× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28ee7488fd7452c90fab74d54dab4fa97a993459c684496be4dded6b59d45b1d
File name: Copy_of_document_August-05-2014.exe
Detection ratio: 24 / 54
Analysis date: 2014-08-06 16:05:24 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1793534 20140806
AhnLab-V3 Trojan/Win32.Kuluoz 20140806
Avast Win32:Malware-gen 20140806
AVware Trojan.Win32.Kuluoz.dad (v) 20140806
BitDefender Trojan.GenericKD.1793534 20140806
Commtouch W32/Trojan.VKPG-3100 20140806
DrWeb BackDoor.Kuluoz.4 20140806
Emsisoft Trojan.GenericKD.1793534 (B) 20140806
ESET-NOD32 Win32/TrojanDownloader.Zortob.H 20140806
F-Prot W32/Trojan3.JUX 20140806
F-Secure Trojan.GenericKD.1793534 20140806
Fortinet W32/Zortob.H!tr.dldr 20140806
GData Trojan.GenericKD.1793534 20140806
Ikarus Trojan.Win32.Weelsof 20140806
McAfee RDN/Generic Downloader.x!kr 20140806
McAfee-GW-Edition Artemis!1463AAA9B393 20140805
Microsoft TrojanDownloader:Win32/Kuluoz.D 20140806
eScan Trojan.GenericKD.1793534 20140806
nProtect Trojan.GenericKD.1793534 20140806
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140806
Sophos AV Mal/EncPk-AAQ 20140806
Symantec Trojan.Asprox.B 20140806
TrendMicro-HouseCall TROJ_GEN.F0D1H00H514 20140806
VIPRE Trojan.Win32.Kuluoz.dad (v) 20140806
AegisLab 20140806
Yandex 20140805
AntiVir 20140806
Antiy-AVL 20140806
AVG 20140806
Baidu-International 20140806
Bkav 20140806
ByteHero 20140806
CAT-QuickHeal 20140806
ClamAV 20140806
CMC 20140806
Comodo 20140806
Jiangmin 20140806
K7AntiVirus 20140806
K7GW 20140806
Kaspersky 20140806
Kingsoft 20140806
Malwarebytes 20140806
NANO-Antivirus 20140806
Norman 20140806
Panda 20140806
Qihoo-360 20140806
SUPERAntiSpyware 20140804
Tencent 20140806
TheHacker 20140805
TotalDefense 20140806
TrendMicro 20140806
VBA32 20140806
ViRobot 20140806
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-06 05:56:49
Entry Point 0x00004DA5
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LoadLibraryA
LCMapStringW
SetHandleCount
GetSystemInfo
lstrlenA
LoadLibraryW
GlobalFree
GetVersionExW
FreeLibrary
QueryPerformanceCounter
FatalAppExitA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
SizeofResource
CompareFileTime
GetLocaleInfoA
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetStartupInfoW
LeaveCriticalSection
SetFilePointer
GetCPInfo
GetFileAttributesA
TlsFree
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
GetStartupInfoA
CreateFileMappingA
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
GetOEMCP
LocalFree
TerminateProcess
GetEnvironmentStrings
GetModuleFileNameA
LCMapStringA
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
LocalAlloc
SetLastError
InterlockedIncrement
SHFileOperationW
MapWindowPoints
GetMessageA
RegisterClassA
DefWindowProcW
DestroyMenu
DefWindowProcA
GetSystemMetrics
PeekMessageW
DispatchMessageA
EndPaint
ScrollWindowEx
SetMenuItemInfoW
SetActiveWindow
SendMessageW
SetClipboardData
LoadStringW
SetTimer
IsIconic
ScreenToClient
wsprintfA
GetDCEx
GetMenuStringA
GetWindowTextW
GetDesktopWindow
IsWindowUnicode
Ord(134)
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:08:06 06:56:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
7.1

EntryPoint
0x4da5

InitializedDataSize
106496

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1463aaa9b393a1591df049534e9f9ddd
SHA1 a99651ef09a3f63653d3e200ee11c98cdfbf0290
SHA256 28ee7488fd7452c90fab74d54dab4fa97a993459c684496be4dded6b59d45b1d
ssdeep
1536:nrCJJnMJhroocTu4JyYUm9QrFz4ZS4Kx1VWViTDDWl3mKUkeAn:nGJMLrom4JYrFMZx7V8Stm0eA

authentihash 4f9ff58c1ed0fe41bf893a4668275a55629ab1f91821ad4c7c7b381bdb14fa22
imphash e9bace4cb2b931063be3c6b6ddda967c
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-05 20:05:03 UTC ( 3 years, 2 months ago )
Last submission 2014-08-07 23:27:30 UTC ( 3 years, 2 months ago )
File names 1463aaa9b393a1591df049534e9f9ddd
28ee7488fd7452c90fab74d54dab4fa97a993459c684496be4dded6b59d45b1d.exe
Copy_of_document_August-05-2014.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs