× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10cf55031c31f8a615b93cec9d3675b6af2fb7d9aa4ef5163723b55e43b9a9f4
File name: office.12
Detection ratio: 7 / 56
Analysis date: 2016-06-29 12:21:48 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Yakes.mBuQ 20160629
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160629
Bkav HW32.Packed.D2A2 20160629
Kaspersky UDS:DangerousObject.Multi.Generic 20160629
McAfee-GW-Edition BehavesLike.Win32.Expiro.cc 20160629
Qihoo-360 QVM20.1.Malware.Gen 20160629
Symantec Heur.AdvML.B 20160629
Ad-Aware 20160629
Yandex 20160626
AhnLab-V3 20160629
Alibaba 20160629
ALYac 20160629
Antiy-AVL 20160629
Arcabit 20160629
Avast 20160629
AVG 20160629
Avira (no cloud) 20160629
AVware 20160629
BitDefender 20160629
CAT-QuickHeal 20160629
ClamAV 20160629
CMC 20160627
Comodo 20160629
Cyren 20160629
DrWeb 20160629
Emsisoft 20160629
ESET-NOD32 20160629
F-Prot 20160629
F-Secure 20160629
Fortinet 20160629
GData 20160629
Ikarus 20160629
Jiangmin 20160629
K7AntiVirus 20160629
K7GW 20160629
Kingsoft 20160629
Malwarebytes 20160629
McAfee 20160629
Microsoft 20160629
eScan 20160629
NANO-Antivirus 20160629
nProtect 20160629
Panda 20160628
Sophos AV 20160629
SUPERAntiSpyware 20160629
Tencent 20160629
TheHacker 20160628
TotalDefense 20160628
TrendMicro 20160629
TrendMicro-HouseCall 20160629
VBA32 20160627
VIPRE 20160629
ViRobot 20160629
Yandex 20160626
Zillya 20160629
Zoner 20160629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SENDMAIL.DLL
Internal name sendmail
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Send Mail
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-28 14:30:02
Entry Point 0x00003010
Number of sections 3
PE sections
PE imports
LocalFree
GetStartupInfoA
LocalAlloc
GetModuleFileNameW
GetConsoleWindow
CompareStringA
RpcBindingSetObject
IUnknown_Release_Proxy
RpcMgmtSetCancelTimeout
RpcAsyncCancelCall
RpcMgmtEpUnregister
RpcSmDisableAllocate
I_RpcPauseExecution
NdrEncapsulatedUnionMarshall
NdrRpcSmSetClientToOsf
RpcServerUseProtseqExA
RpcRevertToSelfEx
NdrConformantVaryingArrayFree
RpcBindingInqAuthClientA
RpcServerUseProtseqEpA
NdrPointerMarshall
NdrNonConformantStringUnmarshall
RpcBindingSetAuthInfoW
NdrMapCommAndFaultStatus
RpcSsFree
RpcCancelThreadEx
NdrEncapsulatedUnionMemorySize
RpcBindingInqAuthInfoW
NdrXmitOrRepAsUnmarshall
NdrFreeBuffer
RpcServerUseAllProtseqsIf
NdrServerUnmarshall
I_RpcServerRegisterForwardFunction
SetupPromptForDiskA
SetupQueueCopyA
SetupDiClassNameFromGuidA
SetupDiCreateDeviceInfoW
SetupDiGetClassDevsA
SetupGetIntField
SetupInstallFileExW
SetupDiSetDeviceInstallParamsW
SetupDiRegisterCoDeviceInstallers
SetupInstallFilesFromInfSectionA
SetupDiOpenDeviceInfoW
SetupQueueDeleteSectionA
SetupDiGetClassDescriptionW
InstallHinfSectionA
SetupDiCreateDeviceInfoListExA
SetupDiDestroyClassImageList
PathRelativePathToA
UrlIsA
ShowWindow
RtlDowncaseUnicodeString
RtlCompareUnicodeString
NtReadVirtualMemory
NtSetInformationProcess
RtlNtStatusToDosError
NtCreateSemaphore
NtTerminateThread
NtDeviceIoControlFile
NtWaitForSingleObject
NtOpenProcess
RtlCompareMemory
ZwAllocateVirtualMemory
RtlOemStringToUnicodeString
RtlFreeUnicodeString
NtQueryVirtualMemory
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
83456

EntryPoint
0x3010

OriginalFileName
SENDMAIL.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2016:06:28 15:30:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sendmail

ProductVersion
6.1.7600.16385

FileDescription
Send Mail

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Pahom Corporation

CodeSize
46080

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b8946d3329e56a3f3e52547aac913e8e
SHA1 8dda6643074fc4c08e621b06a4b9ba2b02307462
SHA256 10cf55031c31f8a615b93cec9d3675b6af2fb7d9aa4ef5163723b55e43b9a9f4
ssdeep
1536:Z32O+JJPXrosvIHAQWNRiKkt7LubuEDOMRefwp2g2B+IbZJ2PJdvOB7wXBzD:x2OQzBr/kt7wuw3U4cPB+IbZJ2hdnt

authentihash 8d08f932e081a3169d49375e76284e5ad87332f47df88c38e2339b4ae0436a79
imphash 7f925477bc7a0e890a59d51fa3a0bf3a
File size 126.5 KB ( 129536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-29 11:20:02 UTC ( 2 years, 3 months ago )
Last submission 2016-12-16 07:22:13 UTC ( 1 year, 10 months ago )
File names SENDMAIL.DLL
office.12
fault-report-file-created_10cf55031c31f8a615b93cec9d3675b6af2fb7d9aa4ef5163723b55e43b9a9f4
10cf55031c31f8a615b93cec9d3675b6af2fb7d9aa4ef5163723b55e43b9a9f4.exe
sendmail
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications