× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: 3ee63029d3ced827deb1ec009b8e084020a96b0683138999b852c60675a6bac6
Nome do arquivo: malware.exe
Taxa de detecção: 27 / 46
Data da análise: 2013-08-30 03:49:34 UTC ( 4 anos, 3 meses atrás ) Visualizar últimos
Antivírus Resultado Atualização
AhnLab-V3 Trojan/Win32.SelfDel 20130829
AntiVir Worm/Autorun.EB.2 20130829
Avast Win32:VB-AFXL [Trj] 20130830
AVG Generic30.COJQ 20130829
BitDefender Gen:Variant.Symmi.15315 20130830
Comodo TrojWare.Win32.SelfDel.EBV 20130829
DrWeb Trojan.Siggen4.56953 20130830
Emsisoft Gen:Variant.Symmi.15315 (B) 20130830
ESET-NOD32 Win32/TrojanDownloader.Beebone.ED 20130829
F-Secure Gen:Variant.Symmi.15315 20130830
Fortinet W32/VBKrypt.E!tr 20130830
GData Gen:Variant.Symmi.15315 20130830
Ikarus Trojan.Win32.SelfDel 20130830
K7AntiVirus EmailWorm 20130829
K7GW EmailWorm 20130829
Kaspersky Trojan.Win32.SelfDel.ebv 20130829
McAfee W32/Autorun.worm.aaeh 20130830
McAfee-GW-Edition W32/Autorun.worm.aaeh 20130829
Microsoft TrojanDownloader:Win32/Beebone 20130830
eScan Gen:Variant.Symmi.15315 20130830
Panda W32/Vobfus.gen.worm 20130829
Sophos AV Mal/SillyFDC-Z 20130830
TotalDefense Win32/VBDoc.N 20130829
TrendMicro WORM_VOBFUS.SML2 20130830
TrendMicro-HouseCall WORM_VOBFUS.SML2 20130830
VBA32 BScope.Trojan.Diple 20130829
VIPRE LooksLike.Win32.Beebone.gen.3 (v) 20130830
Yandex 20130829
Antiy-AVL 20130829
ByteHero 20130814
CAT-QuickHeal 20130829
ClamAV 20130830
Commtouch 20130830
F-Prot 20130830
Jiangmin 20130829
Kingsoft 20130829
Malwarebytes 20130830
NANO-Antivirus 20130830
Norman 20130829
nProtect 20130830
PCTools 20130829
Rising 20130829
SUPERAntiSpyware 20130830
Symantec 20130830
TheHacker 20130830
ViRobot 20130829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-09 19:30:28
Entry Point 0x000022C8
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
Ord(616)
_adj_fprem
__vbaAryMove
__vbaVarAnd
__vbaRedim
__vbaRecDestruct
__vbaCopyBytes
_adj_fdiv_r
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
Ord(608)
__vbaFreeStr
__vbaUI1Str
__vbaStrI2
__vbaStrI4
Ord(709)
__vbaFreeStrList
_adj_fdiv_m16i
__vbaExceptHandler
EVENT_SINK_QueryInterface
__vbaR8Cy
Ord(607)
__vbaLenBstr
__vbaRedimPreserve
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(307)
__vbaSetSystemError
DllFunctionCall
__vbaGetOwner3
__vbaPowerR8
__vbaUbound
__vbaVarTstLt
__vbaDerefAry1
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
_CIsin
Ord(711)
__vbaNew
__vbaAryLock
EVENT_SINK_Release
Ord(618)
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaFpCy
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaStrCmp
Ord(570)
__vbaAryCopy
__vbaErase
__vbaStrVarCopy
__vbaFreeObjList
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaVarLikeVar
__vbaCastObj
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarTstGt
_CIcos
Ord(528)
__vbaR4Cy
__vbaVarMove
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaCyI2
__vbaEnd
__vbaVarZero
__vbaPutOwner3
Ord(685)
Ord(572)
Ord(712)
__vbaOnError
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarVargNofree
__vbaStrCopy
Ord(668)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
Ord(100)
__vbaCastObjVar
Ord(519)
Ord(526)
_CIsqrt
__vbaVarCopy
_CIatan
Ord(662)
Ord(617)
__vbaObjSet
Ord(183)
Ord(644)
__vbaVarCat
__vbaStr2Vec
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
9.3

FileSubtype
0

FileVersionNumber
9.30.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x22c8

OriginalFileName
dwxfudd.exe

MIMEType
application/octet-stream

FileVersion
9.3

TimeStamp
2013:01:09 20:30:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dwxfudd

ProductVersion
9.3

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
owgzvppv

CodeSize
69632

ProductName
mutjgz

ProductVersionNumber
9.30.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 43f51ae8093ec5be35e5a8bcf9f7b010
SHA1 eb475d40e3bb0cf0741bf1bbd1395a0567aa67ad
SHA256 3ee63029d3ced827deb1ec009b8e084020a96b0683138999b852c60675a6bac6
ssdeep
1536:I4ZcdIhAQegve1dkmwQegKYQuCL4mx8l3MFy:I46IhAVgvo6XBYQuCLql3M8

authentihash d75abd3fa5301539756b74e01246f1cc72d0d809c5763db53d405c867638fbcf
imphash 3eb9299641d2dfc230690acaa7d56912
File size 84.0 KB ( 86016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-30 03:49:34 UTC ( 4 anos, 3 meses atrás )
Last submission 2017-09-23 04:48:13 UTC ( 2 meses, 2 semanas atrás )
Nomes do arquivo malware.exe
43f51ae8093ec5be35e5a8bcf9f7b010.virobj
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications