× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5e891656d7a02ce56fee01d885022141624f55802cdfe64d8cd45fea82518a54
File name: IRS document.exe
Detection ratio: 23 / 42
Analysis date: 2011-07-01 01:05:13 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
AVG Downloader.Generic11.AYMD 20110701
AhnLab-V3 Downloader/Win32.FraudLoad 20110630
AntiVir TR/Spy.29696.65 20110630
BitDefender Gen:Trojan.Heur.FU.bqW@aKYJplpi 20110701
CAT-QuickHeal (Suspicious) - DNAScan 20110630
Commtouch W32/Bredolab.AN.gen!Eldorado 20110630
Comodo TrojWare.Win32.Trojan.Agent.Gen 20110630
F-Prot W32/Bredolab.AN.gen!Eldorado 20110630
F-Secure Gen:Trojan.Heur.FU.bqW@aKYJplpi 20110701
Fortinet W32/FraudLoad.OR!tr.dldr 20110701
GData Gen:Trojan.Heur.FU.bqW@aKYJplpi 20110701
Ikarus Gen.Trojan.Heur 20110701
Kaspersky Trojan-Downloader.Win32.FraudLoad.zida 20110701
McAfee Artemis!9876906CCA9C 20110701
McAfee-GW-Edition Artemis!9876906CCA9C 20110630
NOD32 a variant of Win32/TrojanDownloader.Chepvil.A 20110701
Norman W32/Kryptik.WV 20110630
Panda Suspicious file 20110630
Prevx Medium Risk Malware 20110701
Sophos Mal/ChepVil-A 20110701
VBA32 SScope.Trojan.Inject.01360 20110701
VIPRE Trojan-Downloader.Win32.Chepvil.k (v) 20110701
eTrust-Vet Win32/Chepvil.CA 20110630
Antiy-AVL 20110630
Avast 20110701
Avast5 20110701
ClamAV 20110630
DrWeb 20110701
Jiangmin 20110630
K7AntiVirus 20110630
Microsoft 20110630
PCTools 20110630
Rising 20110630
SUPERAntiSpyware 20110701
Symantec 20110701
TheHacker 20110629
TrendMicro 20110630
TrendMicro-HouseCall 20110701
ViRobot 20110630
VirusBuster 20110630
eSafe 20110629
nProtect 20110630
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-29 17:53:11
Link date 6:53 PM 6/29/2011
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
AddUsersToEncryptedFile
AreAllAccessesGranted
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:29 18:53:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
8.0

FileAccessDate
2014:07:16 03:50:47+01:00

EntryPoint
0x1000

InitializedDataSize
21504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:07:16 03:50:47+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9876906cca9c0c13fff7fc3a72d69b89
SHA1 72831b40b5b369280b05336e39f25d93b500efac
SHA256 5e891656d7a02ce56fee01d885022141624f55802cdfe64d8cd45fea82518a54
ssdeep
384:6T/XH5CubCPXcPCwVn6zHtNGIWba0B8UFcX6bGafw1:6jXH5CRXanVnwGNbhOs9K

imphash ff927df9041610851956a3da8805d6dd
File size 29.0 KB ( 29696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2011-06-30 04:12:00 UTC ( 3 years, 10 months ago )
Last submission 2014-04-14 09:54:12 UTC ( 1 year ago )
File names 9876906cca9c0c13fff7fc3a72d69b89
smona131167132734410476716
IRS document.exe
77116BAC0072E09974A40018E6702300DE2842D1.exe
smona131832440813962373663
file-2445183_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!