× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c792601ed172e0f235f6e7add5d4d8aa72cefc5c3427519492be080b9be128e0
File name: tax 2012-2013.exe
Detection ratio: 17 / 47
Analysis date: 2013-11-12 20:14:21 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20131112
AntiVir TR/Spy.ZBot.ajdsf.1 20131112
Avast Win32:Malware-gen 20131112
AVG Generic_s.CIC 20131112
Commtouch W32/Trojan.MNVO-2370 20131112
DrWeb Trojan.DownLoad3.28161 20131112
ESET-NOD32 Win32/TrojanDownloader.Small.AAB 20131112
F-Prot W32/Trojan3.GLX 20131112
Fortinet W32/Small.BS!tr.dldr 20131112
Kaspersky Trojan.Win32.Bublik.bkha 20131112
Malwarebytes Trojan.Dropper 20131112
McAfee RDN/Generic.dx!ctg 20131112
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!81 20131112
Sophos AV Mal/EncPk-ZC 20131112
Symantec Trojan.Zbot 20131112
TrendMicro-HouseCall TROJ_GEN.F0D1H00KC13 20131112
VIPRE Trojan.Win32.Generic!SB.0 20131112
Yandex 20131112
Antiy-AVL 20131112
Baidu-International 20131112
BitDefender 20131112
Bkav 20131112
ByteHero 20131111
CAT-QuickHeal 20131112
ClamAV 20131112
Comodo 20131112
Emsisoft 20131112
F-Secure 20131112
GData 20131112
Ikarus 20131112
Jiangmin 20131112
K7AntiVirus 20131112
K7GW 20131112
Kingsoft 20130829
Microsoft 20131112
eScan 20131112
NANO-Antivirus 20131111
Norman 20131112
nProtect 20131112
Panda 20131112
Rising 20131112
SUPERAntiSpyware 20131112
TheHacker 20131112
TotalDefense 20131111
TrendMicro 20131112
VBA32 20131112
ViRobot 20131112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-02 06:37:58
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
ExcludeClipRect
UpdateColors
CreateBitmap
GetTextExtentPoint32A
GetStockObject
TextOutA
CreateSolidBrush
IntersectClipRect
SetBkColor
CreateCompatibleDC
DeleteObject
RealizePalette
Rectangle
ImmGetContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontA
acmStreamOpen
acmStreamConvert
GetModuleHandleA
HeapCreate
FreeLibrary
HeapAlloc
ExitProcess
GetProcAddress
GetMessageA
CreateWindowExA
GetDoubleClickTime
LoadIconA
UpdateWindow
DispatchMessageA
GetQueueStatus
PostQuitMessage
DefWindowProcA
RegisterClassA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 2
PE resources
ExifTool file metadata
CodeSize
2048

SubsystemVersion
5.1

InitializedDataSize
22016

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.1.2

LanguageCode
Neutral 2

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (0025)

LinkerVersion
10.0

EntryPoint
0x1000

OriginalFileName
gog.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2010

FileVersion
5.2.1.2

TimeStamp
2004:04:02 07:37:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
go.exe

FileDescrsiption
go .exe

ProductVersion
5.2.1.3

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MS Corp

LegalTrademarks
Legal

ProductName
Go

ProductVersionNumber
5.2.1.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b807f603c69aea97e900e59ec99315b5
SHA1 482663b7b5a9ee28927bcfa247a70abbcd9fff88
SHA256 c792601ed172e0f235f6e7add5d4d8aa72cefc5c3427519492be080b9be128e0
ssdeep
384:cJK3FwyHsmev9n96oTlzcFihsHReNWpgVQ:qK3psxrJzcFiAgWS

authentihash 5a70e507c5f5ff584b9869afbf38d6eeb459f8767a1bdc099036a9f47becee2d
imphash 58379234ce2a92d329d58cacb1287fb8
File size 24.5 KB ( 25088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (68.6%)
Win32 Executable (generic) (11.1%)
Win16/32 Executable Delphi generic (5.1%)
OS/2 Executable (generic) (5.0%)
Generic Win/DOS Executable (4.9%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-12 15:13:01 UTC ( 5 years, 6 months ago )
Last submission 2018-10-09 12:20:51 UTC ( 7 months, 2 weeks ago )
File names tax 2012-2013.exe_
c792601ed172e0f235f6e7add5d4d8aa72cefc5c3427519492be080b9be128e0
482663B7B5A9EE28927BCFA247A70ABBCD9FFF88.exe
c-bf63a-650-1384276503
f529b45286684243f84c6fb622af36ae0c0d2ca2
file-6198438_exe
FMS-Case-{_Case_DIG}.zip.ex2
b807f603c69aea97e900e59ec99315b5.exe
Case_{_partorderb}.exe
vti-rescan
tax 2012-2013.ex_
tax 2012-2013.exe
b807f603c69aea97e900e59ec99315b5
FMS-Case-{_Case_DIG}.zip.exe
007105523
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!