× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 0fb33ea57ccd832a3fd8d26ad9dfa97fdd45c37a51b602a182438a17e374eb0e
Dateiname: 2014_11rechnung_K4768955881_pdf_sign_telekom_de_deutschland_gmbh.exe
Erkennungsrate: 2 / 55
Analyse-Datum: 2014-11-12 16:40:38 UTC ( vor 4 Jahre, 6 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Malwarebytes Spyware.Password 20141112
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20141112
Ad-Aware 20141112
AegisLab 20141112
Yandex 20141111
AhnLab-V3 20141112
Antiy-AVL 20141112
Avast 20141112
AVG 20141112
Avira (no cloud) 20141112
AVware 20141112
Baidu-International 20141107
BitDefender 20141112
Bkav 20141112
ByteHero 20141112
CAT-QuickHeal 20141112
ClamAV 20141112
CMC 20141110
Comodo 20141112
Cyren 20141112
DrWeb 20141112
Emsisoft 20141112
ESET-NOD32 20141112
F-Prot 20141111
F-Secure 20141112
Fortinet 20141112
GData 20141112
Ikarus 20141112
Jiangmin 20141111
K7AntiVirus 20141112
K7GW 20141112
Kaspersky 20141112
Kingsoft 20141112
McAfee 20141112
McAfee-GW-Edition 20141112
Microsoft 20141112
eScan 20141112
NANO-Antivirus 20141112
Norman 20141112
nProtect 20141112
Panda 20141110
Rising 20141111
Sophos AV 20141112
SUPERAntiSpyware 20141112
Symantec 20141112
Tencent 20141112
TheHacker 20141111
TotalDefense 20141112
TrendMicro 20141112
TrendMicro-HouseCall 20141112
VBA32 20141112
VIPRE 20141112
ViRobot 20141112
Zillya 20141111
Zoner 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-10 17:48:37
Entry Point 0x000050E6
Number of sections 4
PE sections
PE imports
SelectPalette
CreatePen
DeleteObject
StretchDIBits
GetStartupInfoA
UnmapViewOfFile
GetCurrentProcessId
GetModuleHandleA
OpenProcess
WriteFile
CreateFileW
GlobalFree
CreateFileA
FindClose
ReadFile
FindNextFileA
GlobalUnlock
GetProcAddress
GetFileSize
LoadLibraryA
GetLocalTime
CloseHandle
Ord(1775)
Ord(4080)
Ord(5252)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(4297)
Ord(4163)
Ord(1979)
Ord(6215)
Ord(6625)
Ord(1725)
Ord(517)
Ord(3127)
Ord(2652)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(5788)
Ord(2494)
Ord(796)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(4696)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(6216)
Ord(338)
Ord(1669)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(6571)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(3616)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(6376)
Ord(5282)
Ord(2117)
Ord(1727)
Ord(823)
Ord(5186)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(4262)
Ord(3749)
Ord(4610)
Ord(4899)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(3176)
Ord(2801)
Ord(6131)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(350)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(4892)
Ord(4077)
Ord(6336)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(6157)
Ord(2393)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(784)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(3693)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4960)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(807)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6329)
Ord(2510)
Ord(2626)
Ord(1776)
Ord(1920)
Ord(858)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(1871)
Ord(2385)
Ord(5651)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(2512)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4612)
Ord(4543)
Ord(4133)
Ord(4486)
Ord(2879)
Ord(4529)
Ord(4341)
Ord(529)
Ord(4698)
Ord(4370)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(5731)
Ord(4858)
Ord(4889)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(860)
Ord(4531)
__p__fmode
_acmdln
??1type_info@@UAE@XZ
memset
fclose
__dllonexit
fprintf
fopen
strlen
_except_handler3
fabs
_onexit
abs
exit
_XcptFilter
_ftol
__setusermatherr
_adjust_fdiv
sprintf
__CxxFrameHandler
__p__commode
memcpy
__getmainargs
_controlfp
_setmbcp
_initterm
_exit
__set_app_type
GetModuleFileNameExW
SHBrowseForFolderA
EnableWindow
UpdateWindow
Number of PE resources by type
RT_STRING 13
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 18
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:10 18:48:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
139264

SubsystemVersion
4.0

EntryPoint
0x50e6

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3d0d526add38e6695a2608b0bdd3633a
SHA1 b65b13ef23d183748ab922301ae519045302fd8b
SHA256 0fb33ea57ccd832a3fd8d26ad9dfa97fdd45c37a51b602a182438a17e374eb0e
ssdeep
3072:Y7tIMOClxoixT3+WsY6AYptmiOANwZD67SHGV/X12sihrjJ89GuzxwM8:wtIAlx7T3VsYU2qUmDX4DQ/xD8

authentihash a19f6665ecf0a85a1fc7141687c8e554bf5dbefaeabfc887befef399753bd6b7
imphash 8f1298931b876bbe49426f347bc0a039
File size 160.0 KB ( 163840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-12 16:14:07 UTC ( vor 4 Jahre, 6 Monate )
Last submission 2015-01-08 07:04:58 UTC ( vor 4 Jahre, 4 Monate )
Dateinamen 6372e4dce2.vir
2014_11rechnung_K4768955881_pdf_sign_telekom_de_deutschland_gmbh_exe
2014_11rechnung_K4768955881_pdf_sign_telekom_de_deutschland_gmbh.exe
3d0d526add38e6695a2608b0bdd3633a
8c7df783.vir
ea00a727576b1a0d.vir
WL-6e0fce73d1cdc444c31d753e4af8d5fb-0
file-7681656_exe
vti-rescan
tsvshkjc.STOP-VIRUS!!!
tsvshkjc.exe
yjypjkgn.exe
2014_11transaktions_pdf_000093378_2014_0000919_11_v_00028836_n_827100007.exe
2014_11rechnungonline_pdf_vodafone_0095890374_537999190_82135674.exe
3d0d526add38e6695a2608b0bdd3633a
cerhrxrv.exe
keagpikx.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.