× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5bda57e0cca9728ad56314c90a54c61c51edf3d3b7c548056041f81660d0d667
File name: Bank_Docs_11132013.exe
Detection ratio: 14 / 47
Analysis date: 2013-11-13 21:20:05 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AVG Generic_r.DEJ 20131113
BitDefender Gen:Variant.Kazy.289637 20131113
Commtouch W32/Trojan.IFGG-3743 20131113
Emsisoft Gen:Variant.Kazy.289637 (B) 20131113
ESET-NOD32 a variant of Win32/Kryptik.BOUW 20131113
F-Prot W32/Trojan3.GMN 20131113
F-Secure Gen:Variant.Kazy.289637 20131113
GData Gen:Variant.Kazy.289637 20131113
Kaspersky Trojan.Win32.Bublik.bkml 20131113
McAfee Downloader-FVZ!4961778FDB00 20131113
McAfee-GW-Edition Artemis!4961778FDB00 20131113
eScan Gen:Variant.Kazy.289637 20131113
Sophos AV Troj/DwnLdr-LDW 20131113
TrendMicro-HouseCall TROJ_GEN.F47V1113 20131113
Yandex 20131113
AhnLab-V3 20131113
AntiVir 20131113
Antiy-AVL 20131113
Avast 20131113
Baidu-International 20131113
Bkav 20131113
ByteHero 20131111
CAT-QuickHeal 20131113
ClamAV 20131113
Comodo 20131113
DrWeb 20131113
Fortinet 20131113
Ikarus 20131113
Jiangmin 20131113
K7AntiVirus 20131113
K7GW 20131113
Kingsoft 20130829
Malwarebytes 20131113
Microsoft 20131113
NANO-Antivirus 20131113
Norman 20131113
nProtect 20131113
Panda 20131113
Rising 20131113
SUPERAntiSpyware 20131113
Symantec 20131113
TheHacker 20131112
TotalDefense 20131112
TrendMicro 20131113
VBA32 20131113
VIPRE 20131113
ViRobot 20131113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-13 15:21:39
Entry Point 0x00001A82
Number of sections 4
PE sections
PE imports
SetFilePointer
HeapFree
GetModuleHandleA
WriteFile
FindFirstFileA
DeleteFileA
CreateFileA
FindClose
HeapAlloc
ReadFile
FindNextFileA
GetProcessHeap
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
GetKeyboardState
DispatchMessageA
PostQuitMessage
PostMessageA
SendMessageA
MessageBoxA
TranslateMessage
DefWindowProcA
LoadBitmapA
GetClassLongA
RegisterClassExA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:13 16:21:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
10240

SubsystemVersion
5.0

EntryPoint
0x1a82

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4961778fdb00e84d53396df51c5c78e7
SHA1 5f45e3af2d6e7e12d9ca8bfe4f502772a402fb13
SHA256 5bda57e0cca9728ad56314c90a54c61c51edf3d3b7c548056041f81660d0d667
ssdeep
192:Wfe6i+/ZNIEsiBT9wK9OBpgWVffwmsSl7jaSYv:AdbNIEsWyXnVfffjc

authentihash 9ea8dbc8037c270f7ff93f01909538f71d49383b11a1225459b2ea111d97c3b4
imphash 7df0b0fad24b17c7f71555496439c732
File size 14.5 KB ( 14848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-13 17:12:49 UTC ( 5 years, 6 months ago )
Last submission 2015-06-12 11:37:34 UTC ( 3 years, 11 months ago )
File names Docs_11132013.exe
c-ddb08-669-1384362904
5bda57e0cca9728ad56314c90a54c61c51edf3d3b7c548056041f81660d0d667.bin
4961778fdb00e84d53396df51c5c78e7.exe
2422752918-2-0_M1-1-Bank_Docs_11132013.exe
007101361
fc66e2de708493223e2bdec368b748cb7c06904c
5bda57e0cca9728ad56314c90a54c61c51edf3d3b7c548056041f81660d0d667
Bank_Docs_11132013.ex_
E
4961778fdb00e84d53396df51c5c78e7
file-6203701_exe
Bank_Docs_11132013.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!