× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a4421dc79a641cb52da7cb723f24da0bf9a5be29f0a335acf4271be671ef507
File name: facture.exe
Detection ratio: 6 / 44
Analysis date: 2012-10-13 09:46:51 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
AntiVir TR/Dropper.Gen8 20121012
DrWeb BackDoor.IRC.NgrBot.42 20121013
Emsisoft Trojan.Win32.Yakes!IK 20120919
ESET-NOD32 a variant of Win32/Injector.XQJ 20121013
Ikarus Trojan.Win32.Yakes 20121013
Panda Suspicious file 20121013
Yandex 20121012
AhnLab-V3 20121012
Antiy-AVL 20121012
Avast 20121013
AVG 20121013
BitDefender 20121013
ByteHero 20121011
CAT-QuickHeal 20121013
ClamAV 20121012
Commtouch 20121013
Comodo 20121013
eSafe 20121009
F-Prot 20121013
F-Secure 20121003
Fortinet 20121013
GData 20121013
Jiangmin 20121013
K7AntiVirus 20121012
Kaspersky 20121013
Kingsoft 20121008
McAfee 20121013
McAfee-GW-Edition 20121013
Microsoft 20121013
eScan 20121013
Norman 20121012
nProtect 20121013
PCTools 20121013
Rising 20121012
Sophos AV 20121013
SUPERAntiSpyware 20121013
Symantec 20121013
TheHacker 20121009
TotalDefense 20121012
TrendMicro 20121013
TrendMicro-HouseCall 20121013
VBA32 20121012
VIPRE 20121013
ViRobot 20121013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-10 19:57:46
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 8aa3cc8f2622cbe12e6c7b8eaf74bf08
File type data
Offset 182784
Size 512
Entropy 7.54
PE imports
PrintDlgA
ReplaceTextA
FindTextA
PageSetupDlgA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
VirtualProtect
RtlZeroMemory
GetModuleFileNameA
GetModuleHandleA
ExitProcess
SendMessageA
DialogBoxParamA
EndDialog
Number of PE resources by type
RT_DIALOG 539
Number of PE resources by language
ARABIC NEUTRAL 538
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:10:10 20:57:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1536

LinkerVersion
5.12

EntryPoint
0x1000

InitializedDataSize
180224

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c4084ad31427a557072f1de4da5cf80c
SHA1 d99578f5c147a4edbdabefca6fe38332ea631cf0
SHA256 3a4421dc79a641cb52da7cb723f24da0bf9a5be29f0a335acf4271be671ef507
ssdeep
3072:ucnXuEf86YFPSg4QARC0mPDE/uQiG+GYCvhF86/qud9XjAjhnhsDqa8cz+EO+Mf3:zXVQFPS0ARC7E/xHmWj8jhyWc6MwdH/J

authentihash 205f721750f194f2097c12cf9075dace77052e3282dcbffbfab5a1d1626c8375
imphash a7efd71b90c90857efd19907c1ed5f15
File size 179.0 KB ( 183296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-10-13 09:46:51 UTC ( 6 years, 3 months ago )
Last submission 2017-12-06 17:39:10 UTC ( 1 year, 1 month ago )
File names c4084ad31427a557072f1de4da5cf80c
smona_3a4421dc79a641cb52da7cb723f24da0bf9a5be29f0a335acf4271be671ef507.bin
facture.exe
YnLrx.chm
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications