× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c01fa56f1c18f2c4249606cb1cd8166118f026e3a7833005c2a01b58881dbbf9
File name: HMRC_Message.exe
Detection ratio: 12 / 47
Analysis date: 2013-11-12 14:01:04 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Bublik 20131112
AntiVir TR/Crypt.XPACK.Gen3 20131112
Commtouch W32/Trojan.SHKH-0622 20131112
DrWeb Trojan.DownLoad.64691 20131112
ESET-NOD32 Win32/TrojanDownloader.Small.AAB 20131112
F-Prot W32/Trojan3.GLR 20131112
Fortinet W32/Small.ABS!tr 20131112
Ikarus Trojan.Injector 20131112
Kaspersky Trojan.Win32.Bublik.bkgg 20131112
Sophos AV Troj/Agent-AERJ 20131112
TrendMicro-HouseCall TROJ_GEN.F0D1H00KC13 20131112
VIPRE Trojan.Win32.Generic!SB.0 20131112
Yandex 20131111
Antiy-AVL 20131112
Avast 20131112
AVG 20131112
Baidu-International 20131112
BitDefender 20131112
Bkav 20131112
ByteHero 20131111
CAT-QuickHeal 20131112
ClamAV 20131112
Comodo 20131112
Emsisoft 20131112
F-Secure 20131112
GData 20131112
Jiangmin 20131112
K7AntiVirus 20131111
K7GW 20131111
Kingsoft 20130829
Malwarebytes 20131112
McAfee 20131112
McAfee-GW-Edition 20131111
Microsoft 20131112
eScan 20131112
NANO-Antivirus 20131111
Norman 20131112
nProtect 20131112
Panda 20131111
Rising 20131112
SUPERAntiSpyware 20131112
Symantec 20131112
TheHacker 20131112
TotalDefense 20131111
TrendMicro 20131112
VBA32 20131112
ViRobot 20131112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-12 06:13:45
Entry Point 0x00001DAC
Number of sections 7
PE sections
PE imports
TextOutW
GetLastError
GetCurrentProcess
HeapFree
lstrlenW
FormatMessageW
HeapAlloc
ExitProcess
lstrcmpW
GetModuleHandleW
GetLocalTime
GetProcessHeap
RegisterClassExW
GetSystemMetrics
BeginPaint
MessageBoxW
TranslateMessage
EndPaint
PostQuitMessage
SetWindowTextW
GetWindowTextW
DefWindowProcW
CreateWindowExW
GetMessageW
ShowWindow
DispatchMessageW
SetCursor
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:12 07:13:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8704

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
16384

SubsystemVersion
5.0

EntryPoint
0x1dac

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 cadc018f978906ada55efd5c9ff22977
SHA1 6d30669e758ec456aff2464a3f093be50e81d5b2
SHA256 c01fa56f1c18f2c4249606cb1cd8166118f026e3a7833005c2a01b58881dbbf9
ssdeep
384:Kb8OPH4FJWRj1yomUlHKQO+zgp5E9fWWe53txEXS:KgOPHqJcLKRpu9fWWe53Ei

authentihash bc182295429b33705130ca54cfabb25099b2d8815ea7e107c1dfed8c3a5e4a9c
imphash 1355c8b0fadb1935e414f47fa976fffa
File size 25.5 KB ( 26112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-12 09:45:22 UTC ( 5 years, 6 months ago )
Last submission 2015-06-12 11:38:13 UTC ( 3 years, 11 months ago )
File names c01fa56f1c18f2c4249606cb1cd8166118f026e3a7833005c2a01b58881dbbf9
c-d1893-640-1384249504
muaPusY.sys
HMRC_Message_exe
file-6197650_exe
HMRC_Message.exe
007105234
HMRC_Message.ex_
vti-rescan
cadc018f978906ada55efd5c9ff22977.exe
cadc018f978906ada55efd5c9ff22977
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications