× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0bb27e6dba7e60c46cf8d829ddea604f1772ccf52885a84f5f07d3bd6953b0f0
File name: UPS_Document.exe
Detection ratio: 23 / 43
Analysis date: 2010-10-16 02:22:52 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Packed/Win32.Generic 20101015
AntiVir TR/Crypt.XPACK.Gen 20101015
Authentium W32/Oficla.P.gen!Eldorado 20101015
BitDefender Trojan.Oficla.AO 20101016
ClamAV Heuristic.Trojan.SusPacked.TMS 20101015
Comodo UnclassifiedMalware 20101016
DrWeb Trojan.Oficla.73 20101016
Emsisoft Win32.Outbreak!IK 20101016
F-Prot W32/Oficla.P.gen!Eldorado 20101015
F-Secure Trojan.Oficla.AO 20101016
GData Trojan.Oficla.AO 20101016
Ikarus Win32.Outbreak 20101016
K7AntiVirus Riskware 20101015
McAfee Generic.dx!uhx 20101016
McAfee-GW-Edition Artemis!096495761152 20101015
Microsoft TrojanDownloader:Win32/Mafchek.C 20101015
NOD32 a variant of Win32/Kryptik.HHI 20101015
Panda Suspicious file 20101015
PCTools HeurEngine.MaliciousPacker 20101016
Prevx High Risk System Back Door 20101016
Sophos Mal/Oficla-A 20101015
Symantec Packed.Generic.308 20101016
TrendMicro-HouseCall TROJ_BREDLAB.TX 20101016
Antiy-AVL 20101016
Avast 20101016
Avast5 20101016
AVG 20101015
CAT-QuickHeal 20101015
eSafe 20101014
eTrust-Vet 20101015
Fortinet 20101014
Jiangmin 20101015
Kaspersky 20101016
Norman 20101015
nProtect 20101015
Rising 20101015
Sunbelt 20101016
SUPERAntiSpyware 20101016
TheHacker 20101015
TrendMicro 20101016
VBA32 20101015
ViRobot 20101015
VirusBuster 20101015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 21.27.67
Description (C) 4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-15 15:30:47
Entry Point 0x000010C0
Number of sections 10
PE sections
Overlays
MD5 bf619eac0cdf3f68d496ea9344137e8b
File type ASCII text
Offset 40960
Size 512
Entropy 0.00
PE imports
GetModuleHandleA
lstrcatA
VirtualProtect
GetWindowsDirectoryA
HeapAlloc
CreateFileA
GetCommandLineA
GetProcAddress
GetProcessHeap
LoadIconA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
36352

ImageVersion
0.0

FileVersionNumber
15.76.37.80

UninitializedDataSize
0

LanguageCode
Unknown (FFFF)

FileFlagsMask
0x0000

CharacterSet
ASCII

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
21.27.67

TimeStamp
2010:10:15 16:30:47+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.70.8

FileDescription
(C) 4

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
3584

FileSubtype
0

ProductVersionNumber
80.77.5.56

EntryPoint
0x10c0

ObjectFileType
Unknown

File identification
MD5 0964957611527841a83906bd68e248c7
SHA1 2497d1be1a4b49808171f388dd3ae1c59956075f
SHA256 0bb27e6dba7e60c46cf8d829ddea604f1772ccf52885a84f5f07d3bd6953b0f0
ssdeep
384:elMe+PCELpfqvcliREndyAOy2rNGsmrDLET4pO4NOsd11KZplUT80d7cqyn7:elps9qUl+iP2rNGvjS4Rgsd1wZp+vG7

authentihash 9bac7ddc1d6c83b6de76933f632ef67cd3b6b70c2af94ba76e19f560e4b4a418
imphash ad0b5226126f05c2b27aecc205b01243
File size 40.5 KB ( 41472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2010-10-15 16:17:26 UTC ( 6 years, 8 months ago )
Last submission 2013-10-29 20:56:20 UTC ( 3 years, 8 months ago )
File names smona132734062393381828314
0BB27E6DBA7E60C46CF8D829DDEA604F1772CCF52885A84F5F07D3BD6953B0F0.exe
vt-upload-lvjx9
aa
0964957611527841A83906BD68E248C7
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!