× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 34414881de0d3cdd56832bd5ade4609c1091faabd9f5755eff61109be377caa4
File name: Facebook-SecureMessage.exe
Detection ratio: 16 / 42
Analysis date: 2013-11-26 13:54:19 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20131126
AVG Luhe.Fiha.A 20131126
BitDefender Trojan.GenericKD.1423413 20131126
DrWeb Trojan.DownLoad3.30760 20131126
Emsisoft Trojan.GenericKD.1423413 (B) 20131126
ESET-NOD32 a variant of Win32/Kryptik.BPSB 20131126
Fortinet W32/Zbot.RMEV!tr 20131126
GData Trojan.GenericKD.1423413 20131126
Ikarus Trojan-Spy.Zbot 20131126
Kaspersky Trojan.Win32.Bublik.blvr 20131126
eScan Trojan.GenericKD.1423413 20131126
Sophos AV Mal/FakeAV-TV 20131126
TheHacker Posible_Worm32 20131124
TrendMicro PAK_Generic.001 20131126
TrendMicro-HouseCall PAK_Generic.001 20131126
ViRobot Trojan.Win32.S.Zbot.24576.D 20131126
Yandex 20131125
AhnLab-V3 20131126
AntiVir 20131126
Antiy-AVL 20131126
Baidu-International 20131126
Bkav 20131126
ByteHero 20131126
CAT-QuickHeal 20131126
ClamAV 20131126
Commtouch 20131126
Comodo 20131126
F-Prot 20131126
F-Secure 20131126
Jiangmin 20131125
K7AntiVirus 20131126
K7GW 20131126
Kingsoft 20130829
Malwarebytes 20131126
McAfee 20131126
McAfee-GW-Edition 20131126
Microsoft 20131126
NANO-Antivirus 20131126
Norman 20131125
nProtect 20131126
Panda 20131126
SUPERAntiSpyware 20131126
Symantec 20131126
TotalDefense 20131126
VBA32 20131126
VIPRE 20131126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-25 21:36:47
Entry Point 0x0000D530
Number of sections 3
PE sections
PE imports
TextOutW
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndPaint
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:11:25 22:36:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
9.0

EntryPoint
0xd530

InitializedDataSize
8192

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
32768

Compressed bundles
File identification
MD5 f08f7633885fd0e2ec1d8307b168ab8f
SHA1 fced8594864c62b55be9e5c8cfc88e7ff6b7ec25
SHA256 34414881de0d3cdd56832bd5ade4609c1091faabd9f5755eff61109be377caa4
ssdeep
384:LmjjijgPyti1zxVaOxOBe3binuLiIMEcNHsFWl9HsVrKh:Lmmoz/4kid7HsFOce

authentihash 5c0e9f0eab38e5530348393fc5d872aabf45329bb9a45b91f0b8b3ef4464aff4
imphash 6801789d7db148dcab782feacf28ecfc
File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-26 00:34:46 UTC ( 5 years, 6 months ago )
Last submission 2013-12-05 07:03:32 UTC ( 5 years, 5 months ago )
File names f08f7633885fd0e2ec1d8307b168ab8f
Facebook-SecureMessage.exe
pyx_435542234_1_HNB.exe
f08f7633885fd0e2ec1d8307b168ab8f.exe
c-2666a-822-1385434206
34414881de0d3cdd56832bd5ade4609c1091faabd9f5755eff61109be377caa4
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!