New
#11
Antivirus Version Last Update Result AhnLab-V32011.04.20.002011.04.19-AntiVir7.11.6.1872011.04.19-Antiy-AVL2.0.3.72011.04.19-Avast4.8.1351.02011.04.19-Avast55.0.677.02011.04.19-AVG10.0.0.11902011.04.19-BitDefender7.22011.04.19-CAT-QuickHeal11.002011.04.19-ClamAV0.97.0.02011.04.19-Commtouch5.3.2.62011.04.19-Comodo84022011.04.19TrojWare.Win32.Trojan.Agent.GenDrWeb5.0.2.033002011.04.19Trojan.DownLoader2.3766 3eSafe7.0.17.02011.04.18-eTrust-Vet36.1.82792011.04.19-F-Prot4.6.2.1172011.04.19-F-Secure9.0.16440.02011.04.19-Fortinet4.2.257.02011.04.19-GData222011.04.19-IkarusT3.1.1.103.02011.04.19-Jiangmin13.0.9002011.04.18-K7AntiVirus9.97.44282011.04.19-McAfee5.400.0.11582011.04.19-McAfee-GW-Edition2010.1D2011.04.19-Microsoft1.68022011.04.19-NOD3260552011.04.19-Norman6.07.072011.04.19-Panda10.0.3.52011.04.19-PCTools7.0.3.52011.04.19-Prevx3.02011.04.19-Rising23.54.01.062011.04.19-Sophos4.64.02011.04.19-SUPERAntiSpyware4.40.0.10062011.04.19-Symantec20101.3.2.892011.04.19-TheHacker6.7.0.1.1772011.04.19-TrendMicro9.200.0.10122011.04.19-TrendMicro-HouseCall9.200.0.10122011.04.19-VBA323.12.16.02011.04.19-VIPRE90622011.04.19Virtool.Win32.Vbinject.Gen.2 (v)ViRobot2011.4.19.44182011.04.19-VirusBuster13.6.312.22011.04.19- Additional information
MD5 : ca280984d266cff2ca86ef7e4c5a0f95 SHA1 : 1b955dcbd7e470ae0ca60b6b97abc25c37ca1011 SHA256: 2ee72560b04e158476e28c5336f7d4dea209f8563d86a603ef4b057982d7a310 ssdeep: 12288:tWFZnukgF6iNdtUtVJ5XXZkCwO79zStkmLaQ5LlTNanopWV4n2G36OJceLFQUc8i:tTFj
DUtv5XJkCwO79 File size : 405504 bytes First seen: 2011-04-18 23:29:36
I ran ESET scanner and it reported no threats found but did not produce a log.
Last seen : 2011-04-19 19:18:29 TrID:
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%) sigcheck:
publisher....: EXRVXHNUDTSCDT
copyright....: wjhzvamf
product......: GPLVGUOBASEXRVXHNUD
description..: CMFLHWSPUOYJJKWZ
original name: qgoeewsj.exe
internal name: qgoeewsj
file version.: 7.02.0007
comments.....: QPAMZXYQRI
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1588
timedatestamp....: 0x4DAC7427 (Mon Apr 18 17:25:59 2011)
machinetype......: 0x14c (I386)
[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5FE08, 0x60000, 7.65, 7f4debd2152f426a94ba64b5166fe5fe
.data, 0x61000, 0x3258, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0x65000, 0xA04, 0x1000, 2.31, 790c6f7a8cca947c258962c5fc53a385
[[ 1 import(s) ]]
MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaGosubReturn, _adj_fdiv_m64, -, _adj_fprem1, __vbaCopyBytes, __vbaStrCat, __vbaSetSystemError, __vbaLenBstrB, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaCyErrVar, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaCyStr, _CIsin, __vbaErase, -, __vbaVarZero, __vbaChkstk, __vbaGosubFree, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaStrR8, EVENT_SINK_Release, __vbaNew, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaGosub, -, __vbaFPException, __vbaUbound, -, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaVarAdd, __vbaAryLock, __vbaFpI4, _CIatan, __vbaCastObj, __vbaStrMove, __vbaI4Cy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaFreeStr
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 393216
Comments: QPAMZXYQRI
CompanyName: EXRVXHNUDTSCDT
EntryPoint: 0x1588
FileDescription: CMFLHWSPUOYJJKWZ
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 396 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 7.02.0007
FileVersionNumber: 7.2.0.7
ImageVersion: 7.2
InitializedDataSize: 20480
InternalName: qgoeewsj
LanguageCode: English (U.S.)
LegalCopyright: wjhzvamf
LegalTrademarks: bepgvncdlahrp
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: qgoeewsj.exe
PEType: PE32
ProductName: GPLVGUOBASEXRVXHNUD
ProductVersion: 7.02.0007
ProductVersionNumber: 7.2.0.7
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2011:04:18 19:25:59+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight