× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5e891656d7a02ce56fee01d885022141624f55802cdfe64d8cd45fea82518a54
File name: IRS document.exe
Detection ratio: 23 / 42
Analysis date: 2011-07-01 01:05:13 UTC ( 5 years, 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Downloader/Win32.FraudLoad 20110630
AntiVir TR/Spy.29696.65 20110630
AVG Downloader.Generic11.AYMD 20110701
BitDefender Gen:Trojan.Heur.FU.bqW@aKYJplpi 20110701
CAT-QuickHeal (Suspicious) - DNAScan 20110630
Commtouch W32/Bredolab.AN.gen!Eldorado 20110630
Comodo TrojWare.Win32.Trojan.Agent.Gen 20110630
eTrust-Vet Win32/Chepvil.CA 20110630
F-Prot W32/Bredolab.AN.gen!Eldorado 20110630
F-Secure Gen:Trojan.Heur.FU.bqW@aKYJplpi 20110701
Fortinet W32/FraudLoad.OR!tr.dldr 20110701
GData Gen:Trojan.Heur.FU.bqW@aKYJplpi 20110701
Ikarus Gen.Trojan.Heur 20110701
Kaspersky Trojan-Downloader.Win32.FraudLoad.zida 20110701
McAfee Artemis!9876906CCA9C 20110701
McAfee-GW-Edition Artemis!9876906CCA9C 20110630
NOD32 a variant of Win32/TrojanDownloader.Chepvil.A 20110701
Norman W32/Kryptik.WV 20110630
Panda Suspicious file 20110630
Prevx Medium Risk Malware 20110701
Sophos Mal/ChepVil-A 20110701
VBA32 SScope.Trojan.Inject.01360 20110701
VIPRE Trojan-Downloader.Win32.Chepvil.k (v) 20110701
Antiy-AVL 20110630
Avast 20110701
Avast5 20110701
ClamAV 20110630
DrWeb 20110701
eSafe 20110629
Jiangmin 20110630
K7AntiVirus 20110630
Microsoft 20110630
nProtect 20110630
PCTools 20110630
Rising 20110630
SUPERAntiSpyware 20110701
Symantec 20110701
TheHacker 20110629
TrendMicro 20110630
TrendMicro-HouseCall 20110701
ViRobot 20110630
VirusBuster 20110630
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-29 17:53:11
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
AddUsersToEncryptedFile
AreAllAccessesGranted
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:06:29 18:53:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
8.0

EntryPoint
0x1000

InitializedDataSize
21504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9876906cca9c0c13fff7fc3a72d69b89
SHA1 72831b40b5b369280b05336e39f25d93b500efac
SHA256 5e891656d7a02ce56fee01d885022141624f55802cdfe64d8cd45fea82518a54
ssdeep
384:6T/XH5CubCPXcPCwVn6zHtNGIWba0B8UFcX6bGafw1:6jXH5CRXanVnwGNbhOs9K

authentihash 3365dbf97a322b48b71769cb7b4380f3cccd9237622c7686fcda5d252cddfa91
imphash ff927df9041610851956a3da8805d6dd
File size 29.0 KB ( 29696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2011-06-30 04:12:00 UTC ( 5 years, 11 months ago )
Last submission 2016-07-06 19:56:43 UTC ( 10 months, 3 weeks ago )
File names 9876906cca9c0c13fff7fc3a72d69b89
smona131167132734410476716
IRS document.exe
77116BAC0072E09974A40018E6702300DE2842D1.exe
smona131832440813962373663
file-2445183_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!