× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0dada1e40d90c28f50b5fcba3ca39ddccb650be4e5cee3e12f49544eb6fc92b2
File name: fax2_info.exex
Detection ratio: 4 / 57
Analysis date: 2015-05-19 11:58:53 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Downloader.nm 20150519
Sophos AV Mal/Dyreza-P 20150519
Symantec Downloader.Upatre!gen5 20150519
Tencent Trojan.Win32.Qudamah.Gen.24 20150519
Ad-Aware 20150519
AegisLab 20150519
Yandex 20150518
AhnLab-V3 20150518
Alibaba 20150519
ALYac 20150519
Antiy-AVL 20150519
Avast 20150519
AVG 20150519
Avira (no cloud) 20150519
AVware 20150519
Baidu-International 20150519
BitDefender 20150519
Bkav 20150519
ByteHero 20150519
CAT-QuickHeal 20150519
ClamAV 20150519
CMC 20150518
Comodo 20150519
Cyren 20150519
DrWeb 20150519
Emsisoft 20150519
ESET-NOD32 20150519
F-Prot 20150519
F-Secure 20150519
Fortinet 20150519
GData 20150519
Ikarus 20150519
Jiangmin 20150518
K7AntiVirus 20150519
K7GW 20150519
Kaspersky 20150519
Kingsoft 20150519
Malwarebytes 20150519
McAfee 20150519
Microsoft 20150519
eScan 20150519
NANO-Antivirus 20150519
Norman 20150519
nProtect 20150519
Panda 20150518
Qihoo-360 20150519
Rising 20150519
SUPERAntiSpyware 20150519
TheHacker 20150518
TotalDefense 20150519
TrendMicro 20150519
TrendMicro-HouseCall 20150519
VBA32 20150519
VIPRE 20150519
ViRobot 20150519
Zillya 20150518
Zoner 20150518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-13 11:13:52
Entry Point 0x0000276F
Number of sections 3
PE sections
PE imports
InitCommonControlsEx
GetStartupInfoA
InitializeCriticalSection
GetModuleHandleA
ReadFile
SleepEx
InterlockedExchange
GetCurrentDirectoryA
lstrcpyA
InterlockedDecrement
GetTickCount
CloseHandle
CreateFileA
Sleep
LoadLibraryA
SetCurrentDirectoryA
InterlockedIncrement
_except_handler3
__p__fmode
_acmdln
??2@YAPAXI@Z
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
SetFocus
GetMessageA
UpdateWindow
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
FindWindowA
DispatchMessageA
EndPaint
PostMessageA
TranslateMessage
DialogBoxParamA
RegisterClassExA
DrawTextA
LoadStringA
SendMessageA
GetClientRect
CreateWindowExA
LoadCursorA
LoadIconA
DestroyWindow
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ITALIAN 3
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:08:13 12:13:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7680

LinkerVersion
8.0

EntryPoint
0x276f

InitializedDataSize
23040

SubsystemVersion
5.2

ImageVersion
5.2

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 934b96717d5a4f1c94a7a5cd70a171ac
SHA1 2d14af44ca6d19f4e2308cffff5edfe519d1db38
SHA256 0dada1e40d90c28f50b5fcba3ca39ddccb650be4e5cee3e12f49544eb6fc92b2
ssdeep
384:R5LCdr7rOg4GL5h4YDq1dwn0mC8LYbmX42+9TQdEENHPwsFVpcqs0B0oJy2:R5LWr94GLHydwn0F8U1TWEewsFVpZ0o

authentihash 3532ffddcfaa35ac63a1bb02eb1acbb4a8e0b1a5f974ebae60d3766bbf5413fa
imphash 33df2336ced0049710a0565c2ecf94ce
File size 31.0 KB ( 31744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-19 11:58:53 UTC ( 2 years, 2 months ago )
Last submission 2016-03-14 23:14:17 UTC ( 1 year, 4 months ago )
File names fax2_info.exex
0dada1e40d90c28f50b5fcba3ca39ddccb650be4e5cee3e12f49544eb6fc92b2.exe
0DADA1E40D90C28F50B5FCBA3CA39DDCCB650BE4E5CEE3E12F49544EB6FC92B2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!