× Cookies er deaktiveret! Denne side kræver cookies for at fungere korrekt
SHA256: 30ef75ebbbc7c27500dcbbf1db1aaab35be6a8e72e60a7a0ca91a621e4f62e6a
Filnavn: forsendelse.exe
Opdagelses forhold: 1 / 56
Undersøgelses dato: 2015-09-23 17:49:55 UTC ( 2 år, 2 månederiden ) Se seneste
Antivirus Resultat Opdatere
Rising PE:Malware.FakePDF@CV!1.9E05[F1] 20150923
Ad-Aware 20150923
AegisLab 20150923
Yandex 20150923
AhnLab-V3 20150923
Alibaba 20150923
ALYac 20150923
Antiy-AVL 20150923
Arcabit 20150923
Avast 20150923
AVG 20150923
Avira (no cloud) 20150923
AVware 20150923
Baidu-International 20150923
BitDefender 20150923
Bkav 20150923
ByteHero 20150923
CAT-QuickHeal 20150923
ClamAV 20150923
CMC 20150922
Comodo 20150923
Cyren 20150923
DrWeb 20150923
Emsisoft 20150923
ESET-NOD32 20150923
F-Prot 20150923
F-Secure 20150923
Fortinet 20150923
GData 20150923
Ikarus 20150923
Jiangmin 20150922
K7AntiVirus 20150923
K7GW 20150923
Kaspersky 20150923
Kingsoft 20150923
Malwarebytes 20150923
McAfee 20150923
McAfee-GW-Edition 20150923
Microsoft 20150923
eScan 20150923
NANO-Antivirus 20150923
nProtect 20150923
Panda 20150923
Qihoo-360 20150923
Sophos AV 20150923
SUPERAntiSpyware 20150923
Symantec 20150923
Tencent 20150923
TheHacker 20150923
TrendMicro 20150923
TrendMicro-HouseCall 20150923
VBA32 20150923
VIPRE 20150923
ViRobot 20150923
Zillya 20150923
Zoner 20150923
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-08-28 11:12:19
Entry Point 0x00013DE6
Number of sections 4
PE sections
Overlays
MD5 0ffd04a5d61f0b1bc66e70d1488b43a0
File type data
Offset 487424
Size 173598
Entropy 7.94
PE imports
RegReplaceKeyA
GetStartupInfoA
CopyFileW
CreateProcessA
GetEnvironmentStrings
GetModuleHandleA
FreeEnvironmentStringsW
LoadLibraryA
Ord(1775)
Ord(3825)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(2396)
Ord(3830)
Ord(2554)
Ord(4627)
Ord(2385)
Ord(2725)
Ord(3738)
Ord(4853)
Ord(6375)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(641)
Ord(5199)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(2648)
Ord(4407)
Ord(2446)
Ord(5714)
Ord(4078)
Ord(2985)
Ord(5065)
Ord(5289)
Ord(3346)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(324)
Ord(1727)
Ord(4486)
Ord(4425)
Ord(2976)
Ord(815)
Ord(1089)
Ord(1168)
Ord(5277)
Ord(3081)
Ord(5731)
Ord(4698)
Ord(4998)
Ord(3922)
Ord(4353)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(4673)
Ord(5300)
Ord(3597)
Ord(5163)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(4079)
WNetEnumResourceA
WNetGetUniversalNameW
WNetGetUserW
WNetOpenEnumA
WNetGetConnectionA
WNetAddConnectionA
WNetAddConnection3A
WNetCancelConnection2A
WNetCloseEnum
_except_handler3
__p__fmode
_wexecl
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
VarDecFromUI4
VarDecFromDisp
VarBoolFromR8
SysStringByteLen
VarMul
LHashValOfNameSysA
LPSAFEARRAY_UserUnmarshal
SafeArrayCreate
VarCyFromI1
SafeArrayGetElemsize
VarXor
LPSAFEARRAY_UserMarshal
VarR8FromI2
VARIANT_UserFree
CreateTypeLib2
DispGetParam
OleLoadPictureEx
VarUI4FromDec
VarDecFromDate
VarUI1FromI2
VarBstrFromDisp
VarDecFromR4
VarDecFromI2
VarFix
SafeArrayPutElement
VarI4FromR4
VarI2FromR4
VariantCopy
VarDateFromBool
VarI1FromDec
SafeArrayGetElement
VarDateFromR8
GetRecordInfoFromGuids
VarDecSub
SafeArrayGetUBound
GetRecordInfoFromTypeInfo
SysFreeString
VarMonthName
VarI4FromCy
VarR4CmpR8
VarR8FromDate
VARIANT_UserMarshal
VarR8Round
VarI4FromBool
VarBstrFromI4
VarR4FromBool
VarCyFromDisp
RegisterActiveObject
VarCyFromBool
VarI2FromDate
SafeArrayRedim
VarR4FromI1
VarI2FromStr
VarBoolFromI4
VarBoolFromI2
VarBstrFromI1
UnRegisterTypeLib
VarR4FromDec
SafeArrayDestroy
VarDecFromBool
LoadRegTypeLib
VariantChangeType
VarAbs
VarWeekdayName
VarNeg
VarCyAdd
VarDecCmp
DispInvoke
RegisterTypeLib
VarR4FromDate
SysReAllocStringLen
VarBstrFromR4
VarI4FromDec
VarCyInt
VarBstrFromR8
VarUI1FromCy
VarR8FromR4
QueryPathOfRegTypeLib
RevokeActiveObject
VarI2FromI1
VarBstrFromDate
VarBstrFromUI2
VarDecFromCy
GetActiveObject
VarDecCmpR8
VarIdiv
VarUI1FromUI2
VarUI4FromDisp
VarBoolFromCy
VarI1FromR4
VarR4FromUI2
VarI4FromUI1
VarAdd
VarDecDiv
VariantClear
VarDiv
VarR8FromBool
VarFormatDateTime
VarDateFromUI1
VarUI2FromCy
EnableWindow
PageSetupDlgW
Number of PE resources by type
RT_ACCELERATOR 17
RT_ICON 12
RT_GROUP_ICON 7
RT_DIALOG 2
RT_MENU 2
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 19
ENGLISH ZIMBABWE 12
AZERI LATIN 11
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.48.31.131

