× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 164dc03821087304b59a57786001b5a619af5b9a5a218e031b6beb36eb5ae2af
File name: Data .exe
Detection ratio: 52 / 56
Analysis date: 2015-10-02 18:42:57 UTC ( 3 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7952044 20151002
Yandex Worm.Mabezat.A 20150930
AhnLab-V3 HEUR/Fakon.mwf 20151002
ALYac Trojan.Generic.7952044 20151002
Antiy-AVL Worm/Win32.Mabezat.b 20151002
Arcabit Trojan.Generic.D7956AC 20151002
Avast Win32:Agent-AVCE [Trj] 20151002
AVG Generic_r.NV 20151002
Avira (no cloud) WORM/Mabezat.b 20151002
AVware Worm.Win32.Mabezat.b (v) 20151002
BitDefender Trojan.Generic.7952044 20151002
Bkav W32.Pharoh.Worm 20151002
CAT-QuickHeal W32.Mabezat.Dr 20151002
ClamAV W32.Mabezat-2 20151002
CMC Worm.Win32.Mabezat!O 20151002
Comodo Worm.Win32.Pronny.BL 20151002
Cyren W32/Mabezat.FRWO-1177 20151002
DrWeb Win32.HLLW.Tazebama 20151002
Emsisoft Trojan.Generic.7952044 (B) 20151002
ESET-NOD32 Win32/Mabezat.A 20151002
F-Prot W32/Mabezat.A 20150929
F-Secure Trojan.Generic.7952044 20151002
Fortinet W32/Mabezat.B!worm 20151002
GData Trojan.Generic.7952044 20151002
Ikarus Trojan.Win32.Genome 20151002
Jiangmin Trojan/Mabezat.j 20151001
K7AntiVirus Virus ( 000ad08b1 ) 20151002
K7GW Virus ( 000ad08b1 ) 20151002
Kaspersky Worm.Win32.Mabezat.b 20151002
Kingsoft Win32.Mabezat.b.1038191 20151002
Malwarebytes Worm.Mabezat 20151002
McAfee W32/Mabezat 20151002
McAfee-GW-Edition BehavesLike.Win32.Mabezat.cc 20151002
Microsoft Virus:Win32/Mabezat.B 20151002
eScan Trojan.Generic.7952044 20151002
NANO-Antivirus Virus.Win32.Mabezat.kfroy 20151002
Panda W32/Mabezat.C.worm 20151002
Qihoo-360 Win32/Worm.38a 20151002
Rising PE:Worm.Mabezat!1.995D[F1] 20151001
Sophos AV W32/Mabezat-B 20151002
SUPERAntiSpyware Trojan.Agent/Gen-VirutZ 20151002
Symantec W32.Mabezat.B 20151002
Tencent Win32.Virus.Mabezat.Szbe 20151002
TheHacker Trojan/Genome.hpoz 20151001
TotalDefense Win32/Mabezat.B!Dropper 20151002
TrendMicro PE_MABEZAT.B-O 20151002
TrendMicro-HouseCall PE_MABEZAT.B-O 20151002
VBA32 Trojan.Win32.Mabezat.a 20151001
VIPRE Worm.Win32.Mabezat.b (v) 20151002
ViRobot Worm.Win32.Mabezat.154751[h] 20151002
Zillya Worm.MabezatGen.Win32.1 20151002
Zoner Win32.Mabezat.B 20151002
AegisLab 20151002
Alibaba 20150927
Baidu-International 20151002
ByteHero 20151002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-29 06:17:05
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 2f2d5508df5480e5ee442ae5386efa99
File type data
Offset 73216
Size 81755
Entropy 6.75
PE imports
GetStartupInfoA
HeapFree
GetModuleHandleA
ExitProcess
HeapAlloc
GetCommandLineA
GetTickCount
LoadLibraryA
HeapReAlloc
GetProcAddress
GetProcessHeap
rename
__CxxFrameHandler
memset
strstr
abs
rand
strlen
srand
strcat
memcpy
strcpy
memcmp
isdigit
_EH_prolog
isspace
strncpy
strcmp
MessageBoxA
wvsprintfA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CATALAN NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:10:29 07:17:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53760

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
72192

SubsystemVersion
4.0

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ce12cb51b2e1a185e53f15909e3814bc
SHA1 cd4d54811d677fe1d0fd8d5ce3cc391f85dca9f6
SHA256 164dc03821087304b59a57786001b5a619af5b9a5a218e031b6beb36eb5ae2af
ssdeep
3072:poQ9jn/bvuoXROlHSGMDdTx7k/dhm4t3hEVr:pxZBcHcDdTx7kPms3hA

authentihash 49884d29830d46fd20805c3c8d41d668c9bce723a9f4b214ae04ddc8c89b597b
imphash 6039c26165040db47e28057ca34786ef
File size 151.3 KB ( 154971 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-02 18:42:57 UTC ( 3 years, 5 months ago )
Last submission 2015-10-02 18:42:57 UTC ( 3 years, 5 months ago )
File names Data .exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Shell commands
Opened mutexes
Runtime DLLs