× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50d9d0473ff255a0212d061ce517d67347d65771c8bbbafb72319c5307db93d7
File name: docprof_vdi.doc ...
Detection ratio: 51 / 55
Analysis date: 2014-10-07 09:00:16 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Win32.Worm.Mabezat.S 20141007
Yandex Worm.Mabezat.A 20141006
AhnLab-V3 HEUR/Fakon.mow 20141006
Antiy-AVL Worm/Win32.Mabezat.b 20141007
Avast Win32:Mabezat-AM [Trj] 20141007
AVG Generic_r.NV 20141007
Avira (no cloud) Worm/Mabezat.b 20141007
AVware Worm.Win32.Mabezat.b (v) 20141007
Baidu-International Worm.Win32.Mabezat.Apq 20141007
BitDefender Win32.Worm.Mabezat.S 20141007
Bkav W32.Pharoh.Worm 20141006
CAT-QuickHeal W32.Mabezat.Dr 20141007
ClamAV W32.Mabezat-2 20141007
CMC Worm.Win32.Mabezat!O 20141004
Comodo Worm.Win32.Mabezat.b 20141007
Cyren W32/Mabezat.FRWO-1177 20141007
Emsisoft Win32.Worm.Mabezat.S (B) 20141007
ESET-NOD32 Win32/Mabezat.A 20141007
F-Prot W32/Mabezat.A 20141007
F-Secure Win32.Worm.Mabezat.S 20141007
Fortinet W32/Mabezat.B!worm 20141007
GData Win32.Worm.Mabezat.S 20141007
Ikarus Trojan.Win32.Genome 20141007
Jiangmin Trojan/Mabezat.j 20141006
K7AntiVirus Virus ( 000ad08b1 ) 20141006
K7GW Virus ( 000ad08b1 ) 20141006
Kaspersky Worm.Win32.Mabezat.b 20141007
Kingsoft Win32.Mabezat.b.1038191 20141007
Malwarebytes Trojan.Dropper.FW 20141007
McAfee W32/Mabezat 20141007
McAfee-GW-Edition BehavesLike.Win32.Mabezat.ch 20141007
Microsoft Virus:Win32/Mabezat.B 20141007
eScan Win32.Worm.Mabezat.S 20141007
NANO-Antivirus Virus.Win32.Mabezat.kfroy 20141007
Norman Mabezat.B 20141007
nProtect Worm/W32.Mabezat 20141006
Panda W32/Mabezat.C.worm 20141006
Qihoo-360 VirusOrg.Win32.Mabezet.B 20141007
Rising PE:Malware.FakeDOC@CV!1.9C3C 20141006
Sophos AV W32/Mabezat-B 20141007
SUPERAntiSpyware Trojan.Agent/Gen-Worm 20141007
Symantec W32.Mabezat.B 20141007
Tencent Trojan.Win32.Mabezat.a 20141007
TheHacker W32/Mabezat.gen 20141006
TotalDefense Win32/Mabezat.B!Dropper 20141006
TrendMicro PE_MABEZAT.B-O 20141007
TrendMicro-HouseCall PE_MABEZAT.B-O 20141007
VBA32 Trojan.Win32.Mabezat.a 20141006
VIPRE Worm.Win32.Mabezat.b (v) 20141007
ViRobot Worm.Win32.Mabezat.154751 20141007
Zillya Worm.Mabezat.Win32.353 20141006
AegisLab 20141007
ByteHero 20141007
DrWeb 20141004
Zoner 20140929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-29 06:17:05
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
GetStartupInfoA
HeapFree
GetModuleHandleA
ExitProcess
HeapAlloc
GetCommandLineA
GetTickCount
LoadLibraryA
HeapReAlloc
GetProcAddress
GetProcessHeap
rename
__CxxFrameHandler
memset
strstr
abs
rand
strlen
srand
strcat
memcpy
strcpy
memcmp
isdigit
_EH_prolog
isspace
strncpy
strcmp
MessageBoxA
wvsprintfA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CATALAN NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:10:29 07:17:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53760

LinkerVersion
6.0

FileAccessDate
2014:10:07 10:01:17+01:00

EntryPoint
0x1000

InitializedDataSize
78336

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:10:07 10:01:17+01:00

UninitializedDataSize
0

File identification
MD5 8b75d334967327493471edd7f9caa2f6
SHA1 a6d605c19cea78d237df8281d10149d6b2c47c99
SHA256 50d9d0473ff255a0212d061ce517d67347d65771c8bbbafb72319c5307db93d7
ssdeep
3072:O5OgG4pina4fdDIXs92hzf2YZHFmq/ekSDAvyTmn:OQgG4psdDIXsCzeMjI8vL

authentihash b70a08e62f8bbc22cde99b7aa230c7a2ab394527edf7f7badf6d7b6da8131ed8
imphash 6039c26165040db47e28057ca34786ef
File size 157.3 KB ( 161125 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2009-12-03 11:29:23 UTC ( 9 years, 2 months ago )
Last submission 2014-10-07 09:00:16 UTC ( 4 years, 4 months ago )
File names docprof_vdi.doc .exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.