malwarebytes Backdoor.Bot 20150401
McAfee BackDoor-FCON!02512BA0E308 20150401
McAfee-GW-Edition BackDoor-FCON!02512BA0E308 20150331
Microsoft Trojan:Win32/Emotet.G 20150401
eScan Trojan.GenericKD.2248221 20150401
NANO-Antivirus Trojan.Win32.Inject.dptunz 20150401
Norman VBKrypt.VBP 20150401
nProtect Trojan.GenericKD.2248221 20150401
Panda Trj/Chgt.O 20150331
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150401
Sophos AV Mal/VBZbot-H 20150331
SUPERAntiSpyware Trojan.Agent/Gen-VB 20150401
Symantec Trojan.Gen.2 20150401
Tencent Trojan.Win32.Qudamah.Gen.17 20150401
TrendMicro TROJ_GEN.R00GC0CCV15 20150401
TrendMicro-HouseCall TROJ_GEN.R00GC0CCV15 20150401
VIPRE Trojan.Win32.Generic!BT 20150401
AegisLab 20150401
Alibaba 20150401
Avast 20150401
Bkav 20150331
CAT-QuickHeal 20150401
ClamAV 20150401
CMC 20150401
Cyren 20150401
F-Prot 20150401
Jiangmin 20150331
Kingsoft 20150401
Rising 20150331
TheHacker 20150330
TotalDefense 20150331
VBA32 20150331
ViRobot 20150401
Zillya 20150401
Zoner 20150330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Joyee Flynn
Product Goodreads
Internal name Callstb
File version 1.00.0857
Description Joyee Flynn writes paranormal erotic romance full of hot men who desire nothing more than each other.
Comments Joyee Flynn has 101 books on Goodreads with 62958 ratings. Joyee Flynn's most popular series is Marius World.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-25 08:02:58
Entry Point 0x00001518
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaVarAnd
Ord(537)
_adj_fdiv_r
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaAryCopy
__vbaFreeStr
Ord(631)
__vbaVarNot
__vbaStrI4
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
__vbaResume
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarTstLt
__vbaVarSetObjAddref
__vbaFreeVar
__vbaBoolVarNull
Ord(588)
__vbaLbound
__vbaFileOpen
__vbaUI1I2
Ord(711)
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaVarNeg
__vbaPrintFile
__vbaStrCmp
Ord(570)
__vbaAryUnlock
__vbaVarLateMemSt
__vbaVarAbs
__vbaStrVarCopy
__vbaFreeObjList
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaVarTstNe
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaVarSub
__vbaVarTstGt
_CIcos
__vbaVarMove
__vbaFPInt
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
_adj_fdiv_m32
Ord(685)
__vbaOnError
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaUI1I4
__vbaVargVar
_CIsin
_CIsqrt
_CIatan
__vbaVarDiv
__vbaLateMemCall
__vbaR8Var
__vbaObjSet
__vbaVarCat
_CIexp
_CItan
__vbaFpI4
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
MIXTYPE 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
FINNISH DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Joyee Flynn has 101 books on Goodreads with 62958 ratings. Joyee Flynn's most popular series is Marius World.

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.857

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
20480

MIMEType
application/octet-stream

FileVersion
1.00.0857

TimeStamp
2015:03:25 09:02:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Callstb

SubsystemVersion
4.0

ProductVersion
1.00.0857

FileDescription
Joyee Flynn writes paranormal erotic romance full of hot men who desire nothing more than each other.

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Joyee Flynn

CodeSize
61440

ProductName
Goodreads

ProductVersionNumber
1.0.0.857

EntryPoint
0x1518

ObjectFileType
Executable application

File identification
MD5 02512ba0e3085d1e2c3a167d5b61554f
SHA1 5c15709c8a5ffe10bbd18973bae09cd1f469623a
SHA256 f90c975e11c3bebc719175a87edfe6aa00a4580a041198e995749da0c19e9ac8
ssdeep
6144:Ng89B7YSYdTUZj3GiFUpWXh8WaijQmiL+Bg:usBkSYdTgjwgXnqV

authentihash 7494acd9a34b35e51b224d2f4a3270d2b6a5c20f1e7ffc28b4ad1af75b60001e
imphash 6f2a85bf4aaa143ad11cada4ba2094fe
File size 210.9 KB ( 215939 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-25 08:31:46 UTC ( 4 years, 1 month ago )
Last submission 2015-03-25 10:20:41 UTC ( 4 years, 1 month ago )
File names Callstb
35a.exe
msdb242ec7c.exe
msdb242ec7c.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!