× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f8a8db1d66a8172ae46abd2ff2c9f576a48dccd3d7d4334c439caf98f8c0979
File name: VoiceMessage.exe
Detection ratio: 7 / 36
Analysis date: 2013-11-13 21:16:49 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AntiVir TR/Spy.ZBot.dags.1 20131113
AVG Generic_r.DEJ 20131113
Commtouch W32/Trojan.UNPX-2427 20131113
ESET-NOD32 Win32/TrojanDownloader.Small.ABM 20131113
F-Prot W32/Trojan3.GMO 20131113
McAfee Artemis!3CF78D14A061 20131113
Sophos AV Troj/Mdrop-FNQ 20131113
Yandex 20131113
AhnLab-V3 20131113
Antiy-AVL 20131113
Avast 20131113
Baidu-International 20131113
BitDefender 20131113
Bkav 20131113
ByteHero 20131111
CAT-QuickHeal 20131113
ClamAV 20131113
Comodo 20131113
DrWeb 20131113
Emsisoft 20131113
F-Secure 20131113
Fortinet 20131113
GData 20131113
Ikarus 20131113
Jiangmin 20131113
K7AntiVirus 20131113
K7GW 20131113
Kaspersky 20131113
Kingsoft 20130829
Malwarebytes 20131113
McAfee-GW-Edition 20131113
Microsoft None
eScan 20131113
NANO-Antivirus 20131113
Norman 20131113
nProtect 20131113
Panda 20131113
Rising None
SUPERAntiSpyware 20131113
Symantec 20131113
TheHacker 20131112
TotalDefense 20131112
TrendMicro 20131113
TrendMicro-HouseCall 20131113
VBA32 20131113
VIPRE 20131113
ViRobot 20131113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-13 15:23:43
Entry Point 0x00001ABA
Number of sections 4
PE sections
PE imports
SetFilePointer
HeapFree
GetModuleHandleA
WriteFile
FindFirstFileA
DeleteFileA
CreateFileA
FindClose
HeapAlloc
ReadFile
FindNextFileA
GetProcessHeap
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
GetKeyboardState
DispatchMessageA
PostQuitMessage
PostMessageA
SendMessageA
MessageBoxA
TranslateMessage
DefWindowProcA
LoadBitmapA
GetClassLongA
RegisterClassExA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:11:13 16:23:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1aba

InitializedDataSize
6144

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3cf78d14a06199e6df526c3df4e28ac0
SHA1 481eeccbf6d21278f23c5a84e38af7ef0501dba1
SHA256 4f8a8db1d66a8172ae46abd2ff2c9f576a48dccd3d7d4334c439caf98f8c0979
ssdeep
96:IM2E/gk5NscphRPLLlWifg441lIwneHWoPTFU+vRd5hWVfQtXCKCrGDwa/xe3uTt:n2EjNsGRP/lx44Yl7eJP5WVfQus9

authentihash e06bd3aea12ae94dd388dfcab017ffad0b776c6b7d9b59381eec56895d193fcd
imphash 7df0b0fad24b17c7f71555496439c732
File size 11.0 KB ( 11264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-13 17:15:45 UTC ( 5 years, 6 months ago )
Last submission 2018-08-16 05:36:20 UTC ( 9 months, 1 week ago )
File names VoiceMessage.ex0
VoiceMessage.exe
007100916
3cf78d14a06199e6df526c3df4e28ac0.virobj
3cf78d14a06199e6df526c3df4e28ac0.exe
VoiceMessage.tst
voicemessage.exe
VoiceMessage.ex
suspicious.exe
file-6204224_exe
3cf78d14a06199e6df526c3df4e28ac0
VoiceMessage.exe
voicemessage.exe
2422754256-2-0_M1-1-VoiceMessage.exe
VoiceMessage.ex_
VoiceMessage.exe
4f8a8db1d66a8172ae46abd2ff2c9f576a48dccd3d7d4334c439caf98f8c0979
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!