× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 26dfd88fc6bbb40f6ccc9379160a6a65931eab1ba70734ba1f06cb4056cb56e7
File name: invoice.exe
Detection ratio: 3 / 52
Analysis date: 2014-05-13 09:36:39 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/PSW.Fareit.E 20140513
Qihoo-360 HEUR/Malware.QVM20.Gen 20140513
Sophos Mal/Generic-S 20140513
AVG 20140512
Ad-Aware 20140513
AegisLab 20140513
Agnitum 20140513
AhnLab-V3 20140512
AntiVir 20140513
Antiy-AVL 20140513
Avast 20140513
Baidu-International 20140513
BitDefender 20140513
Bkav 20140512
ByteHero 20140513
CAT-QuickHeal 20140513
CMC 20140512
ClamAV 20140513
Commtouch 20140513
Comodo 20140513
DrWeb 20140513
Emsisoft 20140513
F-Prot 20140513
F-Secure 20140513
Fortinet 20140513
GData 20140513
Ikarus 20140513
Jiangmin 20140513
K7AntiVirus 20140513
K7GW 20140513
Kaspersky 20140513
Kingsoft 20140513
Malwarebytes 20140513
McAfee 20140513
McAfee-GW-Edition 20140513
MicroWorld-eScan 20140513
Microsoft 20140513
NANO-Antivirus 20140513
Norman 20140513
Panda 20140512
Rising 20140507
SUPERAntiSpyware 20140513
Symantec 20140513
Tencent 20140513
TheHacker 20140512
TotalDefense 20140512
TrendMicro 20140513
TrendMicro-HouseCall 20140513
VBA32 20140512
VIPRE 20140513
ViRobot 20140513
Zillya 20140512
nProtect 20140512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-30 18:05:42
Link date 7:05 PM 4/30/2014
Entry Point 0x000045DA
Number of sections 4
PE sections
PE imports
GetModuleHandleA
ReadFile
GetFileSize
lstrlenA
GetModuleFileNameW
CreateFileW
GlobalAlloc
lstrcpyA
GetStartupInfoA
CloseHandle
GlobalUnlock
GlobalLock
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2801)
Ord(1830)
Ord(2635)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(4424)
Ord(5237)
Ord(4629)
Ord(5577)
Ord(3350)
Ord(5440)
Ord(6375)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(4897)
Ord(520)
Ord(6215)
Ord(6625)
Ord(3664)
Ord(3597)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(922)
Ord(4940)
Ord(641)
Ord(2494)
Ord(5240)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(6222)
Ord(3454)
Ord(4353)
Ord(4441)
Ord(1134)
Ord(5597)
Ord(4465)
Ord(5836)
Ord(4108)
Ord(5300)
Ord(2379)
Ord(6175)
Ord(2400)
Ord(338)
Ord(4627)
Ord(1168)
Ord(4239)
Ord(3738)
Ord(4853)
Ord(6571)
Ord(2982)
Ord(617)
Ord(6283)
Ord(4526)
Ord(4234)
Ord(5290)
Ord(4368)
Ord(825)
Ord(3081)
Ord(2740)
Ord(5199)
Ord(5710)
Ord(3262)
Ord(4823)
Ord(1746)
Ord(5251)
Ord(2542)
Ord(6383)
Ord(540)
Ord(5076)
Ord(4078)
Ord(4886)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(6376)
Ord(5282)
Ord(4891)
Ord(2117)
Ord(1727)
Ord(344)
Ord(882)
Ord(415)
Ord(2107)
Ord(3172)
Ord(5503)
Ord(2725)
Ord(3874)
Ord(4998)
Ord(5472)
Ord(823)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(5817)
Ord(4696)
Ord(6876)
Ord(5683)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(6282)
Ord(6052)
Ord(924)
Ord(4077)
Ord(6336)
Ord(3748)
Ord(796)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(657)
Ord(5856)
Ord(5065)
Ord(5823)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(4938)
Ord(3663)
Ord(6877)
Ord(4303)
Ord(2396)
Ord(1081)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2558)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(2919)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(3346)
Ord(2764)
Ord(2818)
Ord(5252)
Ord(2626)
Ord(1776)
Ord(858)
Ord(6000)
Ord(4623)
Ord(535)
Ord(5265)
Ord(4238)
Ord(2510)
Ord(3830)
Ord(5103)
Ord(1871)
Ord(2385)
Ord(4341)
Ord(4961)
Ord(4278)
Ord(6930)
Ord(4349)
Ord(2878)
Ord(4586)
Ord(3079)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(6394)
Ord(2399)
Ord(5450)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(2390)
Ord(5302)
Ord(4543)
Ord(324)
Ord(4610)
Ord(2841)
Ord(2879)
Ord(1723)
Ord(4486)
Ord(715)
Ord(5605)
Ord(529)
Ord(4698)
Ord(6928)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(296)
Ord(879)
Ord(5061)
Ord(4858)
Ord(5307)
Ord(4432)
Ord(5740)
Ord(4242)
Ord(1825)
Ord(860)
Ord(5731)
__p__fmode
malloc
_acmdln
__getmainargs
__dllonexit
fopen
_except_handler3
?terminate@@YAXXZ
_mbscmp
_onexit
exit
_XcptFilter
__setusermatherr
__p__commode
__CxxFrameHandler
_adjust_fdiv
_wfopen
atof
_controlfp
_setmbcp
_initterm
_exit
__set_app_type
IsCharAlphaNumericA
EmptyClipboard
EnableWindow
SetClipboardData
UpdateWindow
SendMessageA
IsCharAlphaA
CloseClipboard
OpenClipboard
Number of PE resources by type
RT_STRING 13
RT_ICON 1
Struct(15) 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 16
NEUTRAL 4
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:04:30 19:05:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
11.0

Warning
Possibly corrupt Version resource

EntryPoint
0x45da

InitializedDataSize
65536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 57b83c8e86591dedd1f7a626bf97eff9
SHA1 663deee1a8e85280af0bdcc96bbee16913548db0
SHA256 26dfd88fc6bbb40f6ccc9379160a6a65931eab1ba70734ba1f06cb4056cb56e7
ssdeep
1536:s5J6f9YfW8THTxY0tTypQhgy2HcPscxkFiTWyWnDoMLDTD:clFdopB5ysvFiRyJLDTD

authentihash 39628d39a87cc7a398925191c97ac19e28f9a169339588deec1510fb1f3fa515
imphash a3f87eff9abad9e03753d6d020e7a678
File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-13 06:28:06 UTC ( 1 year, 1 month ago )
Last submission 2015-06-12 12:26:59 UTC ( 2 weeks, 6 days ago )
File names 008032896
57b83c8e86591dedd1f7a626bf97eff9
invoice_65476859394857_pdf.exe.dead
57b83c8e86591dedd1f7a626bf97eff9.malware
57b83c8e86591dedd1f7a626bf97eff9.exe
invoice_65476859394857_pdf.exe
vti-rescan
57b83c8e86591dedd1f7a626bf97eff9
c-3cf84-3666-1399962482
invoice.exe
WL-0fd2358e4c643ffed69d1c055895af66-0
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!