× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 720a7e07e609424154f879bb20af8cc93cf9bd490adf0c4c31a836e1403cb9a7
File name: HMRC_TAX_Notice_rep - Copy.exe
Detection ratio: 5 / 51
Analysis date: 2014-03-25 12:23:36 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Zbot-TCT [Trj] 20140325
Commtouch W32/Trojan.JGRV-1466 20140325
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20140325
F-Prot W32/Trojan3.HWD 20140325
Qihoo-360 HEUR/Malware.QVM20.Gen 20140325
Ad-Aware 20140325
AegisLab 20140325
Yandex 20140324
AhnLab-V3 20140324
AntiVir 20140325
Antiy-AVL 20140324
AVG 20140325
Baidu-International 20140325
BitDefender 20140325
Bkav 20140325
ByteHero 20140325
CAT-QuickHeal 20140325
ClamAV 20140325
CMC 20140319
Comodo 20140325
DrWeb 20140325
Emsisoft 20140325
F-Secure 20140325
Fortinet 20140325
GData 20140325
Ikarus 20140325
Jiangmin 20140325
K7AntiVirus 20140324
K7GW 20140324
Kaspersky 20140325
Kingsoft 20140325
Malwarebytes 20140325
McAfee 20140325
McAfee-GW-Edition 20140325
Microsoft 20140325
eScan 20140325
NANO-Antivirus 20140325
Norman 20140325
nProtect 20140325
Panda 20140324
Rising 20140325
Sophos AV 20140325
SUPERAntiSpyware 20140324
Symantec 20140325
TheHacker 20140325
TotalDefense 20140325
TrendMicro 20140325
TrendMicro-HouseCall 20140325
VBA32 20140325
VIPRE 20140325
ViRobot 20140325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-08-07 17:53:52
Entry Point 0x00001B29
Number of sections 4
PE sections
PE imports
GetModuleHandleA
GetStartupInfoA
CloseHandle
CreateDirectoryA
SetFocus
CharLowerA
SetWindowTextA
EndDialog
ShowCursor
SendMessageA
MessageBoxA
GetDlgItem
DestroyCursor
ScrollWindow
DialogBoxParamA
DestroyMenu
SetScrollInfo
Number of PE resources by type
RT_DIALOG 2
RT_BITMAP 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:08:07 18:53:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4608

LinkerVersion
5.12

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

EntryPoint
0x1b29

InitializedDataSize
13824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 87cad5320a0665276a8be8e98ba30c60
SHA1 2610ccbb39dc599e1d9598339d65d2f4d03efaf5
SHA256 720a7e07e609424154f879bb20af8cc93cf9bd490adf0c4c31a836e1403cb9a7
ssdeep
384:0Krk8DF81knZhKX0GEpfkMP+OijC2WO6O9Oc:0KXDaOn7e0LpcOve

authentihash a407cf630a6fc1d7c0491eee6f06b145e7b6d4de370ddebe88e8c21145e12dfd
imphash f55043cf6621225e40db19552a522bbc
File size 18.5 KB ( 18944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-25 09:48:18 UTC ( 5 years, 2 months ago )
Last submission 2018-10-09 17:56:04 UTC ( 7 months, 2 weeks ago )
File names Avis_de_Paiement_scr
007930781
Avis_de_Paiement.scr
GB25032014.scr
HMRC_TAX_Notice_rep - Copy.exe
Cas_25032014.scr
Cas_25032014 2.scr
vti-rescan
87cad5320a0665276a8be8e98ba30c60
HMRC_TAX_Notice_rep.scr
87cad5320a0665276a8be8e98ba30c60.scr
c-a67f5-2635-1395740762
87cad5320a0665276a8be8e98ba30c60.exe
file-6769668_scr
Avis_de_Paiement.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications