× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2011a5b2e90763872ab43517bd7c6fc0dbc146e986055d593dec17744897e9db
File name: InvoiceRef[1].exe
Detection ratio: 5 / 59
Analysis date: 2017-02-22 22:02:32 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Comodo Heur.Corrupt.PE 20170222
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Damaged_File.B.gen!Eldorado 20170222
F-Prot W32/Damaged_File.B.gen!Eldorado 20170222
TheHacker W32/Behav-Heuristic-CorruptFile-EP 20170221
Ad-Aware 20170222
AegisLab 20170222
AhnLab-V3 20170222
Alibaba 20170222
ALYac 20170222
Antiy-AVL 20170222
Arcabit 20170222
Avast 20170222
AVG 20170222
Avira (no cloud) 20170222
AVware 20170222
Baidu 20170222
BitDefender 20170222
Bkav 20170222
CAT-QuickHeal 20170222
ClamAV 20170222
CMC 20170222
DrWeb 20170222
Emsisoft 20170222
Endgame 20170222
ESET-NOD32 20170222
F-Secure 20170222
Fortinet 20170222
GData 20170222
Ikarus 20170222
Sophos ML 20170203
Jiangmin 20170222
K7AntiVirus 20170222
K7GW 20170222
Kaspersky 20170222
Kingsoft 20170222
Malwarebytes 20170222
McAfee 20170222
McAfee-GW-Edition 20170222
Microsoft 20170222
eScan 20170222
NANO-Antivirus 20170222
nProtect 20170222
Panda 20170222
Qihoo-360 20170222
Rising None
Sophos AV 20170222
SUPERAntiSpyware 20170222
Symantec 20170222
Tencent 20170222
TotalDefense 20170222
TrendMicro 20170222
TrendMicro-HouseCall 20170222
Trustlook 20170222
VBA32 20170222
VIPRE 20170222
ViRobot 20170222
Webroot 20170222
WhiteArmor 20170222
Yandex 20170222
Zillya 20170222
Zoner 20170222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-20 14:40:34
Entry Point 0x0000D348
Number of sections 4
PE sections
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:20 15:40:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
127488

LinkerVersion
9.0

Warning
Error processing PE data dictionary

EntryPoint
0xd348

InitializedDataSize
158720

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9f56c7066f1086e19e145181ea5c3cd4
SHA1 e06fc356685d010adc28d81d82be595c4629df75
SHA256 2011a5b2e90763872ab43517bd7c6fc0dbc146e986055d593dec17744897e9db
ssdeep
384:3fds/ix2scFUZ79yc03FW3Ld3SkZB/bJbSSlN+BwmQI0xCE4Jr2YBuwMeO12:3fdsax2scFUZ79yc03FYdXZBj1SSlN+x

authentihash 1dfaea86f44fc46233ff3aed5d115b93b65e7e770d8a8ec79f603f7f5e8d293f
File size 23.0 KB ( 23521 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
corrupt peexe

VirusTotal metadata
First submission 2017-02-22 22:02:32 UTC ( 2 years, 1 month ago )
Last submission 2017-03-09 08:12:10 UTC ( 2 years, 1 month ago )
File names 2011a5b2e90763872ab43517bd7c6fc0dbc146e986055d593dec17744897e9db.bin
localfile~
Trojan.Ransom.bin
InvoiceRef[1].exe
InvoiceRef[1].exe.89242120.DROPPED
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!