× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 380105cfefa8ec7a924ac6796abf1e9543e78eefb75fbfaa06157299fc1ef1fa
File name: Bankline_Password_reset_AQ004PR7.exex
Detection ratio: 4 / 57
Analysis date: 2015-04-22 12:23:20 UTC ( 2 years ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Generic.pak!cobra 20150422
McAfee BackDoor-FCNO!B40BC978588A 20150422
Tencent Trojan.Win32.Qudamah.Gen.3 20150422
VIPRE Trojan.Win32.Generic.pak!cobra 20150422
Ad-Aware 20150422
AegisLab 20150422
Yandex 20150421
AhnLab-V3 20150421
Alibaba 20150422
ALYac 20150422
Antiy-AVL 20150422
Avast 20150422
AVG 20150422
Avira (no cloud) 20150422
Baidu-International 20150421
BitDefender 20150422
Bkav 20150422
ByteHero 20150422
CAT-QuickHeal 20150422
ClamAV 20150422
CMC 20150421
Comodo 20150422
Cyren 20150422
DrWeb 20150422
Emsisoft 20150422
ESET-NOD32 20150422
F-Prot 20150422
F-Secure 20150422
Fortinet 20150422
GData 20150422
Ikarus 20150422
Jiangmin 20150421
K7AntiVirus 20150422
K7GW 20150422
Kaspersky 20150422
Kingsoft 20150422
Malwarebytes 20150422
McAfee-GW-Edition 20150422
Microsoft 20150422
eScan 20150422
NANO-Antivirus 20150422
Norman 20150422
nProtect 20150422
Panda 20150422
Qihoo-360 20150422
Rising 20150422
Sophos 20150422
SUPERAntiSpyware 20150422
Symantec 20150422
TheHacker 20150421
TotalDefense 20150422
TrendMicro 20150422
TrendMicro-HouseCall 20150422
VBA32 20150422
ViRobot 20150422
Zillya 20150421
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-22 11:36:23
Entry Point 0x00006537
Number of sections 5
PE sections
Overlays
MD5 0b6745fdf50e9c4c9ad32adc8f7cf754
File type data
Offset 88576
Size 33270
Entropy 7.99
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
lstrcmpA
DeleteCriticalSection
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
DragAcceptFiles
ExtractIconA
EmptyClipboard
DrawStateA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:22 12:36:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
58368

LinkerVersion
10.0

EntryPoint
0x6537

InitializedDataSize
29184

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b40bc978588aea7c002927f5d0a8ad2e
SHA1 cb5a240578ff4b36e20262c3677fed185180387c
SHA256 380105cfefa8ec7a924ac6796abf1e9543e78eefb75fbfaa06157299fc1ef1fa
ssdeep
1536:mWjCxeYaMbTNoDFAeSj1nTBMnqtAGkYHZAxnMPk5VreppOUKEBkD/P+8NL5:1jCxBLnNo1k9BzfHZAxZqzz365

authentihash 484ee887a6943cd62cd5b3293800962fbebf0e3254247265d9b4270314b81ccc
imphash 49c522562e7c80b26a2dd8f0d56df5d6
File size 119.0 KB ( 121846 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-22 12:22:51 UTC ( 2 years ago )
Last submission 2015-04-28 09:15:42 UTC ( 2 years ago )
File names Form.exe
b40bc978588aea7c002927f5d0a8ad2e.exe
b40bc978588aea7c002927f5d0a8ad2e.1
Bankline_Password_reset_AQ004PR7.exex
380105CFEFA8EC7A924AC6796ABF1E9543E78EEFB75FBFAA06157299FC1EF1FA.EXE
--.exe--
Form.bin
Bankline_Password_reset_AQ004PR7.exe
Internal.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs