× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2512eed6609297c367ad4484a2788e3d49ffa3f44c06b6b30ac4ac3fb5e04ea2
File name: intel.exe
Detection ratio: 48 / 56
Analysis date: 2016-06-24 14:58:45 UTC ( 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39704 20160624
AegisLab Troj.W32.Generic!c 20160624
AhnLab-V3 Spyware/Win32.Zbot.R97713 20160624
ALYac Gen:Variant.Symmi.39704 20160624
Antiy-AVL Trojan/Win32.SGeneric 20160624
Arcabit Trojan.Symmi.D9B18 20160624
Avast Win32:Injector-BQJ [Trj] 20160624
AVG Win32/Cryptor 20160624
Avira (no cloud) TR/Ranapama.A 20160624
AVware Trojan.Win32.Generic!BT 20160624
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160624
Baidu-International Trojan.Win32.Injector.AXPJ 20160614
BitDefender Gen:Variant.Symmi.39704 20160624
CAT-QuickHeal VirTool.Injector.EP5 20160623
ClamAV Win.Trojan.Ranapama-1 20160624
Comodo TrojWare.Win32.Ransom.PornoAsset.CLHL 20160624
Cyren W32/S-99a5150f!Eldorado 20160624
DrWeb Trojan.PWS.Panda.2401 20160624
Emsisoft Gen:Variant.Symmi.39704 (B) 20160624
ESET-NOD32 a variant of Win32/Injector.AXWF 20160624
F-Prot W32/S-99a5150f!Eldorado 20160624
F-Secure Gen:Variant.Symmi.39704 20160624
Fortinet W32/Injector.AZFU!tr 20160624
GData Gen:Variant.Symmi.39704 20160624
Ikarus Trojan.Inject2 20160624
Jiangmin TrojanSpy.Zbot.ebvo 20160624
K7AntiVirus Trojan ( 004ce5441 ) 20160624
K7GW Trojan ( 004ce5441 ) 20160624
Kaspersky HEUR:Trojan.Win32.Generic 20160624
Malwarebytes Trojan.Zbot 20160624
McAfee Generic-FAOP!A339998D06FB 20160624
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dh 20160624
Microsoft VirTool:Win32/Injector.EP 20160624
eScan Gen:Variant.Symmi.39704 20160624
NANO-Antivirus Trojan.Win32.Zbot.ctptgx 20160624
Panda Trj/Genetic.gen 20160624
Qihoo-360 QVM10.1.Malware.Gen 20160624
Sophos Troj/Wonton-P 20160624
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20160624
Symantec Backdoor.Trojan 20160624
Tencent Win32.Trojan-spy.Zbot.Ljtp 20160624
TheHacker Trojan/Injector.axkt 20160624
TrendMicro TSPY_ZBOT.TFZAK 20160624
TrendMicro-HouseCall TSPY_ZBOT.TFZAK 20160624
VBA32 SScope.Worm.Ngrbot.2414 20160624
VIPRE Trojan.Win32.Generic!BT 20160624
Yandex TrojanSpy.Zbot!G+gYOQL3JXk 20160624
Zillya Trojan.Zbot.Win32.148229 20160624
Alibaba 20160624
Bkav 20160623
CMC 20160620
Kingsoft 20160624
nProtect 20160624
TotalDefense 20160624
ViRobot 20160624
Zoner 20160624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Intel corporation Pentium 4
Original name intel.exe
File version 7.0.0.3
Description Intel corporation Pentium 4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-11 01:56:58
Entry Point 0x000036A1
Number of sections 3
PE sections
Overlays
MD5 e8e5c83c675e517578cfbf7929880cec
File type data
Offset 292352
Size 1243
Entropy 7.78
PE imports
CreateCompatibleDC
CreateColorSpaceW
Arc
CombineRgn
CloseFigure
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
GetModuleFileNameA
GetStdHandle
IsProcessorFeaturePresent
GetCommandLineA
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
WriteProfileSectionW
GetProcAddress
AddAtomW
EncodePointer
GetFileType
SetStdHandle
CompareStringW
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetTempFileNameA
GetComputerNameA
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
glMateriali
glColor4iv
glEvalCoord2fv
wglRealizeLayerPalette
glFinish
wglUseFontBitmapsA
glIndexs
glNormal3b
ExtractIconExA
DoEnvironmentSubstA
ExtractAssociatedIconW
ExtractIconExW
ShellExecuteExW
ExtractIconW
SetFocus
SetWindowWord
DefFrameProcW
UpdateWindow
CloseDesktop
DdeConnect
GetKeyboardLayoutList
GetAsyncKeyState
GetWindowInfo
PostMessageW
FrameRect
mmioSeek
joyGetDevCapsA
PlaySoundA
waveOutGetDevCapsA
mixerClose
SymGetLineNext
SymGetModuleInfoW64
SymMatchString
ImageRvaToSection
SymGetLinePrev
SymLoadModuleEx
CoGetInstanceFromFile
StringFromCLSID
GetClassFile
CoBuildVersion
OleDestroyMenuDescriptor
FindMediaType
GetClassFileOrMime
CoInternetGetProtocolFlags
HlinkGoForward
Number of PE resources by type
RT_DIALOG 43
RT_BITMAP 27
RT_HTML 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 72
RUSSIAN 1
SPANISH HONDURAS 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.0.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
241664

EntryPoint
0x36a1

OriginalFileName
intel.exe

MIMEType
application/octet-stream

FileVersion
7.0.0.3

TimeStamp
2014:02:11 02:56:58+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.0.0.3

FileDescription
Intel corporation Pentium 4

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intel Pentium 4

CodeSize
49664

ProductName
Intel corporation Pentium 4

ProductVersionNumber
7.0.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a339998d06fb08eef23a4cf7f46f6528
SHA1 66ac5cc08584d002fc432fedf92942ed04f83e4b
SHA256 2512eed6609297c367ad4484a2788e3d49ffa3f44c06b6b30ac4ac3fb5e04ea2
ssdeep
6144:DeiGTXcxIK5iZf7gxhaJAxFsDhkrvmlMIB32:DeiGImKo9YhaJAxe/32

authentihash c41b70d112e55f54593f0fe3e5234fbd3d2c0c8b33be0fdd5e3233544891570c
imphash f130d9b64f49f8db8c467a78a0a71386
File size 286.7 KB ( 293595 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-02-11 07:29:08 UTC ( 3 years, 1 month ago )
Last submission 2016-06-24 14:58:45 UTC ( 9 months ago )
File names nodokludienestam.doc.scr
nodokludienestam (1).doc.scr
intel.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs