8e9d7feb3b955e6def8365fd83007080

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2002-Feb-14 20:29:09
Detected languages English - United States
CompanyName
ProductName Zimmer
FileVersion 1.00.0004
ProductVersion 1.00.0004
InternalName 1
OriginalFilename 1.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual Basic v5.0/v6.0
Microsoft Visual Basic v5.0 - v6.0
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
Malicious VirusTotal score: 56/67 (Scanned on 2017-12-22 04:41:42) K7AntiVirus: Trojan ( 004e77e71 )
TotalDefense: Win32/Bezilom
MicroWorld-eScan: Gen:Trojan.Heur.bm0@sDbu1hjif
CMC: Generic.Win32.8e9d7feb3b!MD
CAT-QuickHeal: W32.Bezilion.28672
ALYac: Trojan.Vir.HLL
Zillya: Virus.Bezilom.Win32.2
SUPERAntiSpyware: Trojan.Agent/Gen-Vbject
TheHacker: Trojan/Bezilom.a
K7GW: Trojan ( 004e77e71 )
Cybereason: malicious.1b8fb7
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9950
Cyren: W32/Bezilion.28672
Symantec: W32.Bezilom.Worm
ESET-NOD32: Win32/Bezilom.A
TrendMicro-HouseCall: WORM_BEZILOM.A1
Paloalto: generic.ml
Kaspersky: Virus.Win32.HLLW.Bezilom
BitDefender: Gen:Trojan.Heur.bm0@sDbu1hjif
NANO-Antivirus: Virus.Win32.HLLW.ghdb
AegisLab: W32.HLLW.Bezilom!c
Avast: Win32:Bezilom
Tencent: Win32.Virus.Hllw.Eehx
Ad-Aware: Gen:Trojan.Heur.bm0@sDbu1hjif
Sophos: W32/Bezilom-A
Comodo: Worm.Win32.Bezilom.A
F-Secure: Gen:Trojan.Heur.bm0@sDbu1hjif
DrWeb: Win32.HLLM.Generic.39
VIPRE: Trojan.Win32.Generic!BT
McAfee-GW-Edition: W32/Bezilom.worm
Emsisoft: Gen:Trojan.Heur.bm0@sDbu1hjif (B)
Ikarus: Worm.Win32.Bezilom
F-Prot: W32/Bezilion.28672
Jiangmin: Win32/HLLW.Bezilom
Webroot: Worm:Win32/Bezil.A@mm
Avira: W32/HLLW.Bezilom
Fortinet: W32/Bezilion.28672
Antiy-AVL: Trojan/Win32.Vilsel.gic
Endgame: malicious (high confidence)
Arcabit: Trojan.Heur.EDAFD0
ViRobot: I-Worm.Win32.Bezilom.28672
ZoneAlarm: Virus.Win32.HLLW.Bezilom
Microsoft: Worm:Win32/Bezil.A@mm
AhnLab-V3: Win32/Bezilom.worm.28672
McAfee: W32/Bezilom.worm
AVware: Trojan.Win32.Generic!BT
MAX: malware (ai score=80)
VBA32: Trojan.Worm.Bezilom
Cylance: Unsafe
Rising: Trojan.Bezilom.1063 (CLASSIC)
Yandex: I-Worm.Bezilom.A
eGambit: Unsafe.AI_Score_91%
GData: Gen:Trojan.Heur.bm0@sDbu1hjif
AVG: Win32:Bezilom
Panda: W32/Bezilom.worm
Qihoo-360: Win32/Trojan.HLLW.a84

Hashes

MD5 8e9d7feb3b955e6def8365fd83007080
SHA1 df7522e270506b1a2c874700a9beeb9d3d233e23
SHA256 94d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022
SHA3 e2855eac6a0fe07fcc249ae5019048a3d20f77398228f7ddf0cf54d4840dc14c
SSDeep 384:1gc4XlUUWiY1SN6oHN64iKZz+ZBEKTzEv819YSHOuSsAR/+eR4517wNwEb:1nREWEFsI+wAJw2E
Imports Hash af3a9167f8717604f11c2312b35ebf20

