× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5f561f0738bf808cfc4af8a689c0e794176935623531542187a9a31a550aa525
File name: 5421efa8e73bedd473f24cd44b1ff6c9
Detection ratio: 17 / 56
Analysis date: 2016-10-31 15:50:32 UTC ( 2 years, 4 months ago )
Antivirus Result Update
AVG SHeur4.CLHA 20161031
CrowdStrike Falcon (ML) malicious_confidence_87% (D) 20161024
DrWeb Trojan.KillProc.47576 20161031
Fortinet W32/Androm.LDVA!tr.bdr 20161031
GData Win32.Trojan.Agent.5MTK8B 20161031
Sophos ML virus.win32.sality.at 20161018
K7AntiVirus Riskware ( 0040eff71 ) 20161031
K7GW Riskware ( 0040eff71 ) 20161031
Kaspersky Backdoor.Win32.Androm.ldva 20161031
McAfee Artemis!5421EFA8E73B 20161031
McAfee-GW-Edition BehavesLike.Win32.BadFile.dc 20161031
Microsoft PWS:Win32/Zbot 20161031
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161031
Sophos AV Mal/Generic-S 20161031
Symantec Trojan.Gen.2 20161031
Tencent Win32.Backdoor.Androm.Staf 20161031
TrendMicro TROJ_GEN.R072C0DJT16 20161031
Ad-Aware 20161031
AegisLab 20161031
AhnLab-V3 20161031
Alibaba 20161031
ALYac 20161031
Antiy-AVL 20161031
Arcabit 20161031
Avast 20161031
Avira (no cloud) 20161031
AVware 20161031
Baidu 20161031
BitDefender 20161031
Bkav 20161031
CAT-QuickHeal 20161031
ClamAV 20161031
CMC 20161031
Comodo 20161031
Cyren 20161031
Emsisoft 20161031
ESET-NOD32 20161031
F-Prot 20161031
F-Secure 20161031
Ikarus 20161031
Jiangmin 20161031
Kingsoft 20161031
Malwarebytes 20161031
eScan 20161031
NANO-Antivirus 20161031
nProtect 20161028
Panda 20161031
Rising 20161031
SUPERAntiSpyware 20161031
TheHacker 20161029
TotalDefense 20161028
VBA32 20161031
VIPRE 20161031
ViRobot 20161031
Yandex 20161030
Zillya 20161031
Zoner 20161031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2004

