× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23d69729628a875b8289cfe3c99522d3a660e0c4f800b0fdc40dabf844c8903b
File name: officexp-KB910721-FullFile-ENU.ex
Detection ratio: 9 / 42
Analysis date: 2009-06-17 16:20:26 UTC ( 5 years ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.Gen 20090617
F-Secure Trojan-Spy.Win32.Zbot.gen 20090617
Kaspersky Trojan-Spy.Win32.Zbot.gen 20090617
McAfee-GW-Edition Trojan.Crypt.ZPACK.Gen 20090617
Microsoft PWS:Win32/Zbot.PM 20090617
NOD32 a variant of Win32/Kryptik.TL 20090617
NOD32Beta a variant of Win32/Kryptik.TL 20090617
Sunbelt Trojan-Downloader.Tibs.gen (v) 20090617
Symantec Packed.Generic.232 20090617
AVG 20090617
AhnLab-V3 20090617
Antiy-AVL 20090617
Authentium 20090616
Avast 20090616
BitDefender 20090617
CAT-QuickHeal 20090617
ClamAV 20090617
Comodo 20090617
DrWeb 20090617
F-Prot 20090616
Fortinet 20090617
GData 20090617
Ikarus 20090617
Jiangmin 20090617
K7AntiVirus 20090616
McAfee 20090616
McAfee+Artemis 20090616
Norman 20090617
PCTools 20090617
Panda 20090616
Prevx 20090617
Rising 20090617
Sophos 20090617
TheHacker 20090617
TrendMicro 20090617
VBA32 20090617
ViRobot 20090617
VirusBuster 20090616
a-squared 20090617
eSafe 20090617
eTrust-Vet 20090617
nProtect 20090617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 3
PE sections
PE imports
ObjectPrivilegeAuditAlarmW
SetFileSecurityA
NotifyChangeEventLog
ReportEventA
CryptSetKeyParam
ObjectCloseAuditAlarmW
GetNumberOfEventLogRecords
RegReplaceKeyA
BuildExplicitAccessWithNameW
AllocateAndInitializeSid
RegQueryInfoKeyW
CryptExportKey
BuildTrusteeWithSidA
GetSidSubAuthorityCount
GetNamedSecurityInfoExA
StartServiceA
CryptSetHashParam
GetAccessPermissionsForObjectW
ConvertSecurityDescriptorToAccessW
SetEntriesInAccessListW
GetCurrentHwProfileW
ReportEventW
ImpersonateNamedPipeClient
AbortSystemShutdownW
RegEnumValueA
AccessCheckAndAuditAlarmA
CryptAcquireContextA
RegReplaceKeyW
GetEffectiveRightsFromAclA
RegQueryValueExA
CryptSetProviderExA
CryptSetProvParam
LookupPrivilegeDisplayNameW
SetNamedSecurityInfoA
OpenEventLogW
BuildTrusteeWithSidW
CryptAcquireContextW
EnumDependentServicesA
RegSaveKeyA
LookupPrivilegeNameA
LookupAccountSidA
AddAccessDeniedAce
GetUserNameW
DeleteAce
RegCreateKeyW
CryptDecrypt
MakeAbsoluteSD
CryptHashSessionKey
CryptDeriveKey
RegLoadKeyA
ConvertSecurityDescriptorToAccessNamedW
OpenBackupEventLogW
NotifyBootConfigStatus
ChangeServiceConfigA
DestroyPrivateObjectSecurity
LookupPrivilegeDisplayNameA
SetAclInformation
ImpersonateSelf
ObjectPrivilegeAuditAlarmA
ConvertAccessToSecurityDescriptorA
CryptEnumProviderTypesA
lstrcmpW
SetCurrentDirectoryA
GetWindowsDirectoryW
lstrlen
GetNumberFormatA
IsSystemResumeAutomatic
CreateFileW
SetDefaultCommConfigA
GlobalUnWire
WriteConsoleOutputCharacterA
IsDBCSLeadByte
EnumTimeFormatsW
GetEnvironmentVariableA
BeginUpdateResourceA
SetPriorityClass
VirtualAlloc
SetCommTimeouts
CopyFileW
OpenFileMappingW
ConvertDefaultLocale
GetBinaryTypeA
GlobalDeleteAtom
LoadModule
VirtualProtect
GetCurrencyFormatW
GetVersionExW
UnlockFileEx
SetLastError
Process32First
ReadFileEx
FormatMessageA
GetExitCodeProcess
EndUpdateResourceW
IsBadWritePtr
DosDateTimeToFileTime
WaitForSingleObject
CloseHandle
SetThreadContext
SuspendThread
ReleaseSemaphore
WriteConsoleInputA
SetStdHandle
DeleteFileW
LoadLibraryA
BuildCommDCBAndTimeoutsW
GetPrivateProfileIntA
WriteConsoleW
GetCurrentDirectoryW
GetCommandLineW
LocalCompact
GetCurrentThread
WriteProcessMemory
GetNumberFormatW
GetConsoleTitleW
SHQueryValueExA
StrStrA
SHRegEnumUSValueA
StrFormatKBSizeW
SHCreateStreamOnFileA
PathUnmakeSystemFolderA
PathSkipRootW
PathFileExistsA
