× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 31cd9cd01c86abacdb78c5277bec57464b51a95533084a937b0666007b318dc4
File name: fax-report.exe
Detection ratio: 4 / 48
Analysis date: 2013-12-03 23:27:17 UTC ( 5 years, 5 months ago ) View latest
Antivirus Result Update
Commtouch W32/Trojan.THNK-7376 20131204
F-Prot W32/Trojan3.GRC 20131204
Kaspersky HEUR:Trojan.Win32.Generic 20131203
Rising PE:Malware.FakePDF@CV!1.9C28 20131203
Ad-Aware 20131203
Yandex 20131203
AhnLab-V3 20131203
AntiVir 20131203
Antiy-AVL 20131129
Avast 20131204
AVG 20131203
Baidu-International 20131203
BitDefender 20131203
Bkav 20131129
ByteHero 20131127
CAT-QuickHeal 20131202
ClamAV 20131203
Comodo 20131204
DrWeb 20131204
Emsisoft 20131204
ESET-NOD32 20131203
F-Secure 20131204
Fortinet 20131203
GData 20131204
Ikarus 20131203
Jiangmin 20131203
K7AntiVirus 20131203
K7GW 20131203
Kingsoft 20130829
Malwarebytes 20131203
McAfee 20131203
McAfee-GW-Edition 20131203
Microsoft 20131203
eScan 20131203
NANO-Antivirus 20131203
Norman 20131203
nProtect 20131203
Panda 20131203
Sophos AV 20131203
SUPERAntiSpyware 20131203
Symantec 20131203
TheHacker 20131203
TotalDefense 20131203
TrendMicro 20131204
TrendMicro-HouseCall 20131203
VBA32 20131203
VIPRE 20131204
ViRobot 20131203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-03 20:45:52
Entry Point 0x000012B1
Number of sections 3
PE sections
PE imports
GetStartupInfoA
SetFilePointer
ReadFile
FindClose
CreateFileW
DeleteFileW
GetModuleHandleW
UpdateWindow
RegisterClassExW
PostQuitMessage
GetMessageW
DefWindowProcW
LoadCursorW
CreateWindowExW
TranslateMessage
ShowWindow
PostMessageA
DispatchMessageW
Number of PE resources by type
RT_ICON 1
RT_MENU 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:03 21:45:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4608

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
11264

SubsystemVersion
5.1

EntryPoint
0x12b1

OSVersion
5.1

ImageVersion
1.3

UninitializedDataSize
0

File identification
MD5 4994b23555e039504610298e4be39a91
SHA1 1ab7982128f40c59e2bcd42d62dde4bea72d9911
SHA256 31cd9cd01c86abacdb78c5277bec57464b51a95533084a937b0666007b318dc4
ssdeep
192:d/7HWFoPxAf4aZWvshvmXAb4v5HuLvY+CcMC6EfA02kHgE+/QN:d/7HWFJ4a1oXAsOTMcMJEfQVXQN

authentihash 1c578eaee84168a2aa912807834d7e584b6815114a05ee1f211aaca48c4d7838
imphash 3e262236e65f95b01f5c11555a1db856
File size 16.5 KB ( 16896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-03 21:18:22 UTC ( 5 years, 5 months ago )
Last submission 2015-06-12 11:41:37 UTC ( 3 years, 11 months ago )
File names 31cd9cd01c86abacdb78c5277bec57464b51a95533084a937b0666007b318dc4
fax-report.exe
E-Trade_Tax_Form.exe
e713e0ea2b383a4084eac71e3376321921a0fb21
4994b23555e039504610298e4be39a91.exe
31cd9cd01c86abacdb78c5277bec57464b51a95533084a937b0666007b318dc4.bin
4994b23555e039504610298e4be39a91
007226856
fax-report.ex_
file-6784803_bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!