× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1370b10dbe45282128fda8e665d0c888bfbd19ad0565622cb5e2c6d7a4e1f209
File name: 59c7cff8fed4ed64e0695f299a3ca9f5
Detection ratio: 13 / 54
Analysis date: 2014-10-15 17:28:15 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.159529 20141015
AegisLab Troj.W32.Gen 20141015
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141015
AVG Zbot.PZY 20141015
Avira (no cloud) TR/Crypt.ZPACK.67319 20141015
BitDefender Gen:Variant.Graftor.159529 20141015
Emsisoft Gen:Variant.Graftor.159529 (B) 20141015
ESET-NOD32 Win32/Spy.Zbot.ACB 20141015
GData Gen:Variant.Graftor.159529 20141015
eScan Gen:Variant.Graftor.159529 20141015
Rising PE:Malware.FakeDOC@CV!1.9C3C 20141015
TrendMicro TROJ_FORUCON.BMC 20141015
TrendMicro-HouseCall TROJ_FORUCON.BMC 20141015
Yandex 20141015
AhnLab-V3 20141015
Avast 20141015
AVware 20141015
Baidu-International 20141015
Bkav 20141015
ByteHero 20141015
CAT-QuickHeal 20141015
ClamAV 20141015
CMC 20141013
Comodo 20141015
Cyren 20141015
DrWeb 20141015
F-Prot 20141015
F-Secure 20141015
Fortinet 20141015
Ikarus 20141015
Jiangmin 20141014
K7AntiVirus 20141015
K7GW 20141015
Kaspersky 20141015
Kingsoft 20141015
Malwarebytes 20141015
McAfee 20141015
McAfee-GW-Edition 20141015
Microsoft 20141015
NANO-Antivirus 20141015
Norman 20141015
nProtect 20141015
Qihoo-360 20141015
Sophos AV 20141015
SUPERAntiSpyware 20141015
Symantec 20141015
Tencent 20141015
TheHacker 20141013
TotalDefense 20141015
VBA32 20141015
VIPRE 20141015
ViRobot 20141015
Zillya 20141015
Zoner 20141014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher ORacle Corporation
File version 7.0.40.20
Description Java(TM) Platform SE binary
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-14 15:33:58
Entry Point 0x000026C0
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegEnumValueW
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
CancelDC
GetTextCharset
CreateMetaFileW
lstrcpynW
LocalFree
FormatMessageW
lstrcpyW
lstrcatW
GetSystemDirectoryW
lstrcmpiW
GetModuleHandleA
LoadLibraryW
GetLastError
lstrlenW
FreeLibrary
ExpandEnvironmentStringsW
CreateProcessW
ExitProcess
GetStartupInfoW
VirtualAllocEx
GetProcAddress
GetCommandLineW
GetModuleHandleW
SetWindowLongW
GetSysColor
LoadIconA
GetWindowRect
GetKeyboardType
EndDialog
LoadIconW
DialogBoxParamW
LoadStringW
GetCursor
GetDlgItem
wsprintfW
GetKeyState
ScreenToClient
GetInputState
SetWindowPos
DestroyWindow
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

FileDescription
Java(TM) Platform SE binary

InitializedDataSize
434176

ImageVersion
0.0

FileVersionNumber
7.0.40.20

LanguageCode
Neutral

FileFlagsMask
0x003f

FullVersion
1.7.0_04-b20

CharacterSet
Unicode

LinkerVersion
9.0

MIMEType
application/octet-stream

FileVersion
7.0.40.20

TimeStamp
2014:10:14 16:33:58+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:10:15 18:29:05+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:10:15 18:29:05+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ORacle Corporation

CodeSize
8192

FileSubtype
0

ProductVersionNumber
7.0.40.20

EntryPoint
0x26c0

ObjectFileType
Executable application

File identification
MD5 59c7cff8fed4ed64e0695f299a3ca9f5
SHA1 4cf047ea08d20c77b17f1f974828d1d3b24189d9
SHA256 1370b10dbe45282128fda8e665d0c888bfbd19ad0565622cb5e2c6d7a4e1f209
ssdeep
6144:O56O+9kcyNw4VJhYNOQ5sAHsceLwH/uvRtXiv:Osn9k5w4VgUgsBW/4K

authentihash fb8fc51c8dab6e0d6a4739590dfc58dc85c0ece0113e0bfa4420cba4aa8a8a3b
imphash f227e8a99a28a9bdf1777a6b6169fa0f
File size 433.0 KB ( 443392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-15 17:28:15 UTC ( 4 years, 5 months ago )
Last submission 2014-10-15 17:28:15 UTC ( 4 years, 5 months ago )
File names 1370b10dbe45282128fda8e665d0c888bfbd19ad0565622cb5e2c6d7a4e1f209.exe
59c7cff8fed4ed64e0695f299a3ca9f5
1370b10dbe45282128fda8e665d0c888bfbd19ad0565622cb5e2c6d7a4e1f209.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.