× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 53f7a756dd98e0abd5efb0238486059002212f9585ce7d42d7b2527d1e4ae1cd
File name: 12.exe
Detection ratio: 4 / 55
Analysis date: 2015-07-15 11:06:26 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.HDC 20150715
McAfee Artemis!596232E43173 20150715
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20150715
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150713
Ad-Aware 20150715
AegisLab 20150715
Yandex 20150713
Alibaba 20150715
ALYac 20150715
Antiy-AVL 20150715
Arcabit 20150715
Avast 20150715
AVG 20150715
Avira (no cloud) 20150715
AVware 20150715
Baidu-International 20150715
BitDefender 20150715
Bkav 20150715
ByteHero 20150715
CAT-QuickHeal 20150715
ClamAV 20150715
Comodo 20150715
Cyren 20150715
DrWeb 20150715
Emsisoft 20150715
ESET-NOD32 20150715
F-Prot 20150714
F-Secure 20150715
Fortinet 20150715
GData 20150715
Ikarus 20150715
Jiangmin 20150714
K7AntiVirus 20150715
K7GW 20150715
Kaspersky 20150715
Kingsoft 20150715
Malwarebytes 20150715
Microsoft 20150715
eScan 20150715
NANO-Antivirus 20150715
nProtect 20150715
Panda 20150715
Qihoo-360 20150715
Sophos AV 20150715
SUPERAntiSpyware 20150715
Symantec 20150715
Tencent 20150715
TheHacker 20150713
TrendMicro 20150715
TrendMicro-HouseCall 20150715
VBA32 20150715
VIPRE 20150715
ViRobot 20150715
Zillya 20150715
Zoner 20150715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2006 Microsoft Corporation. All rights reserved.

Product 2007 Microsoft Office system
Original name SetLang.Exe
Internal name SetLang
File version 12.0.6606.1000
Description 2007 Microsoft Office component
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-15 09:50:10
Entry Point 0x00017850
Number of sections 4
PE sections
PE imports
CopySid
InitializeAcl
RegSetKeySecurity
AddAuditAccessObjectAce
GetSecurityDescriptorGroup
RegOpenKeyExW
LookupAccountNameW
ConvertSidToStringSidW
GetTokenInformation
GetSecurityDescriptorDacl
DeregisterEventSource
OpenThreadToken
GetSecurityDescriptorSacl
IsValidAcl
CryptEncrypt
RegCreateKeyExW
AddAccessDeniedAce
RegQueryValueExA
OpenServiceW
LookupPrivilegeValueW
LsaNtStatusToWinError
GetAclInformation
RegQueryValueExW
CryptImportKey
SetSecurityDescriptorDacl
CloseServiceHandle
GetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterEventSourceW
AddAccessAllowedAce
AddAccessAllowedObjectAce
CryptDeriveKey
CryptVerifySignatureW
CryptDecrypt
CreateProcessAsUserW
RegDeleteValueW
LogonUserW
RegSetValueExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
InitializeSecurityDescriptor
AddAuditAccessAceEx
EqualSid
SetThreadToken
AddAce
CryptDestroyKey
RegCloseKey
LookupAccountSidW
AccessCheck
AddAccessDeniedAceEx
DeleteService
CryptCreateHash
RegGetKeySecurity
ChangeServiceConfig2W
OpenProcessToken
LsaClose
SetFileSecurityW
CreateServiceW
CryptReleaseContext
RegisterServiceCtrlHandlerW
AddAccessDeniedObjectAce
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
MapGenericMask
RegEnumValueW
RevertToSelf
SetSecurityDescriptorControl
FreeSid
MakeSelfRelativeSD
AllocateAndInitializeSid
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
GetSecurityDescriptorControl
GetAce
AdjustTokenPrivileges
ControlService
RegDeleteKeyW
CryptHashData
LsaOpenPolicy
RegOpenKeyA
ConvertStringSidToSidW
MakeAbsoluteSD
RegConnectRegistryW
RegEnumKeyW
GetSecurityDescriptorOwner
DuplicateTokenEx
DeleteAce
SetServiceStatus
RegQueryInfoKeyW
AddAccessAllowedAceEx
GetLengthSid
LsaAddAccountRights
OpenSCManagerW
ReportEventW
StartServiceCtrlDispatcherW
SetSecurityDescriptorGroup
CreatePatternBrush
EndDoc
EndPath
FileTimeToDosDateTime
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetLocaleInfoA
LocalAlloc
GetSystemDirectoryW
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
IsDBCSLeadByteEx
WideCharToMultiByte
LoadLibraryW
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
FreeLibrary
LocalFree
FormatMessageW
GetThreadPriority
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
RemoveDirectoryW
HeapAlloc
FlushViewOfFile
lstrcmpiW
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
FindNextChangeNotification
GetModuleHandleA
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
CreateMutexW
TerminateProcess
FindCloseChangeNotification
GlobalAlloc
CreateEventW
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
LoadLibraryA
GlobalSize
GetWindowsDirectoryW
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
GetShortPathNameW
VirtualAllocEx
lstrlenA
GlobalFree
FindResourceW
GlobalUnlock
IsDBCSLeadByte
lstrlenW
FindFirstChangeNotificationW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
GetACP
GlobalLock
GetModuleHandleW
GetFileAttributesExW
CompareFileTime
UnmapViewOfFile
GetTempPathW
Sleep
CompareStringA
Shell_NotifyIconW
StrStrIW
StrChrA
GetSystemMetrics
PeekMessageW
PostThreadMessageW
GetMessageW
CharUpperW
CharNextA
LoadStringW
LoadCursorW
GetDC
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CharNextW
DispatchMessageW
_purecall
__p__fmode
malloc
_wcmdln
__wgetmainargs
_tempnam
realloc
wcschr
__dllonexit
_stricmp
swprintf
remove
_vsnwprintf
_cexit
_wcsdup
_c_exit
_errno
__p__commode
_open
_onexit
wcslen
wcscmp
exit
_XcptFilter
_ftol
__setusermatherr
wcsncpy
wcsrchr
_close
_adjust_fdiv
__CxxFrameHandler
_wcsicmp
_lseek
_wcsnicmp
iswcntrl
free
wcscat
_CxxThrowException
__doserrno
_except_handler3
_write
_exit
_strnicoll
memmove
_read
swscanf
wcscpy
_beginthreadex
iswspace
_initterm
_controlfp
__set_app_type
memchr
_wtoi
CreateStreamOnHGlobal
StgCreateStorageEx
CoUninitialize
CoTaskMemAlloc
CoRevokeClassObject
GetHGlobalFromStream
CoCreateGuid
CoTaskMemRealloc
CoSuspendClassObjects
StgOpenStorageEx
CoInitializeSecurity
StringFromCLSID
CLSIDFromString
CoRegisterClassObject
CoCreateInstanceEx
CoInitializeEx
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
CoGetCallContext
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ARABIC SAUDI ARABIA 7
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
51200

