| SHA256: | 348767d316c83bb47a11e9d7e1f75266a102e0cc4dde1214b7a29509ae0a1735 |
| File name: | documents.zip |
| Detection ratio: | 47 / 59 |
| Analysis date: | 2017-02-16 04:32:06 UTC ( 10 months, 3 weeks ago ) |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Trojan.GenericKD.2254433 | 20170216 |
| AegisLab | Troj.Downloader.W32.Upatre!c | 20170216 |
| AhnLab-V3 | Trojan/Win32.Upatre.R140571 | 20170216 |
| ALYac | Trojan.GenericKD.2254433 | 20170216 |
| Antiy-AVL | Trojan/Win32.SGeneric | 20170215 |
| Arcabit | Trojan.Generic.D226661 | 20170216 |
| Avast | Win32:Injector-COJ [Trj] | 20170216 |
| AVG | Crypt4.FEW | 20170215 |
| Avira (no cloud) | TR/Rogue.15327.ais | 20170215 |
| AVware | Trojan.Win32.Generic!BT | 20170216 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9999 | 20170215 |
| BitDefender | Trojan.GenericKD.2254433 | 20170216 |
| CAT-QuickHeal | TrojanDownloader.Upatre.AA3 | 20170216 |
| ClamAV | Win.Downloader.Upatre-14863 | 20170216 |
| Comodo | TrojWare.Win32.TrojanDownloader.Waski.BADA | 20170216 |
| Cyren | W32/Trojan.EXPI-8283 | 20170216 |
| DrWeb | Trojan.Upatre.160 | 20170216 |
| Emsisoft | Trojan.GenericKD.2254433 (B) | 20170216 |
| ESET-NOD32 | Win32/TrojanDownloader.Waski.F | 20170216 |
| F-Prot | W32/Trojan5.LVV | 20170216 |
| F-Secure | Trojan-Downloader:W32/Upatre.N | 20170216 |
| Fortinet | W32/Uide.A!tr | 20170216 |
| GData | Trojan.GenericKD.2254433 | 20170216 |
| Ikarus | Trojan-Downloader.Win32.Waski | 20170215 |
| Sophos ML | trojandownloader.win32.upatre.az | 20170203 |
| K7AntiVirus | Trojan-Downloader ( 0040fa9a1 ) | 20170215 |
| K7GW | Trojan-Downloader ( 0040fa9a1 ) | 20170216 |
| Kaspersky | Trojan-Downloader.Win32.Upatre.vso | 20170216 |
| Malwarebytes | Trojan.Agent.UPTGen | 20170216 |
| McAfee | Generic.wd | 20170216 |
| McAfee-GW-Edition | BehavesLike.Upatre.lc | 20170215 |
| Microsoft | TrojanDownloader:Win32/Upatre.AZ | 20170215 |
| eScan | Trojan.GenericKD.2254433 | 20170216 |
| NANO-Antivirus | Trojan.Win32.Upatre.efgsdn | 20170216 |
| Panda | Trj/Agent.IVN | 20170215 |
| Rising | Trojan.DL.Win32.Upatre.auo (classic) | 20170216 |
| Sophos AV | Mal/Upatre-R | 20170215 |
| Symantec | Trojan.Gen.8 | 20170215 |
| Tencent | Win32.Trojan-downloader.Upatre.Hnla | 20170216 |
| TheHacker | Trojan/Downloader.Waski.f | 20170215 |
| TrendMicro-HouseCall | TROJ_UPATRE.SMC1 | 20170216 |
| VBA32 | BScope.Malware-Cryptor.Injector | 20170215 |
| VIPRE | Trojan.Win32.Generic!BT | 20170216 |
| ViRobot | Trojan.Win32.S.Agent.12253.A[h] | 20170216 |
| Webroot | Malicious | 20170216 |
| Yandex | Trojan.DL.Upatre! | 20170215 |
| Zillya | Downloader.Upatre.Win32.19883 | 20170215 |
| Alibaba | 20170216 | |
| Bkav | 20170215 | |
| CMC | 20170215 | |
| CrowdStrike Falcon (ML) | 20170130 | |
| Endgame | 20170208 | |
| Jiangmin | 20170216 | |
| Kingsoft | 20170216 | |
| nProtect | 20170216 | |
| Qihoo-360 | 20170216 | |
| SUPERAntiSpyware | 20170216 | |
| TotalDefense | 20170215 | |
| TrendMicro | 20170216 | |
| Trustlook | 20170216 | |
| WhiteArmor | 20170215 | |
| Zoner | 20170216 |
The file being studied is a compressed stream!
More specifically, it is a ZIP file.
Interesting properties
The studied file contains at least one Portable Executable.
Contained files
Compression metadata
Contained files
1
Uncompressed size
29184
Highest datetime
2015-03-27 16:04:26
Lowest datetime
2015-03-27 16:04:26
Contained files by extension
exe
1
Contained files by type
Portable Executable
1
ExifTool file metadata
MIMEType
application/zip
ZipRequiredVersion
788
ZipCRC
0x57373725
FileType
ZIP
ZipCompression
Deflated
ZipUncompressedSize
29184
ZipCompressedSize
12129
FileTypeExtension
zip
ZipFileName
documents.exe
ZipBitFlag
0
ZipModifyDate
2015:03:27 16:04:13
Compressed bundles
File identification
MD5 213ad392275f2fa361658b28cf04823e
SHA1 6d4f480c2d246fddd173f6924bd5a1ec008d06cd
SHA256 348767d316c83bb47a11e9d7e1f75266a102e0cc4dde1214b7a29509ae0a1735
ssdeep
192:D4vinqXKbcqUpSo/2SI5Oq5LSk3Rdhukf/1U9/4KOhaAAi05t7QefUUBtJC6LdFu:D4vinWWISbRBZDN/16AK8vAhcqpFLdrI
File size
12.0 KB ( 12253 bytes )
File type ZIP
Magic literal
Zip archive data, at least v2.0 to extract
| TrID |
ZIP compressed archive (100.0%) |
Tags
contains-pe
attachment
zip
VirusTotal metadata
First submission
2015-03-27 13:58:03 UTC ( 2 years, 9 months ago )
Last submission
2017-01-12 07:05:47 UTC ( 11 months, 3 weeks ago )
| File names |
documents.zip documents.zip.21 documents.zip documents (2).zip Schrozberg_Klickeasy_documents.zip 6D4F480C2D246FDDD173F6924BD5A1EC008D06CD 6d4f480c2d246fddd173f6924bd5a1ec008d06cd.zip documents2.zip documents.zip attachment.zip documents.zip documents (1).zip virus.zip |
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0909.
F-Secure Deepguard
Suspicious:W32/Malware!Online
Symantec reputation
Suspicious.Insight
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!