Product PhoneBook
Original name PhoneBook.EXE
Internal name PhoneBook
File version 1, 0, 0, 1
Description PhoneBook Microsof
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-19 13:50:26
Entry Point 0x00006570
Number of sections 4
PE sections
PE imports
RegQueryValueA
RegOpenKeyExA
RegCloseKey
_TrackMouseEvent
GetObjectA
GetTextExtentPoint32A
CreatePen
GetStockObject
CreateFontIndirectA
CreateSolidBrush
RoundRect
GetModuleHandleA
lstrlenA
lstrcatA
FreeLibrary
GetWindowsDirectoryA
lstrcpyA
GetStartupInfoA
CreateFileA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
WinExec
Ord(2023)
Ord(6197)
Ord(3998)
Ord(4080)
Ord(2362)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1168)
Ord(1641)
Ord(3136)
Ord(693)
Ord(1911)
Ord(4240)
Ord(2124)
Ord(540)
Ord(3626)
Ord(4224)
Ord(3798)
Ord(3472)
Ord(2621)
Ord(4835)
Ord(3721)
Ord(3610)
Ord(5290)
Ord(5010)
Ord(2864)
Ord(641)
Ord(1745)
Ord(4297)
Ord(6215)
Ord(5875)
Ord(4441)
Ord(4948)
Ord(2915)
Ord(5787)
Ord(809)
Ord(795)
Ord(2652)
Ord(616)
Ord(815)
Ord(4078)
Ord(317)
Ord(5788)
Ord(2645)
Ord(5277)
Ord(2514)
Ord(4402)
Ord(4425)
Ord(5161)
Ord(5199)
Ord(567)
Ord(1908)
Ord(1134)
Ord(941)
Ord(4465)
Ord(2578)
Ord(5300)
Ord(1907)
Ord(3797)
Ord(3640)
Ord(1669)
Ord(4627)
Ord(3171)
Ord(3738)
Ord(4853)
Ord(6376)
Ord(2982)
Ord(3069)
Ord(489)
Ord(825)
Ord(3081)
Ord(4218)
Ord(3092)
Ord(5307)
Ord(6907)
Ord(2818)
Ord(4424)
Ord(5160)
Ord(2395)
Ord(1006)
Ord(2554)
Ord(556)
Ord(3062)
Ord(5658)
Ord(2294)
Ord(1727)
Ord(3370)
Ord(823)
Ord(3573)
Ord(4854)
Ord(775)
Ord(4358)
Ord(2379)
Ord(2725)
Ord(5242)
Ord(3874)
Ord(4258)
Ord(609)
Ord(5981)
Ord(5572)
Ord(656)
Ord(3749)
Ord(2512)
Ord(3314)
Ord(2642)
Ord(4274)
Ord(1200)
Ord(5056)
Ord(2859)
Ord(3259)
Ord(4079)
Ord(3147)
Ord(2860)
Ord(6375)
Ord(535)
Ord(2370)
Ord(4284)
Ord(4398)
Ord(2490)
Ord(4291)
Ord(1088)
Ord(3262)
Ord(2446)
Ord(1576)
Ord(2754)
Ord(1775)
Ord(4259)
Ord(2614)
Ord(4353)
Ord(2575)
Ord(5065)
Ord(4377)
Ord(4407)
Ord(2086)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(858)
Ord(3693)
Ord(2411)
Ord(4976)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(1680)
Ord(3825)
Ord(5192)
Ord(926)
Ord(4998)
Ord(1089)
Ord(503)
Ord(2985)
Ord(2609)
Ord(5287)
Ord(3922)
Ord(4742)
Ord(6052)
Ord(6544)
Ord(6605)
Ord(6123)
Ord(4376)
Ord(3402)
Ord(3582)
Ord(800)
Ord(324)
Ord(5265)
Ord(4133)
Ord(6800)
Ord(3830)
Ord(2122)
Ord(2385)
Ord(6322)
Ord(3619)
Ord(2582)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(1994)
Ord(2055)
Ord(3996)
Ord(4837)
Ord(5264)
Ord(5241)
Ord(1776)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(768)
Ord(4622)
Ord(561)
Ord(5261)
Ord(2302)
Ord(4905)
Ord(4486)
Ord(5708)
Ord(6358)
Ord(2396)
Ord(3316)
Ord(4698)
Ord(2976)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(1261)
Ord(4673)
Ord(5701)
Ord(5302)
Ord(6121)
Ord(860)
Ord(5731)
Ord(1774)
_except_handler3
__CxxFrameHandler
__p__fmode
_adjust_fdiv
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_acmdln
__setusermatherr
_mbscmp
_setmbcp
__dllonexit
_onexit
_controlfp
exit
_mbsstr
__getmainargs
_exit
__set_app_type
__p__commode
_initterm
_XcptFilter
ShellExecuteA
GetMessagePos
GetParent
DrawStateA
FindWindowW
CopyIcon
KillTimer
ShowWindow
MessageBeep
GetSystemMetrics
IsWindow
GetWindowRect
InflateRect
EnableWindow
PostMessageA
MoveWindow
SetWindowLongA
GetSysColor
GetDC
ReleaseDC
SendMessageA
GetClientRect
ScreenToClient
SetRect
InvalidateRect
AnimateWindow
DrawFocusRect
SetTimer
LoadCursorA
FillRect
CopyRect
GetWindowTextA
SetCursor
PtInRect
Number of PE resources by type
RT_ICON 6
RT_DIALOG 5
RT_GROUP_ICON 2
NMKEFG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
CHINESE SIMPLIFIED 4
GERMAN SWISS 3
HUNGARIAN DEFAULT 1
ICELANDIC DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
German (Austrian)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
262144

EntryPoint
0x6570

OriginalFileName
PhoneBook.EXE

MIMEType
application/octet-stream

LegalCopyright
(C) 2004

FileVersion
1, 0, 0, 1

TimeStamp
2016:10:19 14:50:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PhoneBook

ProductVersion
1, 0, 0, 1

FileDescription
PhoneBook Microsof

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
805335040

ProductName
PhoneBook

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5421efa8e73bedd473f24cd44b1ff6c9
SHA1 2c7e346fe311526edf2123b64cc4c7886d7afc92
SHA256 5f561f0738bf808cfc4af8a689c0e794176935623531542187a9a31a550aa525
ssdeep
6144:mG+nswbIM6k6dU/Hro0e1o0OvLk7XA7/zgFf4bsFWcEN:mGo6dIoa0OvL77/z4f7FWv

authentihash 96cef56198e5f25645b6cee90dfa38cbf79645cf6f97b6fe624df5b4733c596e
imphash 34d9931d53485a1d4196f85cf85b1234
File size 288.0 KB ( 294912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-31 15:50:32 UTC ( 2 years, 4 months ago )
Last submission 2016-10-31 15:50:32 UTC ( 2 years, 4 months ago )
File names PhoneBook.EXE
PhoneBook
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!