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.0.6606.1000

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
2007 Microsoft Office component

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
9.0

EntryPoint
0x17850

OriginalFileName
SetLang.Exe

MIMEType
application/octet-stream

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

PEType
PE32

FileVersion
12.0.6606.1000

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2015:07:15 10:50:10+01:00

FileType
Win32 EXE

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

InternalName
SetLang

ProductVersion
12.0.6606.1000

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
94720

ProductName
2007 Microsoft Office system

ProductVersionNumber
12.0.6606.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 596232e4317342585f7d8c5dace49838
SHA1 f8e3ae1df748a8bd29ba75d69392133f77545426
SHA256 53f7a756dd98e0abd5efb0238486059002212f9585ce7d42d7b2527d1e4ae1cd
ssdeep
3072:/In2QqImGj4AhmYtai7iEXhJmWSlGpQgS0TVEDoPzrg4Ytk3:/FQqjGkAh9iEXhJHSlGpQKzrgj

authentihash 682045df764649e90d7600d738d7ec075f93b5feb3cd132c4075e26d0e4ee3a0
imphash 66b58e82c11767f58cc1262c4f9034eb
File size 143.0 KB ( 146432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-15 10:08:33 UTC ( 3 years, 10 months ago )
Last submission 2018-10-04 17:11:08 UTC ( 7 months, 3 weeks ago )
File names rubsbubs.exe
SetLang
2015-09-17_53f7a756dd98e0abd5efb0238486059002212f9585ce7d42d7b2527d1e4ae1cd
eruoaiejgrepg.Min3r0s
fB8Hb3DVqg.xml
596232e4317342585f7d8c5dace49838.exe
47 (1).exe
596232e4317342585f7d8c5dace49838.vir
47.exe
12.exe
53f7a756dd98e0abd5efb0238486059002212f9585ce7d42d7b2527d1e4ae1cd.exe
SetLang.Exe
rubsbubs.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections