× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe39f983bf5839a690c28e80e2190588ab57d64a0b66970251abe5396912d782
File name: Transele
Detection ratio: 35 / 56
Analysis date: 2014-12-22 07:00:27 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.167425 20141222
AhnLab-V3 Trojan/Win32.ZBot 20141221
ALYac Gen:Variant.Graftor.167425 20141221
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141221
Avast Win32:Malware-gen 20141222
AVG Luhe.Gen.C 20141222
Avira (no cloud) TR/Injector.238080 20141221
AVware Trojan.Win32.Generic!BT 20141222
BitDefender Gen:Variant.Graftor.167425 20141222
CAT-QuickHeal VirTool.VBInject.LE3 20141219
CMC Heur.Win32.Veebee.1!O 20141218
Comodo UnclassifiedMalware 20141222
Cyren W32/Trojan.IEIQ-6878 20141222
Emsisoft Gen:Variant.Graftor.167425 (B) 20141222
ESET-NOD32 a variant of Win32/Injector.BRHO 20141222
F-Secure Gen:Variant.Graftor.167425 20141221
Fortinet W32/Injector.BQPX!tr 20141222
GData Gen:Variant.Graftor.167425 20141222
Ikarus Trojan-Spy.Zbot 20141222
Kaspersky Trojan-Spy.Win32.Zbot.usio 20141222
Malwarebytes Trojan.Agent 20141222
McAfee Generic-FAVL!97CD42DFE175 20141222
McAfee-GW-Edition BehavesLike.Win32.Trojan.dh 20141221
Microsoft PWS:Win32/Zbot.gen!ZA 20141222
eScan Gen:Variant.Graftor.167425 20141222
NANO-Antivirus Trojan.Win32.Zbot.dkpayr 20141222
Norman ZBot.XLTP 20141221
Qihoo-360 Malware.QVM03.Gen 20141222
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141218
Sophos AV Mal/Generic-S 20141222
Symantec Trojan.Zbot 20141222
TrendMicro TROJ_GEN.R0C1C0DLH14 20141222
TrendMicro-HouseCall TROJ_GEN.R0C1C0DLH14 20141222
VIPRE Trojan.Win32.Generic!BT 20141222
ViRobot Trojan.Win32.S.Agent.238080.AY[h] 20141222
AegisLab 20141222
Yandex 20141221
Baidu-International 20141221
Bkav 20141220
ByteHero 20141222
ClamAV 20141222
DrWeb 20141222
F-Prot 20141222
Jiangmin 20141221
K7AntiVirus 20141219
K7GW 20141220
Kingsoft 20141222
nProtect 20141219
Panda 20141221
SUPERAntiSpyware 20141221
Tencent 20141222
TheHacker 20141222
TotalDefense 20141222
VBA32 20141221
Zillya 20141221
Zoner 20141219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher PetaBit Exlimites
Product Sulphovi
Original name Transele.exe
Internal name Transele
File version 1.01.0009
Description Yawper's menin
Comments TurtleShield 2011
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-17 05:10:56
Entry Point 0x000013F4
Number of sections 3
PE sections
PE imports
__vbaWriteFile
_adj_fdiv_m32
Ord(523)
Ord(617)
EVENT_SINK_Release
__vbaEnd
__vbaRedim
__vbaVarDup
EVENT_SINK_AddRef
__vbaStrMove
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(661)
Ord(678)
Ord(709)
_adj_fpatan
__vbaFreeObjList
Ord(544)
__vbaDateVar
__vbaFileClose
_adj_fdiv_m32i
Ord(717)
Ord(702)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaUbound
Ord(589)
Ord(100)
__vbaDerefAry1
__vbaFreeVar
Ord(570)
__vbaFreeStr
__vbaChkstk
__vbaObjSetAddref
_adj_fdiv_r
_CItan
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(606)
__vbaStrCopy
_allmul
__vbaAryLock
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
Ord(593)
Ord(704)
__vbaFpI4
Ord(538)
_CIatan
__vbaNew2
__vbaFpCSngR4
_adj_fdivr_m32i
Ord(546)
__vbaAryDestruct
_CIexp
__vbaStrI2
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
Ord(609)
Ord(598)
Ord(698)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ITALIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
TurtleShield 2011

InitializedDataSize
12288

ImageVersion
1.1

ProductName
Sulphovi

FileVersionNumber
1.1.0.9

UninitializedDataSize
0

LanguageCode
Italian

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Transele.exe

MIMEType
application/octet-stream

FileVersion
1.01.0009

TimeStamp
2014:12:17 06:10:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Transele

FileAccessDate
2014:12:22 08:18:47+01:00

ProductVersion
1.01.0009

FileDescription
Yawper's menin

OSVersion
4.0

FileCreateDate
2014:12:22 08:18:47+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PetaBit Exlimites

CodeSize
225280

FileSubtype
0

ProductVersionNumber
1.1.0.9

EntryPoint
0x13f4

ObjectFileType
Executable application

File identification
MD5 97cd42dfe175f12b8b588f328a521eb5
SHA1 1709c0272bd56546900a99013c1d768e48a3eb4f
SHA256 fe39f983bf5839a690c28e80e2190588ab57d64a0b66970251abe5396912d782
ssdeep
3072:x4HE6kEWRUuiSnweHQU9Gp2PY68/FjlTK9RuCGyxSMbV42tnqi3C5:aHyZTidUn9kSP8ddK98kxXVXtnvs

authentihash c1831964c874b634845b1986b4bf7ef2473150202fb60c1362da9a1f437af49f
imphash a074d3e5bf16c92c49a93b79c938010e
File size 232.5 KB ( 238080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-18 04:37:13 UTC ( 2 years, 8 months ago )
Last submission 2014-12-18 04:37:13 UTC ( 2 years, 8 months ago )
File names Transele.exe
105.exe
Transele
fe39f983bf5839a690c28e80e2190588ab57d64a0b66970251abe5396912d782.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.