× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe25bf45d21b086207c39236c0b6f902aa7a11008cf86a079b0a90841ce54564
File name: vt-upload-qJ0Cv
Detection ratio: 56 / 57
Analysis date: 2016-05-21 19:37:37 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Scar.AG 20160521
AegisLab Application.Keylog.mqOt 20160521
AhnLab-V3 HEUR/Fakon.mwf 20160521
ALYac Trojan.Scar.AG 20160521
Antiy-AVL Trojan/Win32.Scar 20160521
Arcabit Trojan.Scar.AG 20160521
Avast Win32:VB-AHPX [Trj] 20160521
AVG SHeur3.CDSC 20160521
Avira (no cloud) TR/ATRAPS.Gen 20160521
AVware Trojan.Win32.Generic!BT 20160521
Baidu Win32.Trojan.VB.ac 20160520
Baidu-International Trojan.Win32.Scar.ar 20160521
BitDefender Trojan.Scar.AG 20160521
Bkav W32.FakeW7Folder.Fam.Trojan 20160521
CAT-QuickHeal Trojan.VB.Gen 20160521
ClamAV Win.Trojan.Agent-347209 20160521
CMC Trojan.Win32.Scar!O 20160520
Comodo TrojWare.Win32.WBNA.THR 20160521
Cyren W32/VB.ML.gen!Eldorado 20160521
DrWeb Trojan.MulDrop3.10901 20160521
Emsisoft Trojan.Scar.AG (B) 20160521
ESET-NOD32 Win32/VB.OGG 20160521
F-Prot W32/VB.ML.gen!Eldorado 20160521
F-Secure Trojan.Scar.AG 20160521
Fortinet W32/VB.QHS!tr 20160521
GData Trojan.Scar.AG 20160521
Ikarus Trojan.Win32.Sulunch 20160521
Jiangmin Worm/WBNA.hgwu 20160521
K7AntiVirus P2PWorm ( 004d37d41 ) 20160521
K7GW P2PWorm ( 004d37d41 ) 20160521
Kaspersky Trojan.Win32.Scar.lpco 20160521
Kingsoft Win32.Troj.Undef.(kcloud) 20160521
Malwarebytes Trojan.Scar 20160521
McAfee Generic VB.b 20160521
McAfee-GW-Edition BehavesLike.Win32.Worm.lt 20160521
Microsoft Trojan:Win32/Sulunch!gmb 20160520
eScan Trojan.Scar.AG 20160521
NANO-Antivirus Trojan.Win32.Scar.crgjex 20160521
nProtect Trojan/W32.Scar.73728.DZ 20160520
Panda Trj/Genetic.gen 20160521
Qihoo-360 HEUR/Malware.QVM03.Gen 20160521
Rising Trojan.Vbex!1.99EE 20160521
Sophos AV Mal/Agent-AFW 20160521
SUPERAntiSpyware Trojan.Agent/Gen-FraudPack 20160521
Symantec Infostealer 20160521
Tencent Win32.Trojan.Scar.Eerv 20160521
TheHacker Trojan/Scar.fwsf 20160520
TotalDefense Win32/FakeFLDR_i 20160521
TrendMicro WORM_OTORUN.SM0 20160521
TrendMicro-HouseCall WORM_OTORUN.SM0 20160521
VBA32 Trojan.Scar 20160520
VIPRE Trojan.Win32.Generic!BT 20160521
ViRobot Trojan.Win32.Scar.128768[h] 20160521
Yandex Trojan.VB!2quPwH6ZNY4 20160520
Zillya Trojan.VB.Win32.69922 20160521
Zoner Trojan.VB.QHS 20160521
Alibaba 20160520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-24 14:29:48
Entry Point 0x000017EC
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
Ord(518)
_adj_fpatan
__vbaEnd
__vbaStrCmp
__vbaVarDup
_adj_fdivr_m64
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
Ord(685)
__vbaVarLateMemCallLdRf
__vbaObjVar
__vbaFreeObjList
__vbaPrintFile
__vbaVarSetVar
Ord(576)
__vbaLateMemCall
__vbaVarForInit
_adj_fdiv_m32i
__vbaStrCopy
Ord(666)
Ord(647)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
EVENT_SINK_Release
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaFreeObj
__vbaVarAdd
Ord(528)
__vbaFreeVar
Ord(580)
Ord(547)
__vbaFileOpen
_adj_fdiv_m64
_CIlog
__vbaVarForNext
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(597)
_allmul
__vbaStrVarVal
_CIcos
EVENT_SINK_QueryInterface
Ord(600)
_adj_fptan
__vbaI2Var
__vbaFileClose
__vbaObjSet
__vbaI4Var
Ord(716)
__vbaVarMove
__vbaVarLateMemSt
_CIatan
Ord(608)
__vbaNew2
__vbaErrorOverflow
__vbaVarCat
__vbaOnError
_adj_fdivr_m32i
Ord(546)
_CItan
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(543)
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
__vbaVarLateMemCallSt
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ENGLISH AUS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:01:24 15:29:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

EntryPoint
0x17ec

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8eafdba7881e8a21ff9a5bb650aed7f5
SHA1 651c1c4c021c581793da4b1d9a36ba16ae232f99
SHA256 fe25bf45d21b086207c39236c0b6f902aa7a11008cf86a079b0a90841ce54564
ssdeep
1536:ZHUHW7VMPNzMh0QpFZyOSAYZRx6ik9ld8rAzc3i6EBXlLOUp:2nk0QpFZyOSAYZRx6iDr8LOUp

authentihash ee9fb289a70c9e7bc9c007c1cabc018562fcbfe0e41bb1843d204353dc0871ac
imphash 023f796133d37a690fe9b5db3d7a9573
File size 72.0 KB ( 73728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-06-19 20:23:12 UTC ( 5 years, 8 months ago )
Last submission 2013-06-19 20:23:12 UTC ( 5 years, 8 months ago )
File names vt-upload-qJ0Cv
Updates.exe
Behaviour characterization
Zemana
keylogger

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.