× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9bc9f36857942b8fd4992039d024aa650d1e8198b883e77dda5369085c57cd1
File name: 571a0743947824b93acdb738c37f5181
Detection ratio: 34 / 44
Analysis date: 2012-10-20 07:05:26 UTC ( 6 years, 5 months ago )
Antivirus Result Update
Yandex Trojan.DL.VB!G/sq1xQHoqM 20121019
AhnLab-V3 Trojan/Win32.Gen 20121019
AntiVir TR/Agent.cre 20121020
Avast Win32:Trojan-gen 20121020
AVG Downloader.Small.HUE 20121020
BitDefender Trojan.Generic.KD.144679 20121020
Commtouch W32/Backdoor2.HIRW 20121020
Comodo TrojWare.Win32.VB.~TW 20121020
DrWeb Trojan.Click1.32242 20121020
Emsisoft Trojan.Generic.KD.144679 (B) 20121020
ESET-NOD32 Win32/TrojanDownloader.VB.OZX 20121020
F-Prot W32/Backdoor2.HIRW 20121020
F-Secure Trojan.Generic.KD.144679 20121020
Fortinet W32/VB.EQS!tr 20121020
GData Trojan.Generic.KD.144679 20121020
Ikarus Trojan.SuspectCRC 20121020
K7AntiVirus Trojan 20121018
Kingsoft Win32.MalWare.Heur_Generic.c.(kcloud) 20121008
McAfee Generic Downloader.x!fdv 20121020
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20121020
Microsoft Trojan:Win32/Dynamer!dtc 20121019
eScan Trojan.Generic.KD.144679 20121020
Norman W32/Smalltroj.ZMIR 20121019
nProtect Trojan.Generic.KD.144679 20121019
Panda Generic Trojan 20121019
PCTools Trojan.Gen 20121020
Rising Trojan.Win32.Generic.127D631B 20121019
Sophos AV Mal/Generic-L 20121020
SUPERAntiSpyware Trojan.Agent/Gen-Faker 20121020
Symantec Trojan.Gen 20121020
TheHacker Trojan/Downloader.VB.ozx 20121018
TrendMicro TROJ_VB.EQS 20121020
TrendMicro-HouseCall TROJ_VB.EQS 20121020
VIPRE Trojan.Win32.Generic!BT 20121020
Antiy-AVL 20121020
ByteHero 20121019
CAT-QuickHeal 20121020
ClamAV 20121019
eSafe 20121017
Jiangmin 20121020
Kaspersky 20121020
TotalDefense 20121019
VBA32 20121019
ViRobot 20121020
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher noOrg
Product Project1
Original name SPOONISGAY.exe
Internal name SPOONISGAY
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-20 22:02:05
Entry Point 0x000013E0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
Ord(518)
EVENT_SINK_Release
EVENT_SINK_QueryInterface
Ord(648)
_allmul
__vbaStrVarCopy
__vbaPutOwner3
Ord(320)
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
_adj_fpatan
_adj_fdiv_m32i
__vbaFreeObjList
Ord(561)
__vbaStrCopy
Ord(547)
__vbaVarVargNofree
Ord(319)
Ord(608)
Ord(666)
__vbaVarAnd
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaForEachCollObj
__vbaFPException
_CIexp
__vbaStrVarMove
Ord(321)
_adj_fdivr_m16i
__vbaStrMove
_adj_fdiv_r
Ord(100)
_adj_fdivr_m64
__vbaFreeVar
__vbaBoolVarNull
__vbaCastObjVar
__vbaObjSetAddref
__vbaNextEachCollObj
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaNew
__vbaStrVarVal
_CIcos
Ord(595)
Ord(600)
_adj_fptan
__vbaFileClose
__vbaExitEachColl
__vbaI4Var
__vbaLateIdCall
__vbaObjSet
__vbaErrorOverflow
_CIatan
__vbaI2I4
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(546)
_CItan
Ord(541)
__vbaInStrVar
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaFreeStrList
__vbaVarCat
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
12288

ImageVersion
1.0

ProductName
Project1

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2011:02:20 22:02:05+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
SPOONISGAY

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
SPOONISGAY.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
noOrg

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x13e0

ObjectFileType
Executable application

File identification
MD5 571a0743947824b93acdb738c37f5181
SHA1 4ddd62519bce6d0f86322d6e491de9e7c756257b
SHA256 f9bc9f36857942b8fd4992039d024aa650d1e8198b883e77dda5369085c57cd1
ssdeep
768:W15yiOw00e574Ir5Sgq4QIXGUFy6Qht3i0kC:W1r0T95S8BC

File size 40.0 KB ( 40960 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (96.9%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2011-02-26 18:18:51 UTC ( 8 years ago )
Last submission 2012-10-20 07:05:26 UTC ( 6 years, 5 months ago )
File names 571a0743947824b93acdb738c37f5181_INF9FF0.tmp
571a0743947824b93acdb738c37f5181-drop44.exe
f67Z_.scr
aa
SPOONISGAY
drop44.exe
1299079953.drop44.exe
[1529]drop44.exe.#
hgUwRVg.dotm
766563
SPOONISGAY.exe
571a0743947824b93acdb738c37f5181
TXT_Read_Sutep (43).exe
766435
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!