× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bc72dc6cd6adb3c145df9971104ce747f08d53cd00b0993dd22b84b64bf9312f
File name: Statement_03282014.exe
Detection ratio: 8 / 51
Analysis date: 2014-03-28 12:52:38 UTC ( 5 years, 1 month ago ) View latest
Antivirus Result Update
Commtouch W32/Trojan.KIBQ-0725 20140328
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20140328
F-Prot W32/Trojan2.ODQY 20140328
Malwarebytes Trojan.Downloader.Upatre 20140328
Sophos AV Troj/Upatre-AM 20140328
Symantec Downloader.Upatre 20140328
TrendMicro TROJ_UPATRE.SMBB 20140328
TrendMicro-HouseCall TROJ_UPATRE.SMBB 20140328
Ad-Aware 20140328
AegisLab 20140328
Yandex 20140327
AhnLab-V3 20140327
AntiVir 20140328
Antiy-AVL 20140328
Avast 20140328
AVG 20140328
Baidu-International 20140328
BitDefender 20140328
Bkav 20140328
ByteHero 20140328
CAT-QuickHeal 20140328
ClamAV 20140327
CMC 20140328
Comodo 20140328
DrWeb 20140328
Emsisoft 20140328
F-Secure 20140328
Fortinet 20140328
GData 20140328
Ikarus 20140328
Jiangmin 20140328
K7AntiVirus 20140327
K7GW 20140328
Kaspersky 20140328
Kingsoft 20140328
McAfee 20140328
McAfee-GW-Edition 20140328
Microsoft 20140328
eScan 20140328
NANO-Antivirus 20140328
Norman 20140327
nProtect 20140328
Panda 20140328
Qihoo-360 20140328
Rising 20140328
SUPERAntiSpyware 20140328
TheHacker 20140327
TotalDefense 20140328
VBA32 20140328
VIPRE 20140328
ViRobot 20140328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-10-12 20:29:48
Entry Point 0x00001318
Number of sections 4
PE sections
PE imports
GetVersionExA
HeapAlloc
CloseHandle
GetProcessHeap
SetFocus
GetMessageA
TranslateAcceleratorA
TrackPopupMenu
DispatchMessageA
GetActiveWindow
EndDialog
SetCapture
GetWindowTextW
GetDlgItemTextA
SendMessageA
MessageBoxA
GetDlgItem
TranslateMessage
DialogBoxParamA
FlashWindowEx
IsChild
GetKeyState
Number of PE resources by type
RT_DIALOG 2
RT_BITMAP 1
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2003:10:12 21:29:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3072

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1318

InitializedDataSize
16896

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 cd426226b734e167583b8c3bf558db08
SHA1 a580a0bf6e30d5385250e8807ff2c98808be584a
SHA256 bc72dc6cd6adb3c145df9971104ce747f08d53cd00b0993dd22b84b64bf9312f
ssdeep
192:Sis66vS4vSX1EKbnJ4r7SA8mG+K+JAGbBV81Lftb7+G538kj9KSQjqPL+1C8bAnf:SdtxuUV89lb5NKjSyC8bAH

authentihash cae9b256031e26c0cc781949784a8d4a18a6321fc0799b9a2aa1dedccbb151a4
imphash 807348b7bad6f5d642007a70e1c52008
File size 20.0 KB ( 20480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-28 09:01:04 UTC ( 5 years, 1 month ago )
Last submission 2018-10-09 16:02:53 UTC ( 7 months, 2 weeks ago )
File names cd426226b734e167583b8c3bf558db08.exe
file-6781583_exe
Invoice_03282014.exe
c-acf8a-2697-1395997261
007932590
Statement_03282014.exe
cd426226b734e167583b8c3bf558db08
Statement_03282014.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications