× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: be1af934f4a7ce2287da2e775451cffd166f8022476423b95fcf3f381bc3d07d
ფაილის სახელი: Blackberrylike5 Blackberrylike5 Blackberrylike5
დაფიქსირების შეფარდება: 37 / 56
ანალიზის თარიღი: 2016-06-19 16:35:34 UTC ( 2 წელი, 11 თვე-ის წინ ) ბოლო
ანტივირუსი შედეგები განახლება
Ad-Aware Trojan.GenericKD.3321593 20160619
AegisLab Troj.Spy.W32.Zbot!c 20160619
ALYac Trojan.GenericKD.3321593 20160619
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160619
Arcabit Trojan.Generic.D32AEF9 20160619
Avast Win32:Malware-gen 20160619
AVG Zbot.AOKA 20160619
Avira (no cloud) TR/Dropper.VB.qkom 20160619
AVware Trojan.Win32.Generic!BT 20160619
Baidu Win32.Trojan.WisdomEyes.151026.9950.9969 20160618
BitDefender Trojan.GenericKD.3321593 20160619
Bkav HW32.Packed.9C6C 20160618
Cyren W32/Trojan.IDDY-0658 20160619
DrWeb Trojan.PWS.Panda.10359 20160619
Emsisoft Trojan.GenericKD.3321593 (B) 20160619
ESET-NOD32 Win32/Spy.Zbot.ABS 20160619
F-Secure Trojan.GenericKD.3321593 20160619
Fortinet W32/Injector.DAFO!tr 20160619
GData Trojan.GenericKD.3321593 20160619
Ikarus Trojan.Crypt 20160619
K7AntiVirus Spyware ( 0049a4df1 ) 20160619
K7GW Spyware ( 0049a4df1 ) 20160619
Kaspersky Trojan-Spy.Win32.Zbot.wunw 20160619
McAfee PWSZbot-FARJ!8601CDE9C3A6 20160619
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20160619
Microsoft PWS:Win32/Zbot!CI 20160619
eScan Trojan.GenericKD.3321593 20160619
NANO-Antivirus Trojan.Win32.Panda.edmblr 20160619
Panda Generic Suspicious 20160619
Qihoo-360 Win32/Trojan.Dropper.fea 20160619
Sophos AV Mal/Generic-S 20160619
Symantec Trojan.Gen.2 20160619
Tencent Win32.Trojan.Bp-generic.Ixrn 20160619
TrendMicro TROJ_FORUCON.BME 20160619
TrendMicro-HouseCall TROJ_FORUCON.BME 20160619
VIPRE Trojan.Win32.Generic!BT 20160619
ViRobot Trojan.Win32.Z.Zbot.380928.X[h] 20160619
AhnLab-V3 20160619
Alibaba 20160619
Baidu-International 20160614
CAT-QuickHeal 20160618
ClamAV 20160619
CMC 20160616
Comodo 20160619
F-Prot 20160619
Jiangmin 20160619
Kingsoft 20160619
Malwarebytes 20160619
nProtect 20160617
SUPERAntiSpyware 20160619
TheHacker 20160619
TotalDefense 20160619
VBA32 20160617
Yandex 20160616
Zillya 20160618
Zoner 20160619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Wype1
Original name Blackberrylike5 Blackberrylike5 Blackberrylike5 .exe
Internal name Blackberrylike5 Blackberrylike5 Blackberrylike5
File version 4.08.0008
Description Bringen0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-14 19:51:48
Entry Point 0x000012D4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
EVENT_SINK_QueryInterface
Ord(521)
_allmul
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(697)
Ord(712)
Ord(596)
Ord(525)
_adj_fpatan
EVENT_SINK_AddRef
Ord(693)
Ord(677)
Ord(611)
Ord(675)
_adj_fdiv_m32i
Ord(591)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
DllFunctionCall
__vbaFPException
_CIexp
_adj_fdivr_m16i
Ord(589)
Ord(571)
__vbaFreeVar
_adj_fprem1
Ord(100)
_adj_fdiv_r
__vbaAryConstruct2
_adj_fdiv_m64
Ord(651)
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaLenBstrB
_CIcos
Ord(713)
_adj_fptan
Ord(610)
Ord(628)
__vbaVarMove
Ord(646)
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaAryDestruct
Ord(541)
__vbaStrMove
Ord(588)
_adj_fdivr_m32
_CItan
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ITALIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
20480

ImageVersion
4.8

ProductName
Wype1

FileVersionNumber
4.8.0.8

UninitializedDataSize
0

LanguageCode
Italian

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Blackberrylike5 Blackberrylike5 Blackberrylike5 .exe

MIMEType
application/octet-stream

FileVersion
4.08.0008

TimeStamp
2016:06:14 19:51:48+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Blackberrylike5 Blackberrylike5 Blackberrylike5

ProductVersion
4.08.0008

FileDescription
Bringen0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Samsung

CodeSize
360448

FileSubtype
0

ProductVersionNumber
4.8.0.8

EntryPoint
0x12d4

ObjectFileType
Executable application

File identification
MD5 8601cde9c3a6a76a761d031ef2fd37ba
SHA1 bbfe315008a9339c4ffc0bd14c560a88efa5fb0e
SHA256 be1af934f4a7ce2287da2e775451cffd166f8022476423b95fcf3f381bc3d07d
ssdeep
6144:PVe+VrE6oMc1tnDxzDqAemItUYkZSnrOJsMMl62V2D8mBokld6mHnZl:Ps+VQ6oz1FxzGAwtUYkZSQ2oIdkWUZ

authentihash 4ab4ecaf847ec09ce7b19afd2f696ecfdc41ea8ae5c5fffcd52a31d702ececb2
imphash cc20db4b974d1931a5f6779ab949919b
File size 372.0 კბ ( 380928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (68.2%)
Win64 Executable (generic) (22.9%)
Win32 Executable (generic) (3.7%)
OS/2 Executable (generic) (1.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-16 22:34:29 UTC ( 2 წელი, 11 თვე-ის წინ )
Last submission 2019-04-14 19:38:33 UTC ( 1 თვე-ის წინ )
ფაილის სახელები BLACKBERRYLIKE5 BLACKBERRYLIKE5 BLACKBERRYLIKE5
Blackberrylike5 Blackberrylike5 Blackberrylike5
Blackberrylike5 Blackberrylike5 Blackberrylike5
Blackberrylike5 Blackberrylike5 Blackberrylike5 .exe
Advanced heuristic and reputation engines
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications