× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e4731ec02a08573524e2acd46493dc250315f486b3200abf7b51a0a55e31188
File name: Identity_Form_04182013.exe
Detection ratio: 9 / 47
Analysis date: 2013-11-13 11:02:36 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Bublik 20131112
AntiVir TR/Crypt.XPACK.Gen3 20131113
Baidu-International TrojanDownloader.Win32.Upatre.A 20131113
BitDefender Gen:Variant.Symmi.34792 20131113
Emsisoft Gen:Variant.Symmi.34792 (B) 20131113
GData Gen:Variant.Symmi.34792 20131113
Kaspersky UDS:DangerousObject.Multi.Generic 20131113
Microsoft TrojanDownloader:Win32/Upatre.A 20131113
eScan Gen:Variant.Symmi.34792 20131113
Yandex 20131112
Antiy-AVL 20131113
Avast 20131113
AVG 20131113
Bkav 20131112
ByteHero 20131111
CAT-QuickHeal 20131113
ClamAV 20131113
Commtouch 20131113
Comodo 20131113
DrWeb 20131113
ESET-NOD32 20131113
F-Prot 20131113
F-Secure 20131113
Fortinet 20131113
Ikarus 20131113
Jiangmin 20131113
K7AntiVirus 20131112
K7GW 20131112
Kingsoft 20130829
Malwarebytes 20131113
McAfee 20131113
McAfee-GW-Edition 20131113
NANO-Antivirus 20131113
Norman 20131113
nProtect 20131112
Panda 20131113
Rising 20131113
Sophos AV 20131113
SUPERAntiSpyware 20131113
Symantec 20131113
TheHacker 20131112
TotalDefense 20131112
TrendMicro 20131113
TrendMicro-HouseCall 20131113
VBA32 20131113
VIPRE 20131113
ViRobot 20131113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-13 06:02:52
Entry Point 0x000013DC
Number of sections 7
PE sections
PE imports
LineTo
TextOutW
CreateBitmap
MoveToEx
DPtoLP
BitBlt
DeleteObject
Rectangle
ExitProcess
GetLastError
GetCurrentProcess
HeapFree
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
QueryPerformanceCounter
UnhandledExceptionFilter
FormatMessageW
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
lstrcmpW
lstrlenW
GetLocalTime
GetProcessHeap
GetMessageA
GetSystemMetrics
CreateWindowExW
MessageBoxW
EndPaint
RegisterClassExW
PostQuitMessage
GetWindowTextW
SetWindowTextW
DefWindowProcW
TranslateMessage
BeginPaint
ShowWindow
DispatchMessageW
SetCursor
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:11:13 07:02:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7680

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x13dc

InitializedDataSize
15872

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 95191c75ef4a87cbfa46c0818009312e
SHA1 884f7fcdd1c06fdff78ac2c20f61ad92a5b2b92d
SHA256 6e4731ec02a08573524e2acd46493dc250315f486b3200abf7b51a0a55e31188
ssdeep
384:vf0QTlZNc7+LcSA7YaBsSADmmLEV4gpx/gp5E9fWWe53t/EXS:FJ3c7DSBzLE+1pu9fWWe53Gi

authentihash 80137af49eb5585a2f5126b23c3f78baef5fd66f81e7a61510b583e09214e4f3
imphash 49d8503523853c0dc8f40b48e68e42b4
File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-13 09:25:25 UTC ( 5 years, 6 months ago )
Last submission 2018-10-09 09:59:55 UTC ( 7 months, 2 weeks ago )
File names Remit_{_MAILTO_DOMAIN}.exe
c-f2ae2-661-1384334706
file-6203374_
95191c75ef4a87cbfa46c0818009312e
Key_{_emailname}.ex_
Transaction_{_tracking}.exe
6e4731ec02a08573524e2acd46493dc250315f486b3200abf7b51a0a55e31188
95191c75ef4a87cbfa46c0818009312e.exe
payment-history-n9998435-55462-44342.exe
Identity_Form_04182013.exe
vti-rescan
007102091
Key_{_emailname}.exe
Transaction_.exe
Identity_Form_04182013.ex_
Form_04182013.exe
SecureMail.exe
Key_emailname_20131114_001.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!