UninitializedDataSize
0

LanguageCode
Unknown (REPA)

FileFlagsMask
0x003f

CharacterSet
Unknown (INTED)

InitializedDataSize
401408

EntryPoint
0x13de6

MIMEType
application/octet-stream

LegalCopyright
2011 (C) 2013

FileVersion
Sunbathers 0,52,159,184

TimeStamp
2007:08:28 12:12:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Preposition

ProductVersion
0,116,240,36

FileDescription
Profiling Proxies Resolutely

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Informative Graphics Corp.

CodeSize
81920

ProductName
Revealable Prick

ProductVersionNumber
0.42.84.37

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9800562e50cbe9afa1b8d4f9a84eb089
SHA1 bba4d156b630ff4d7333f572b0d7fb034af2c10f
SHA256 30ef75ebbbc7c27500dcbbf1db1aaab35be6a8e72e60a7a0ca91a621e4f62e6a
ssdeep
12288:o+zmIJAGsDgZil/aPasj6sOTfTwm7CZZ6rblh:FUgZil8Xj6swbwm7CZAv

authentihash 3c0ad94afd12e7833e8802d21d617189db840e44e5855bd802077cf79ae3fd2b
imphash 4041f0fa2883ef64ea900eaba61fdce9
File size 645.5 KB ( 661022 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-23 15:40:22 UTC ( 2 år, 2 månederiden )
Last submission 2015-09-30 22:01:57 UTC ( 2 år, 1 månediden )
Filnavne forsendelse.exe
Forsandelse.exe
Advanced heuristic and reputation engines
Ingen kommentarer. Ingen af VirusTotal's medlemmer har kommenteret denne enhed, bliv den første til at gøre dette.

Efterlad din kommentar...

?
Send kommentar

Du er ikke logget ind. Kun registrerede brugere kan skrive kommentarer, log ind!

Ingen stemmer. Ingen har bedømt denne enhed endnu, bliv den første der gør det!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs