× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c2bc39d818490ac95cdaa67ff464e1a3680404e8729bff5f4481629ddb352bb
File name: Elektroniczne Obraz Faktura_9488749388.06.14.pdf.exe
Detection ratio: 2 / 51
Analysis date: 2014-06-04 12:33:26 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140604
Sophos AV Mal/Generic-S 20140604
Ad-Aware 20140604
AegisLab 20140604
Yandex 20140602
AhnLab-V3 20140604
AntiVir 20140604
Antiy-AVL 20140604
AVG 20140604
Baidu-International 20140604
BitDefender 20140604
Bkav 20140604
ByteHero 20140604
CAT-QuickHeal 20140604
ClamAV 20140603
CMC 20140604
Commtouch 20140604
Comodo 20140604
DrWeb 20140604
Emsisoft 20140604
ESET-NOD32 20140604
F-Prot 20140604
F-Secure 20140604
Fortinet 20140604
GData 20140604
Ikarus 20140604
K7AntiVirus 20140603
K7GW 20140603
Kaspersky 20140604
Kingsoft 20140604
Malwarebytes 20140604
McAfee 20140604
McAfee-GW-Edition 20140603
Microsoft 20140604
eScan 20140604
NANO-Antivirus 20140604
Norman 20140604
nProtect 20140604
Panda 20140604
Qihoo-360 20140604
Rising 20140603
SUPERAntiSpyware 20140604
Symantec 20140604
Tencent 20140604
TheHacker 20140602
TotalDefense 20140603
TrendMicro 20140604
TrendMicro-HouseCall 20140604
VBA32 20140604
VIPRE 20140604
ViRobot 20140604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-01-13 18:50:17
Entry Point 0x0000408E
Number of sections 5
PE sections
PE imports
LocalAlloc
LocalFree
GetModuleHandleA
WideCharToMultiByte
GetStartupInfoA
GetFileSize
lstrlenA
OpenProcess
GetLastError
CreateFileW
InterlockedDecrement
MultiByteToWideChar
CloseHandle
ReadFile
GetCurrentProcessId
FormatMessageA
Ord(1775)
Ord(3998)
Ord(4080)
Ord(2362)
Ord(4710)
Ord(3597)
Ord(939)
Ord(3136)
Ord(693)
Ord(2124)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5953)
Ord(5290)
Ord(2446)
Ord(815)
Ord(922)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4402)
Ord(4425)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(941)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(2293)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(6907)
Ord(567)
Ord(4424)
Ord(540)
Ord(6007)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(4224)
Ord(2294)
Ord(1601)
Ord(1727)
Ord(3370)
Ord(823)
Ord(2642)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(6663)
Ord(3147)
Ord(6375)
Ord(2370)
Ord(2366)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(3301)
Ord(5065)
Ord(4407)
Ord(3097)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(6052)
Ord(2818)
Ord(4160)
Ord(4376)
Ord(1776)
Ord(2582)
Ord(324)
Ord(3830)
Ord(2385)
Ord(4278)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(6569)
Ord(4277)
Ord(2784)
Ord(4622)
Ord(561)
Ord(2302)
Ord(924)
Ord(4486)
Ord(3640)
Ord(4698)
Ord(926)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
__p__fmode
_acmdln
??1type_info@@UAE@XZ
__getmainargs
__dllonexit
_except_handler3
_mbscmp
_onexit
wcslen
exit
_XcptFilter
__setusermatherr
_controlfp
_adjust_fdiv
__CxxFrameHandler
_CxxThrowException
__p__commode
wcscat
_wfopen
calloc
atof
memcpy
_setmbcp
_initterm
_exit
__set_app_type
VariantChangeType
VariantClear
SysAllocString
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
GetModuleFileNameExW
wsprintfA
GetSystemMetrics
LoadIconA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
AppendMenuA
CoCreateInstance
CoInitialize
OleRun
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_DIALOG 1
RT_VXD 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE SIMPLIFIED 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:01:13 19:50:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

Warning
Error processing PE data dictionary

EntryPoint
0x408e

InitializedDataSize
73728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8508b1e9846b267f610f54d665f6f7a6
SHA1 774e68a3511bbb4219fa8898fd3d1e95cf83c804
SHA256 2c2bc39d818490ac95cdaa67ff464e1a3680404e8729bff5f4481629ddb352bb
ssdeep
1536:fvMif/rgCY8+uM6lR9K/PAQwna09E3f88RXuiS0pnua5fTo:fv9fkCY8+uM6lcAQwaxfF9jS0FuaZo

authentihash e593f1a1aefc4fd8206a2a6585f893bb2fa8e3555d57d9e4fa7f6f96eaae0cfe
imphash a657f22fac25c2652897095ac48d6745
File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-04 08:32:54 UTC ( 4 years, 10 months ago )
Last submission 2015-06-12 12:30:22 UTC ( 3 years, 10 months ago )
File names 008131281
file-7069316_exe
Bez-nazwy-490100_1.JPG.exe
Elektroniczne Obraz Faktura_9488749388.06.14.pdf.exe
Elektroniczne Obraz Faktura_9488749388.06.14.pdf.ex
alg.exe
Elektroniczne Obraz Faktura_9488749388.06.14.pdf
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.