× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3600343e88ed906ba83dd123c226b0ab0878d54c88983d3a7e4a0bbf9a1d957c
File name: invoiceE76TI8Q77G9OGH2YMB.PDF.exe
Detection ratio: 5 / 46
Analysis date: 2013-08-22 13:54:29 UTC ( 5 years, 9 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/TrojanDownloader.Onkods.G 20130822
Ikarus Trojan-Spy.Zbot 20130822
Kaspersky Trojan-Spy.Win32.Zbot.otpx 20130822
Sophos AV Mal/Generic-S 20130822
TrendMicro-HouseCall TROJ_GEN.F0D1H0ZHM13 20130822
Yandex 20130821
AhnLab-V3 20130822
AntiVir 20130822
Antiy-AVL 20130822
Avast 20130822
AVG 20130822
BitDefender 20130822
ByteHero 20130814
CAT-QuickHeal 20130822
ClamAV 20130822
Commtouch 20130822
Comodo 20130822
DrWeb 20130822
Emsisoft 20130822
F-Prot 20130822
F-Secure 20130822
Fortinet 20130822
GData 20130822
Jiangmin 20130822
K7AntiVirus 20130821
K7GW 20130821
Kingsoft 20130723
Malwarebytes 20130822
McAfee 20130822
McAfee-GW-Edition 20130822
Microsoft 20130822
eScan 20130822
NANO-Antivirus 20130822
Norman 20130822
nProtect 20130822
Panda 20130822
PCTools 20130822
Rising 20130822
SUPERAntiSpyware 20130822
Symantec 20130822
TheHacker 20130822
TotalDefense 20130821
TrendMicro 20130822
VBA32 20130822
VIPRE 20130822
ViRobot 20130822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command NSIS
F-PROT NSIS
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-23 09:02:52
Entry Point 0x00008AD6
Number of sections 4
PE sections
PE imports
AreAnyAccessesGranted
DeleteAce
ControlService
AllocateLocallyUniqueId
GetStartupInfoA
GetModuleHandleA
Sleep
GetTickCount
DeleteFileW
LoadLibraryA
GetProcAddress
_adjust_fdiv
__p__fmode
malloc
srand
_except_handler3
_acmdln
_exit
__p__commode
memset
sprintf
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
rand
_controlfp
__set_app_type
PE exports
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:23 10:02:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
40960

SubsystemVersion
4.0

EntryPoint
0x8ad6

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 793d9faf13c32a0481caeba9a399648e
SHA1 9c61f2d3c4d2b9d3eeb241a1e9d22c2dc8940dbc
SHA256 3600343e88ed906ba83dd123c226b0ab0878d54c88983d3a7e4a0bbf9a1d957c
ssdeep
384:1wwwwRRqwwwwFzzzzzzzzzzzGzzzzzzzzzzzJzzzzzzzzzzz/zzzzzzzzzzzPzzV:3HXOuTXr

authentihash 78ea3a6f4a3afa97851e0200c89651e82a41c57e848861d085565645dd5f42d5
imphash b29732b4b0f0dfd85fb9696f9f771cea
File size 76.0 KB ( 77824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo attachment

VirusTotal metadata
First submission 2013-08-22 10:54:39 UTC ( 5 years, 9 months ago )
Last submission 2017-12-06 17:35:15 UTC ( 1 year, 5 months ago )
File names comendo-92-1377176702
malekal_793d9faf13c32a0481caeba9a399648e
file-5864755_exe
793d9faf13c32a0481caeba9a399648e
invoiceE76TI8Q77G9OGH2YMB.PDF.exe.virus
invoiceTI8Q78G9OEH2YMB.PDF.exe
comendo-92-1377176703
invoiceE76TI8Q77G9OGH2YMB.PDF.exe
comendo-92
invoiceE76TI8Q77G9OGH2YMB_PDF_exe
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products MSDN Disc 3498 (Microsoft)
MSDN Disc 2464.5 (Microsoft)
File names fxssvc.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!