× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24b23bf7ebd03bf5feb0c637ea1e64661e27c78c66684dd49f074af2b2505bb7
File name: DHL_tracking.exe
Detection ratio: 29 / 43
Analysis date: 2011-03-11 12:39:27 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
AVG Cryptic.CKC 20110311
AhnLab-V3 Win-Trojan/Spyeyes.45568 20110311
AntiVir TR/Spy.ZBot.acd 20110311
Avast Win32:FakeAV-BIH 20110311
Avast5 Win32:FakeAV-BIH 20110311
BitDefender Trojan.Generic.KD.153004 20110311
Commtouch W32/Trojan3.CLD 20110311
Comodo Heur.Suspicious 20110311
DrWeb Trojan.DownLoader2.20866 20110311
Emsisoft Trojan-Spy.Win32.SpyEyes!IK 20110311
F-Prot W32/Trojan3.CLD 20110311
F-Secure Backdoor:W32/Agent.DRKU 20110311
GData Trojan.Generic.KD.153004 20110311
Ikarus Trojan-Spy.Win32.SpyEyes 20110311
K7AntiVirus Trojan 20110311
Kaspersky Trojan-Spy.Win32.SpyEyes.fpf 20110311
McAfee Bredolab.gen.c 20110311
McAfee-GW-Edition Artemis!81FC09B01461 20110311
Microsoft TrojanDownloader:Win32/Karagany.A 20110311
NOD32 Win32/TrojanDownloader.Karagany.A 20110311
Norman W32/Crypt.AUVD 20110311
PCTools Trojan.FakeAV!rem 20110311
Sophos Troj/Agent-QRA 20110311
Symantec Trojan.FakeAV 20110311
TrendMicro TROJ_KRYPTIK.PAE 20110311
TrendMicro-HouseCall TROJ_KRYPTIK.PAE 20110311
VIPRE Trojan.Win32.Generic.pak!cobra 20110311
ViRobot Spyware.SpyEyes.45568 20110311
eTrust-Vet Win32/Kelihos.AZ 20110311
Antiy-AVL 20110309
CAT-QuickHeal 20110311
ClamAV 20110311
Fortinet 20110311
Jiangmin 20110311
Panda 20110311
Prevx 20110311
Rising 20110311
SUPERAntiSpyware 20110311
TheHacker 20110311
VBA32 20110311
VirusBuster 20110310
eSafe 20110310
nProtect 20110215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright Adobe Systems Incorporated 2003

Publisher Adobe Systems Incorporated
Product Lotus Notes Field
Original name Acrofx32.exe
Internal name Lotus Notes Field
File version 6.0.0.0
Description Lotus Notes Field Exchange Module for Adobe Acrobat
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-10 10:42:50
Link date 11:42 AM 3/10/2011
Entry Point 0x00002DD0
Number of sections 5
PE sections
PE imports
CreateToolbarEx
LineTo
SetBkMode
GetTextExtentPoint32A
MoveToEx
CreatePen
GetStockObject
CreateSolidBrush
SelectObject
DeleteObject
GetTcpStatistics
ExitProcess
HeapAlloc
SetFilePointer
HeapFree
CloseHandle
lstrlenA
lstrcatA
ReadFile
lstrcpyA
Sleep
CreateFileW
IsProcessorFeaturePresent
CreateFileA
GetVersionExA
OutputDebugStringA
VirtualAlloc
GetProcessHeap
GetMessageA
GetForegroundWindow
DrawTextA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
AppendMenuA
GetWindowRect
InflateRect
EndPaint
UpdateWindow
PostMessageA
MessageBoxA
AdjustWindowRectEx
TranslateMessage
DialogBoxParamA
FrameRect
GetDC
RegisterClassExA
ReleaseDC
CreatePopupMenu
LoadStringA
GetClientRect
ScreenToClient
SetRect
LoadAcceleratorsA
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
TranslateAcceleratorA
RegisterClassA
GetDesktopWindow
DispatchMessageA
IsMenu
FillRect
DestroyWindow
PtInRect
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 3
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.0.0

UninitializedDataSize
0

LanguageCode
English (Australian)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
36352

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright Adobe Systems Incorporated 2003

FileVersion
6.0.0.0

TimeStamp
2011:03:10 11:42:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Lotus Notes Field

ProductVersion
1.0.0.1

FileDescription
Lotus Notes Field Exchange Module for Adobe Acrobat

OSVersion
5.1

OriginalFilename
Acrofx32.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
8192

ProductName
Lotus Notes Field

ProductVersionNumber
1.0.0.1

EntryPoint
0x2dd0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 81fc09b014617bce59f678374b486512
SHA1 3d92a768f58b2900b98c9f97ce2753d27a4749ae
SHA256 24b23bf7ebd03bf5feb0c637ea1e64661e27c78c66684dd49f074af2b2505bb7
ssdeep
768:8N7GzpM156/PHdjN5IpUTA3otEcNIJy8BX5kMd2OxyltE6X:5z0563hnIpUTAWEcSfX5kMd2OxyltvX

authentihash 095b0243bbf6a02816cba275ab03a06d96c340021348b45225b6769d5906667e
imphash ef9b71e1eb3ca7640d312dba6eb62512
File size 44.5 KB ( 45568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2011-03-10 11:48:17 UTC ( 4 years, 1 month ago )
Last submission 2014-04-10 19:57:30 UTC ( 1 year ago )
File names 81FC09B014617BCE59F678374B486512
81fc09b014617bce59f678374b486512
tmp0001aabf
81fc09b014617bce59f678374b486512
AdobeUtil.exe
00000062
DHL_tracking.exe
JC.zip.exe
DHL_tracking.exe-10mar11.txt
ADBB9C3D000DEC74B2BE003FB7F24B00114C5115.exe
3D92A768F58B2900B98C9F97CE2753D27A4749AE.exe
file-1954213_exe
Acrofx32.exe
Lotus Notes Field
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!