× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab07dbeca3a3a3703007949ed05a100f95ce89d7e937fe320222a7812c904d16
File name: Identity_Form_04182013.exe
Detection ratio: 16 / 47
Analysis date: 2013-11-11 15:57:26 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen3 20131111
Avast Win32:Malware-gen 20131111
AVG Luhe.Fiha.A 20131111
BitDefender Trojan.Agent.BATZ 20131111
Commtouch W32/Trojan.PRWO-3570 20131111
DrWeb Trojan.DownLoad.64687 20131111
Emsisoft Trojan.Agent.BATZ (B) 20131111
ESET-NOD32 a variant of Win32/Kryptik.BOQB 20131111
F-Prot W32/Trojan3.GLF 20131111
GData Trojan.Agent.BATZ 20131111
Ikarus Trojan.Injector 20131111
Kaspersky Trojan.Win32.Bublik.bkcr 20131111
Malwarebytes Trojan.Downloader 20131111
eScan Trojan.Agent.BATZ 20131111
Sophos AV Troj/Agent-AEQQ 20131111
TrendMicro-HouseCall TROJ_GEN.F0D1H0ZKB13 20131111
Yandex 20131111
AhnLab-V3 20131111
Antiy-AVL 20131111
Baidu-International 20131111
Bkav 20131111
ByteHero 20131111
CAT-QuickHeal 20131111
ClamAV 20131111
Comodo 20131111
F-Secure 20131111
Fortinet 20131111
Jiangmin 20131111
K7AntiVirus 20131111
K7GW 20131111
Kingsoft 20130829
McAfee 20131111
McAfee-GW-Edition 20131111
Microsoft 20131111
NANO-Antivirus 20131111
Norman 20131111
nProtect 20131111
Panda 20131111
Rising 20131111
SUPERAntiSpyware 20131111
Symantec 20131111
TheHacker 20131111
TotalDefense 20131108
TrendMicro 20131111
VBA32 20131111
VIPRE 20131111
ViRobot 20131111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-11 06:21:10
Entry Point 0x000013C4
Number of sections 7
PE sections
PE imports
TextOutW
GetLastError
GetModuleHandleA
HeapFree
ExpandEnvironmentStringsW
HeapAlloc
ExitProcess
GetProcessHeap
RegisterClassExW
GetSystemMetrics
BeginPaint
MessageBoxW
TranslateMessage
EndPaint
PostQuitMessage
SetWindowTextW
LoadCursorW
GetWindowTextW
DefWindowProcW
LoadIconW
CreateWindowExW
GetMessageW
ShowWindow
DispatchMessageW
SetCursor
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:11:11 07:21:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x13c4

InitializedDataSize
15872

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a98477bd24677519951f25695818d397
SHA1 5f7816252848b553c59f230cec71d5e90bbb7c87
SHA256 ab07dbeca3a3a3703007949ed05a100f95ce89d7e937fe320222a7812c904d16
ssdeep
384:9JpVOCUtDqYCfRgGW6DBf9+em77Ybrvgp5E9fWWq53txEXS:9JTOtFqRfqGW6N9e71pu9fWWq53Ei

authentihash b749c490a644c4cfebd88a29ecf5602c763429659ff0f05073b544b4f2c014a2
imphash 26f5feba9f88915899ef8220273d88c0
File size 24.5 KB ( 25088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-11 09:30:22 UTC ( 5 years, 6 months ago )
Last submission 2018-10-09 16:23:26 UTC ( 7 months, 2 weeks ago )
File names 007104425
To All Employees 2013.zip.ex_
Identity_Form_04182013.ex_.bin
payment-history-n9998765-34543-4345.exe
Incident.exe
Identity_Form_04182013.exe
Secure_Message.ex_
To All Employees 2013.exe
a98477bd24677519951f25695818d397
To All Employees 2013.zip.exe
a98477bd24677519951f25695818d397
Secure_Message.exe
c-bf2fb-618-1384162203
a98477bd24677519951f25695818d397.exe
ab07dbeca3a3a3703007949ed05a100f95ce89d7e937fe320222a7812c904d16
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!