× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fcf19ed8fb61dbfa8c286da9811fcfb9837dde69e06ceb5cd62e86cc5d4e9362
File name: frankcrypted.exe.log
Detection ratio: 9 / 48
Analysis date: 2014-01-09 11:44:08 UTC ( 3 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.34587 20140109
BitDefender Gen:Variant.Symmi.34587 20140109
ByteHero Virus.Win32.Heur.p 20131227
Emsisoft Gen:Variant.Symmi.34587 (B) 20140109
F-Secure Gen:Variant.Symmi.32966 20140109
GData Gen:Variant.Symmi.34587 20140109
Malwarebytes Backdoor.DarkKomet 20140109
eScan Gen:Variant.Symmi.34587 20140109
Rising PE:Trojan.VBInject!1.6546 20140109
Yandex 20140108
AhnLab-V3 20140109
AntiVir 20140109
Antiy-AVL 20140109
Avast 20140109
AVG 20140109
Baidu-International 20131213
Bkav 20140109
CAT-QuickHeal 20140109
ClamAV 20140109
Commtouch 20140109
Comodo 20140109
DrWeb 20140109
ESET-NOD32 20140109
F-Prot 20140109
Fortinet 20140109
Ikarus 20140109
Jiangmin 20140109
K7AntiVirus 20140108
K7GW 20140109
Kaspersky 20140109
Kingsoft 20130829
McAfee 20140109
McAfee-GW-Edition 20140109
Microsoft 20140109
NANO-Antivirus 20140109
Norman 20140109
nProtect 20140109
Panda 20140109
Sophos 20140109
SUPERAntiSpyware 20140108
Symantec 20140109
TheHacker 20140108
TotalDefense 20140108
TrendMicro 20140109
TrendMicro-HouseCall 20140109
VBA32 20140109
VIPRE 20140109
ViRobot 20140109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright © 1998-2005 Mark Russinovich

Publisher RoseCitySoftware
Product Metropto impropit thumlung sparker'
Original name Baragnos.exe
Internal name Baragnos
File version 1.00.0008
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-08 19:53:42
Entry Point 0x00001304
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(572)
Ord(617)
Ord(689)
Ord(525)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaCyAdd
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
Ord(618)
Ord(589)
Ord(100)
__vbaUI1I2
__vbaFreeVar
_adj_fprem1
_adj_fdiv_r
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(606)
__vbaFreeStr
_CIcos
Ord(713)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
Ord(582)
__vbaVarMove
Ord(646)
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(546)
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
__vbaStrCat
_CItan
__vbaFpI2
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
File identification
MD5 d27957bdbf46b8d5428df2ec3fb93c15
SHA1 d62016fa52169239cbb05c12d9954ab28d87a3f2
SHA256 fcf19ed8fb61dbfa8c286da9811fcfb9837dde69e06ceb5cd62e86cc5d4e9362
ssdeep
6144:bNM35DDRS2HwR9htlHIi0mPjPP3vbegTZqS3QBrc:SpDDw2HA/oi0k/fnj

File size 329.0 KB ( 336896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-09 11:44:08 UTC ( 3 years, 5 months ago )
Last submission 2014-01-09 11:44:08 UTC ( 3 years, 5 months ago )
File names Baragnos.exe
frankcrypted.exe.log
Baragnos
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.