PathIsRootW
SHRegOpenUSKeyW
wvnsprintfW
AssocQueryStringByKeyW
StrRetToBufW
SHRegEnumUSKeyW
SHStrDupW
StrStrIA
PathRenameExtensionW
StrToIntW
PathIsRelativeW
PathAddExtensionW
StrCSpnIA
PathRelativePathToA
PathCompactPathW
AssocQueryKeyW
PathIsPrefixA
SHOpenRegStreamA
StrCpyNW
StrRetToStrW
UrlEscapeA
StrCSpnA
UrlApplySchemeA
PathRemoveBlanksA
StrCSpnW
PathFindFileNameW
PathFileExistsW
ColorAdjustLuma
SHDeleteValueW
SHRegDeleteEmptyUSKeyA
StrCmpNIW
SHIsLowMemoryMachine
SHCreateStreamOnFileW
PathIsUNCW
SHEnumValueA
PathIsRootA
PathRemoveArgsA
PathStripPathW
PathCreateFromUrlW
wnsprintfW
PathIsUNCServerW
PathStripToRootW
SHGetInverseCMAP
StrCmpW
SHCreateShellPalette
PathAddExtensionA
StrFromTimeIntervalW
ColorRGBToHLS
PathUnmakeSystemFolderW
StrFormatKBSizeA
PathCombineA
SHOpenRegStreamW
SHRegDeleteUSValueA
UrlGetLocationA
StrCatW
ToAscii
CloseWindowStation
LoadBitmapW
UnhookWinEvent
GetAsyncKeyState
LoadBitmapA
GetUserObjectInformationA
EnumDisplaySettingsW
ValidateRgn
SetThreadDesktop
EnumWindowStationsA
AppendMenuA
SetParent
GetTabbedTextExtentW
DialogBoxIndirectParamW
GetMenuCheckMarkDimensions
SetClassLongW
CreateDialogIndirectParamA
CopyAcceleratorTableW
SetCursor
GrayStringA
SetCapture
TranslateMDISysAccel
SetDeskWallpaper
DrawFrameControl
DdeClientTransaction
ToUnicodeEx
DestroyCaret
SetWindowsHookA
FrameRect
GetDCEx
IsDialogMessageA
DdeCreateStringHandleA
EnumDisplayDevicesA
MessageBeep
GetWindowRgn
IsZoomed
BroadcastSystemMessageW
CheckDlgButton
PtInRect
SetProcessDefaultLayout
CharUpperBuffA
GetMessageTime
DdeQueryStringA
GetWindowTextA
RedrawWindow
DdeInitializeA
DlgDirSelectComboBoxExW
DdeQueryConvInfo
LoadImageA
InsertMenuItemW
GetKeyboardType
CharPrevExA
RegisterClassExA
CharUpperW
SetScrollRange
GetClipCursor
MapVirtualKeyExA
EnumDisplaySettingsExA
DeferWindowPos
EndPaint
EnumChildWindows
RegisterDeviceNotificationW
GetMenuStringA
CharLowerBuffA
GetKeyNameTextA
InvertRect
MessageBoxExW
GetWindowLongA
OleCreateLinkToFileEx
OleSetContainedObject
IIDFromString
ReadClassStg
CoCreateGuid
MonikerCommonPrefixWith
OleCreateEmbeddingHelper
PropVariantCopy
StgCreateDocfile
OleCreateMenuDescriptor
WriteFmtUserTypeStg
CoReleaseServerProcess
OleSetMenuDescriptor
CoDisconnectObject
OleCreate
CLSIDFromProgID
RevokeDragDrop
CoRevokeClassObject
OleMetafilePictFromIconAndLabel
CoSetProxyBlanket
ReadStringStream
StgOpenStorage
OleDuplicateData
GetConvertStg
CoGetInstanceFromIStorage
UpdateDCOMSettings
CoGetInstanceFromFile
CLSIDFromString
CoUninitialize
OleSetClipboard
GetHGlobalFromILockBytes
CoRegisterPSClsid
CoCopyProxy
CoTreatAsClass
OpenOrCreateStream
GetClassFile
CoQueryClientBlanket
CreateDataCache
ProgIDFromCLSID
CreateDataAdviseHolder
OleSaveToStream
GetRunningObjectTable
CoMarshalInterThreadInterfaceInStream
OleSave
SetConvertStg
StgIsStorageFile
CoQueryProxyBlanket
ReadOleStg
CoTaskMemFree
CoRegisterClassObject
RegisterDragDrop
OleCreateFromData
CoGetObject
ReleaseStgMedium
CoGetCurrentLogicalThreadId
OleCreateEx
StgOpenStorageOnILockBytes
CoSuspendClassObjects
File identification
MD5 a61147f4b480d550204128fdf4eb3bcd
SHA1 26a577cc60c7e64749550c0ac71f29c6e9d0f44b
SHA256 23d69729628a875b8289cfe3c99522d3a660e0c4f800b0fdc40dabf844c8903b
ssdeep
1536:SDo6C8JkqBZj7QMJ5MGSXiN3QBW3Go0dXLexnGbBfClGGxGd/b:OHLkqBZ3yGSi3QBWm7EGVfoHA

File size 80.0 KB ( 81920 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
VirusTotal metadata
First submission 2009-06-17 16:16:44 UTC ( 5 years ago )
Last submission 2011-08-09 06:02:20 UTC ( 2 years, 11 months ago )
File names A61147F4B480D550204128FDF4EB3BCD
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!