× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 640fe9501d7078b6644604e3ef4d838372f1654c45f75a241fef4e194d5bde85
File name: instructions_document.exe
Detection ratio: 3 / 57
Analysis date: 2015-06-19 14:46:47 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Upatre 20150619
ByteHero Virus.Win32.Heur.c 20150619
Tencent Trojan.Win32.YY.Gen.4 20150619
Ad-Aware 20150619
AegisLab 20150619
Yandex 20150618
Alibaba 20150619
ALYac 20150619
Antiy-AVL 20150619
Arcabit 20150619
Avast 20150619
AVG 20150619
Avira (no cloud) 20150619
AVware 20150619
Baidu-International 20150619
BitDefender 20150619
Bkav 20150619
CAT-QuickHeal 20150619
ClamAV 20150619
CMC 20150618
Comodo 20150619
Cyren 20150619
DrWeb 20150619
Emsisoft 20150619
ESET-NOD32 20150619
F-Prot 20150619
F-Secure 20150619
Fortinet 20150619
GData 20150619
Ikarus 20150619
Jiangmin 20150618
K7AntiVirus 20150619
K7GW 20150619
Kaspersky 20150619
Kingsoft 20150619
Malwarebytes 20150619
McAfee 20150619
McAfee-GW-Edition 20150618
Microsoft 20150619
eScan 20150619
NANO-Antivirus 20150619
nProtect 20150619
Panda 20150619
Qihoo-360 20150619
Rising 20150618
Sophos AV 20150619
SUPERAntiSpyware 20150619
Symantec 20150619
TheHacker 20150619
TotalDefense 20150619
TrendMicro 20150619
TrendMicro-HouseCall 20150619
VBA32 20150619
VIPRE 20150619
ViRobot 20150619
Zillya 20150619
Zoner 20150619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-10-25 03:03:20
Entry Point 0x00001000
Number of sections 3
PE sections
PE imports
RegCdQueryA
RegWdQueryW
RegUserConfigRename
RegCdEnumerateW
RegCdDeleteW
RegOpenServerA
RegPdEnumerateA
RegCdEnumerateA
RegWdQueryA
RegCloseServer
RegCdQueryW
RegCdCreateW
RegCdDeleteA
SdbFindFirstNamedTag
SdbFindNextTag
SdbFindFirstTagRef
SdbFindFirstMsiPackage
SdbEnumMsiTransforms
SdbFindNextMsiPackage
SdbFindFirstTag
SdbDeletePermLayerKeys
SdbFindFirstMsiPackage_Str
CAAccessCheckEx
CAAccessCheck
ImageRvaToVa
ImageRvaToSection
HTUI_DeviceColorAdjustmentW
HTUI_DeviceColorAdjustmentA
HTUI_DeviceColorAdjustment
AllocateAttributes
LoadLibraryA
OutputDebugStringW
FindVolumeClose
IsDebuggerPresent
GetTickCount
MulDiv
GetCommandLineA
GetACP
GetSystemDirectoryA
SASetNSAccountInformation
SAGetAccountInformation
NetrJobGetInfo
SASetAccountInformation
SAGetNSAccountInformation
NetrJobEnum
SetNetScheduleAccountInformation
fopen
fread
IPSecCreateFilterData
IPSecDeleteNFAData
IPSecDeleteFilterData
IPSecEnumISAKMPData
IPSecCopyISAKMPData
IPSecCreateNegPolData
IPSecClosePolicyStore
IPSecCopyFilterData
IPSecCopyNegPolData
IPSecEnumFilterData
IPSecCreateNFAData
IPSecCreateISAKMPData
IPSecCopyFilterSpec
IPSecCopyNFAData
IPSecCopyPolicyData
IPSecDeleteISAKMPData
IPSecCreatePolicyData
IPSecDeletePolicyData
IPSecDeleteNegPolData
StiCreateInstance
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1997:10:25 04:03:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
5.7

EntryPoint
0x1000

InitializedDataSize
86016

SubsystemVersion
5.0

ImageVersion
4.0

OSVersion
6.0

UninitializedDataSize
438272

File identification
MD5 329a2254cf4c110f3097aafdaa50c82a
SHA1 cc4e245171ab5a0e7e0ea716f2a31d9dd997c497
SHA256 640fe9501d7078b6644604e3ef4d838372f1654c45f75a241fef4e194d5bde85
ssdeep
768:XHzC+WKwz3zfmRC1efpB9muwixNnREq2Bbbbbbbj:XY5zDeRC1efpXd1Nifbbbbbbj

authentihash 98dd809dd163877168b6911c102a9f390230f8421f3c744ee334f95fc040e788
imphash 7a460c769170f714b7d300768d4324b6
File size 48.5 KB ( 49664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
Clipper DOS Executable (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-19 14:46:47 UTC ( 2 years, 5 months ago )
Last submission 2015-06-21 08:47:21 UTC ( 2 years, 5 months ago )
File names instructions_document.exe
instructions_document2.exe.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections