× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f96459c0ead337cf13478236d13c76a5f7606bbf912e3963abc3b24180b1640
File name: invoice_pdf.exe
Detection ratio: 43 / 54
Analysis date: 2014-06-17 13:26:09 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AVG Inject2.AJNT 20140617
Ad-Aware Trojan.GenericKD.1711125 20140617
Agnitum Backdoor.Androm!NBj3o7TUCE0 20140614
AhnLab-V3 Trojan/Win32.Zbot 20140617
AntiVir BDS/Androm.elwa.1 20140617
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20140617
Avast Win32:Zbot-UCA [Trj] 20140617
Baidu-International Trojan.Win32.Kumis.cA 20140617
BitDefender Trojan.GenericKD.1711125 20140617
CAT-QuickHeal Backdoor.Androm.r4 20140617
Commtouch W32/Trojan.QSIC-3782 20140617
Comodo UnclassifiedMalware 20140617
DrWeb Trojan.Packed.27086 20140617
ESET-NOD32 Win32/TrojanDownloader.Wauchos.AD 20140617
Emsisoft Trojan-Downloader.Win32.Agent (A) 20140617
F-Prot W32/Trojan3.IOW 20140617
F-Secure Trojan:W32/Agent.DUYU 20140617
Fortinet W32/Wauchos.AD!tr 20140617
GData Trojan.GenericKD.1711125 20140617
Ikarus Trojan-Spy.Agent 20140617
K7AntiVirus Trojan-Downloader ( 004995281 ) 20140617
K7GW Trojan-Downloader ( 004995281 ) 20140617
Kaspersky Backdoor.Win32.Androm.elwa 20140617
Malwarebytes Spyware.Zbot.ED 20140617
McAfee RDN/Downloader.a!rg 20140617
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-DTR.K 20140616
MicroWorld-eScan Trojan.GenericKD.1711125 20140617
Microsoft TrojanDownloader:Win32/Kumis.A 20140617
NANO-Antivirus Trojan.Win32.Zbot.daqlfi 20140617
Norman Troj_Generic.UHTSK 20140617
Panda Trj/CI.A 20140617
Qihoo-360 HEUR/Malware.QVM20.Gen 20140617
Sophos Troj/Mdrop-GBD 20140617
Symantec Trojan.Gen.SMH 20140617
Tencent Win32.Backdoor.Androm.Ebqq 20140617
TotalDefense Win32/Upatre.DAFSOW 20140617
TrendMicro TROJ_UPATRE.YYMY 20140617
TrendMicro-HouseCall TROJ_UPATRE.YYMY 20140617
VBA32 Backdoor.Androm 20140617
VIPRE Trojan.Win32.Generic.pak!cobra 20140616
ViRobot Trojan.Win32.Agent.98304.DB 20140617
Zillya Trojan.Zbot.Win32.157103 20140616
nProtect Backdoor/W32.Androm.98304.S 20140617
AegisLab 20140617
Bkav 20140617
ByteHero 20140617
CMC 20140617
ClamAV 20140617
Jiangmin 20140617
Kingsoft 20140617
Rising 20140617
SUPERAntiSpyware 20140617
TheHacker 20140617
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-30 18:05:42
Link date 7:05 PM 4/30/2014
Entry Point 0x00005F5F
Number of sections 4
PE sections
Number of PE resources by type
RT_STRING 12
Struct(15) 2
1
RT_ICON 1
Struct(241) 1
RT_MENU 1
Struct(144) 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 16
NEUTRAL 4
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:04:30 19:05:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
12.0

EntryPoint
0x5f5f

InitializedDataSize
65536

SubsystemVersion
4.2

ImageVersion
0.0

OSVersion
2.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8b54dedf5acc19a4e9060f0be384c74d
SHA1 3da65373fb00289ac2e507eecd91e0bdda3baeaa
SHA256 1f96459c0ead337cf13478236d13c76a5f7606bbf912e3963abc3b24180b1640
ssdeep
1536:7eGx5oMuhP7TBIDnzgsH6fNmGB4+fR9xELOq4aIHopdfqD:vxAhP+LU2kpBlJ9xELBZrOD

authentihash 715052de9346c37d184ce45aed43b08357a51fcbf54b071c2ab244172db9eb03
File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-09 11:41:40 UTC ( 1 year, 1 month ago )
Last submission 2015-07-07 04:54:46 UTC ( 3 weeks, 5 days ago )
File names invoice_98372342598730_pdf.exe
invoice_pdf.exe
invoice_98372342598730_pdf.exe-2014-06-09.21-00-01.txt
exe.ex
3DA65373FB00289AC2E507EECD91E0BDDA3BAEAA.sample
invoice_98372342598730_pdf_exe
invoice_98372342598730_pdf.exe
invoice_98372342598730_pdf.ex_
90fe0798fb12bfdac94708e6b724a2de39d0d999
invoice_98372342598730_pdf.exe
vti-rescan
invoice_98372342598730_pdf.exe.000
3597807.root_1_0.exe
008154781
file-7100048_exe
8b54dedf5acc19a4e9060f0be384c74d
invoice_98372342598730_pdf.ex~
Mal.exe
8b54dedf5acc19a4e9060f0be384c74d.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!