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2002-Feb-14 20:29:09
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x5000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001108 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x6000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x1000
Checksum 0x981c
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 65d58df46c0040d534067cc11e6c46d8
SHA1 af0b3f79dab17aed38fa7e02f5d71b0dd92ada6c
SHA256 8f7bc3c87d2a7721349ffc06c258d67c981feb7834af6e57fc199148f47e764a
SHA3 dcb483da131e72ecacaa8adfc506440d683b1549a0cde70dc49f2bfba9df1025
VirtualSize 0x4f54
VirtualAddress 0x1000
SizeOfRawData 0x5000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.01231

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0xc20
VirtualAddress 0x6000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 14d5dedb71452e94fda00eca493c71a5
SHA1 85247a46e18c5cf39bf3266490c686ca0cf423f8
SHA256 000a65634270be3d164f255728ebda5cc8d78d5d7f7dd95998eb5d9aeb4687b9
SHA3 8fb828c3969345078094c0d445d64fc28ae052fff6d02f4c0f8ee2bb1a621159
VirtualSize 0x748
VirtualAddress 0x7000
SizeOfRawData 0x1000
PointerToRawData 0x6000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.00811

Imports

MSVBVM60.DLL MethCallEngine
#518
#519
#593
#594
#598
#520
#526
EVENT_SINK_AddRef
#528
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
#607
#608
#716
ProcCallEngine
#537
#576
#100
#616
#617
#619
#580

Delayed Imports

30001

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x128
Entropy 3.76485
MD5 6e04c9556c06039346bb982fb68bed58
SHA1 bed9f5a5d6daacd96ae24f29e57ea3074707c103
SHA256 c2e82ac4b7aed3331e4ff61ec6d655d00c07c1d0cb91cab060506a302afbdbf4
SHA3 f8c58102893ab9db82ca34a5dd9d3b4fd85b33c1d8e0f14b56e1a4bbf2ff160b

30002

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x2e8
Entropy 2.95474
MD5 ad941f2a1c4aaa80c8aff4386bd7d3d2
SHA1 3069066a1cebb1512dd0ac5bd9e8389bee199257
SHA256 22ff7b3eda2ca7f760362fabf04fc430b60b7822e03395bb66aa1a1e040ed4a3
SHA3 e3e8f52aadcf15ea099b69cf310d385b644cacfff098f606ca5006dafe225bc5

1

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x24
Entropy 2.72548
Detected Filetype Icon file
MD5 9e02cd2a6c5d4942b010b43799e66979
SHA1 81512cf2ca5f2979c86717763cf24223716b22ee
SHA256 75f98605c48e4ec6da0d020f8e865a646b72054eeeb141d494a0276f6db1519f
SHA3 c7c84a63ebfc27a2bfdcda4a23d9d0f2862e6580f282194643da5db696e749a1

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Unicode (UTF 16LE)
Size 0x1f4
Entropy 3.12228
MD5 ae6b963f97182813bee9136d685d15c3
SHA1 b1eb554868834ef71c273fa498cf3a4e9c416fa1
SHA256 f4cea553f28af1aad1839dcb26bb72b79340ecd566b5239961c34a4ae92b0054
SHA3 77fdd6b9dbb0c8046b9577347d6bfee83c8876660b40e00c06626d47100c6864

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.4
ProductVersion 1.0.0.4
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName
ProductName Zimmer
FileVersion (#2) 1.00.0004
ProductVersion (#2) 1.00.0004
InternalName 1
OriginalFilename 1.exe
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x886973f3
Unmarked objects 0
13 (8169) 1

Errors

[*] Warning: Section .data has a size of 0! [*] Warning: Section .data has a size of 0!