× Cookies đã bị vô hiệu! Trang này yêu cầu kích hoạt cookies để có thể làm việc bình thường
SHA256: ca1a554facab7588a26bcd2e378d9ef842a3530130247e53fd693faf6d8d486f
Tên tập tin: 004073901
Tỷ lệ phát hiện: 50 / 55
Ngày phân tích: 2016-01-20 14:10:25 UTC ( 3 năm, 4 tháng trước ) Xem mới nhất
Chương trình Kết quả Cập nhật
Ad-Aware Backdoor.VB.Agent.JL 20160120
AegisLab W32.W.VBNA.banr!c 20160120
Yandex Worm.VBNA!+QeG5AUPWsw 20160119
AhnLab-V3 Win32/Pushbot.worm.249856 20160119
ALYac Backdoor.VB.Agent.JL 20160120
Antiy-AVL Worm/Win32.VBNA 20160120
Arcabit Backdoor.VB.Agent.JL 20160120
Avast Win32:Malware-gen 20160120
AVG SHeur4.AIWB 20160120
Avira (no cloud) TR/Barys.868.22 20160120
Baidu-International Worm.Win32.Changeup.banr 20160120
BitDefender Backdoor.VB.Agent.JL 20160120
Bkav W32.OnGamesLTSONYWN.Trojan 20160120
CAT-QuickHeal Worm.VB.rw3 20160119
Comodo UnclassifiedMalware 20160120
Cyren W32/Trojan.JGCS-4208 20160120
DrWeb BackDoor.IRC.Bot.920 20160120
Emsisoft Backdoor.VB.Agent.JL (B) 20160120
ESET-NOD32 Win32/Boberog.AZ 20160120
F-Prot W32/Trojan2.NSOM 20160120
F-Secure Backdoor.VB.Agent.JL 20160120
Fortinet W32/Boberog.AZ!worm 20160120
GData Backdoor.VB.Agent.JL 20160120
Ikarus Worm.Win32.VBNA 20160120
Jiangmin Worm/VBNA.hakd 20160120
K7AntiVirus Riskware ( 0015e4f01 ) 20160120
K7GW Riskware ( 0015e4f01 ) 20160120
Kaspersky Worm.Win32.VBNA.banr 20160120
Malwarebytes Backdoor.Agent.EPGen 20160120
McAfee W32/Sdbot.worm.gen.ax 20160120
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dm 20160120
Microsoft Trojan:Win32/Bagsu!rfn 20160120
eScan Backdoor.VB.Agent.JL 20160120
NANO-Antivirus Trojan.Win32.VBNA.vjnzd 20160120
nProtect Backdoor.VB.Agent.JL 20160120
Panda Generic Malware 20160119
Qihoo-360 Malware.Radar01.Gen 20160120
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160120
Sophos AV W32/VBNA-T 20160120
Symantec Trojan.Gen.2 20160119
Tencent Win32.Worm.Vbna.Ahnt 20160120
TheHacker Trojan/Boberog.az 20160119
TotalDefense Win32/VBInject.DTI 20160120
TrendMicro TROJ_SPNR.07G712 20160120
TrendMicro-HouseCall TROJ_SPNR.07G712 20160120
VBA32 Worm.VBNA 20160120
VIPRE Trojan.Win32.Generic!BT 20160120
ViRobot Worm.Win32.A.VBNA.245760.AK[h] 20160120
Zillya Worm.Boberog.Win32.98 20160120
Zoner I-Worm.Boberog.AZ 20160120
Alibaba 20160126
ByteHero 20160120
ClamAV 20160120
CMC 20160111
SUPERAntiSpyware 20160120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Hx8 LNsXIArvQ Leww
Original name CA9HJwzO.exe
Internal name CA9HJwzO
File version 2.01.0015
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-03 23:52:18
Entry Point 0x00001094
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(546)
Ord(600)
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
Ord(644)
Ord(685)
ProcCallEngine
Ord(660)
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(598)
Number of PE resources by type
RT_DIALOG 10
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NORWEGIAN BOKMAL 10
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
2.1

FileSubtype
0

FileVersionNumber
2.1.0.15

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
45056

EntryPoint
0x1094

OriginalFileName
CA9HJwzO.exe

MIMEType
application/octet-stream

FileVersion
2.01.0015

TimeStamp
2012:07:04 00:52:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CA9HJwzO

ProductVersion
2.01.0015

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
E2o IUO5NL Dv6zOhE

CodeSize
200704

ProductName
Hx8 LNsXIArvQ Leww

ProductVersionNumber
2.1.0.15

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e511684d83d44bedc8937535c8bdee12
SHA1 29ef7d0a8d6373debeb11a1620602b9c3714badd
SHA256 ca1a554facab7588a26bcd2e378d9ef842a3530130247e53fd693faf6d8d486f
ssdeep
3072:qa9EnBlznHOiGTAoBCfgK/noB/7fHzJVJKc2V6rmrUjCw4T/ZmT:xyzOrA8CfgK/na7fHrAcyLrMWQ

authentihash 0cb2628825e213eb8604cb6042faf3cb51976c3c3ca7dd61f9d416f971a3e0c3
imphash 8efcf8b680e80bde65278d3fff772de4
File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-04 06:36:29 UTC ( 6 năm, 10 tháng trước )
Last submission 2019-03-27 13:06:32 UTC ( 1 tháng, 4 tuần trước )
Tên tập tin VirusShare_e511684d83d44bedc8937535c8bdee12
CA9HJwzO.exe
file-4191134_exe
9MYGv0L5.pps
CA9HJwzO
aa
wZ4qTEdCF.xdp
E511684D83D44BEDC8937535C8BDEE12
file
004073901
winlogon.exe
ca1a554facab7588a26bcd2e378d9ef842a3530130247e53fd693faf6d8d486f.bin
e511684d83d44bedc8937535c8bdee12
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Chưa có ý kiến nào. Chưa có thành viên nào trong Cộng đồng VirusTotal bình luận về đối tượng này, hãy trở thành người đầu tiên đưa ra ý kiến!

Đưa ra ý kiến của bạn...

?
Gửi ý kiến

Bạn chưa đăng nhập.Chỉ có người dùng đã đăng ký mới có thể viết ý kiến, hãy đăng nhập và bắt đầu!

Chưa có đánh giá. Chưa có thành viên nào đánh giá về đối tượng này, hãy trở thành người đầu tiên đánh giá nó!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.