× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3cb059a2109de6a4dfab3a3ab6bc6c0179e6c5a3e381bebced27e8fc496ba70c
File name: TP09bis - Packet Tracer - Config des routes statiques et par defa...
Detection ratio: 55 / 56
Analysis date: 2016-06-22 13:44:31 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7952044 20160622
AegisLab W32.W.Mabezat.li99 20160622
AhnLab-V3 Worm/Win32.Mabezat.N110037217 20160622
ALYac Trojan.Generic.7952044 20160622
Antiy-AVL Worm/Win32.Mabezat.b 20160622
Arcabit Trojan.Generic.D7956AC 20160622
Avast Win32:Agent-AVCE [Trj] 20160622
AVG Generic_r.NV 20160622
Avira (no cloud) W32/Mabezat.B 20160622
AVware Worm.Win32.Mabezat.b (v) 20160622
Baidu Win32.Worm.Mabezat.b 20160622
Baidu-International Trojan.Win32.Obfuscator.gen 20160614
BitDefender Trojan.Generic.7952044 20160622
Bkav W32.Pharoh.Worm 20160622
CAT-QuickHeal W32.Mabezat.Dr 20160622
ClamAV Win.Trojan.Mabezat-1 20160622
CMC Worm.Win32.Mabezat!O 20160620
Comodo Worm.Win32.Mabezat.b 20160622
Cyren W32/Mabezat.FRWO-1177 20160622
DrWeb Win32.HLLW.Tazebama 20160622
Emsisoft Trojan.Generic.7952044 (B) 20160622
ESET-NOD32 Win32/Mabezat.A 20160622
F-Prot W32/Mabezat.A 20160622
F-Secure Trojan.Generic.7952044 20160622
Fortinet W32/Mabezat.B!worm 20160622
GData Trojan.Generic.7952044 20160622
Ikarus Worm.Win32.Mabezat 20160622
Jiangmin Trojan/Mabezat.g 20160622
K7AntiVirus Virus ( 000ad08b1 ) 20160622
K7GW Virus ( 000ad08b1 ) 20160622
Kaspersky Worm.Win32.Mabezat.b 20160622
Kingsoft Win32.Mabezat.b.1038191 20160622
Malwarebytes Trojan.Dropper.FW 20160622
McAfee W32/Mabezat 20160622
McAfee-GW-Edition BehavesLike.Win32.Mabezat.cc 20160622
Microsoft Virus:Win32/Mabezat.B 20160622
eScan Trojan.Generic.7952044 20160622
NANO-Antivirus Virus.Win32.Mabezat.kfroy 20160622
nProtect Worm/W32.Mabezat 20160622
Panda W32/Mabezat.C.worm 20160622
Qihoo-360 VirusOrg.Win32.Mabezet.B 20160622
Sophos AV W32/Mabezat-B 20160622
SUPERAntiSpyware Trojan.Agent/Gen-VirutZ 20160622
Symantec W32.Mabezat.B 20160622
Tencent Trojan.Win32.Mabezat.a 20160622
TheHacker Trojan/Genome.hpoz 20160621
TotalDefense Win32/Mabezat.B!Dropper 20160622
TrendMicro PE_MABEZAT.B-O 20160622
TrendMicro-HouseCall PE_MABEZAT.B-O 20160622
VBA32 Trojan.Win32.Mabezat.a 20160621
VIPRE Worm.Win32.Mabezat.b (v) 20160622
ViRobot Worm.Win32.Mabezat.154751[h] 20160622
Yandex Trojan.Agent!SsOQElNIyi0 20160621
Zillya Worm.MabezatGen.Win32.3 20160622
Zoner Win32.Mabezat.B 20160622
Alibaba 20160622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-29 06:17:05
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 8e1be6972034709850d36afaf8b14416
File type data
Offset 73216
Size 82385
Entropy 6.75
PE imports
GetStartupInfoA
HeapFree
GetModuleHandleA
ExitProcess
HeapAlloc
GetCommandLineA
GetTickCount
LoadLibraryA
HeapReAlloc
GetProcAddress
GetProcessHeap
rename
__CxxFrameHandler
memset
strstr
abs
rand
strlen
srand
strcat
memcpy
strcpy
memcmp
isdigit
_EH_prolog
isspace
strncpy
strcmp
MessageBoxA
wvsprintfA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CATALAN NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:10:29 07:17:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53760

LinkerVersion
6.0

EntryPoint
0x1000

InitializedDataSize
72192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ee04afb974c74e2a27f96592a68d78d7
SHA1 bbbbea33e1ffdae32c621814c000b4e79b75364e
SHA256 3cb059a2109de6a4dfab3a3ab6bc6c0179e6c5a3e381bebced27e8fc496ba70c
ssdeep
3072:q82i6ByyHu1DMUnQlgDc0DM2jxTT8st5iwpYFEea0rNk:9BnQlgn79X8S5dYo06

authentihash ffb7f0d8cb6dd8cecba2a41b44838d96684bd5924ac8ceb9178c4e03e19c972d
imphash 6039c26165040db47e28057ca34786ef
File size 152.0 KB ( 155601 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe usb-autorun overlay

VirusTotal metadata
First submission 2014-03-04 03:58:18 UTC ( 5 years, 2 months ago )
Last submission 2016-06-22 13:44:31 UTC ( 2 years, 11 months ago )
File names TP01 -Decouverte de Packet Tracer.doc .exe
recibo de pago 300.doc .exe
BONDE GALAVILLA SOL.doc .exe
TP09bis - Packet Tracer - Config des routes statiques et par defaut.doc .exe
TD - Adressage IP.doc .exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.