× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 676fd873be5b1fbe322947b350635067adc5fe9b35a4a674341e517e79222f68
File name: Fax details and transmission_report.doc.exe
Detection ratio: 14 / 47
Analysis date: 2013-06-06 17:11:13 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
BitDefender Trojan.Agent.AZRU 20130606
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AV 20130606
Emsisoft Trojan.Agent.AZRU (B) 20130606
F-Secure Trojan.Agent.AZRU 20130606
GData Trojan.Agent.AZRU 20130606
Ikarus Trojan.Infector 20130606
Kaspersky UDS:DangerousObject.Multi.Generic 20130606
Malwarebytes Trojan.Backdoor.FLY 20130606
McAfee RDN/Generic.hra!bk 20130606
McAfee-GW-Edition Artemis!66140A32D7D8 20130606
MicroWorld-eScan Trojan.Agent.AZRU 20130606
Sophos Troj/Agent-ACCR 20130606
Symantec WS.Reputation.1 20130606
TrendMicro-HouseCall TROJ_GEN.FD1HZF6 20130606
AVG 20130606
Agnitum 20130606
AhnLab-V3 20130606
AntiVir 20130606
Antiy-AVL 20130606
Avast 20130606
ByteHero 20130606
CAT-QuickHeal 20130606
ClamAV 20130606
Commtouch 20130606
Comodo 20130606
DrWeb 20130606
F-Prot 20130605
Fortinet 20130606
Jiangmin 20130606
K7AntiVirus 20130606
K7GW 20130606
Kingsoft 20130506
Microsoft 20130606
NANO-Antivirus 20130606
Norman 20130606
PCTools 20130521
Panda 20130606
Rising 20130606
SUPERAntiSpyware 20130606
TheHacker 20130605
TotalDefense 20130605
TrendMicro 20130606
VBA32 20130606
VIPRE 20130606
ViRobot 20130606
eSafe 20130606
nProtect 20130606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (c) Intel Corporation 1999-2011

Publisher Intel(R) Corporation
Product Intel(R) PROSet/Wireless
Version 152, 12, 1, 0
Original name fndgfngfnf.EXE
Internal name fgnsgfnsdfgn
File version 15, 12, 1, 0
Description fcdbgfnnWireless iWrapper Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-20 19:50:06
Entry Point 0x00007A0C
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
WideCharToMultiByte
GetModuleFileNameW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VXD 1
RT_DIALOG 1
Number of PE resources by language
SERBIAN ARABIC OMAN 1
SERBIAN ARABIC ALGERIA 1
ENGLISH NZ 1
ENGLISH US 1
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Danish

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
44032

FileOS
Windows NT

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Intel Corporation 1999-2011

FileVersion
15, 12, 1, 0

TimeStamp
2013:05:20 20:50:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
fgnsgfnsdfgn

ProductVersion
152, 12, 1, 0

FileDescription
fcdbgfnnWireless iWrapper Application

OSVersion
5.1

OriginalFilename
fndgfngfnf.EXE

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intel(R) Corporation

CodeSize
44032

ProductName
Intel(R) PROSet/Wireless

ProductVersionNumber
1.0.0.1

EntryPoint
0x7a0c

ObjectFileType
Executable application

File identification
MD5 66140a32d7d8047ea93de0a4a419880b
SHA1 40508e38876a457e507efe0038b482ad2e193b70
SHA256 676fd873be5b1fbe322947b350635067adc5fe9b35a4a674341e517e79222f68
ssdeep
1536:AxqaOaxnuUAwfeqbu+KTcToQfYaNMVF0Kq2zskkxKN1y4dmf2KV2sCM3vmc:AxVHvAmeq6bKoQfAV7MxKjbzhH0P

File size 87.0 KB ( 89088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-06-06 10:09:55 UTC ( 10 months, 3 weeks ago )
Last submission 2013-06-10 14:43:21 UTC ( 10 months, 2 weeks ago )
File names fndgfngfnf.EXE
Orange MMS 8576493484.jpg.exe
some.exe
66140a32d7d8047ea93de0a4a419880b.bin
ppp.exe
file-5561885_exe
Nike Testing Products Application Form.pdf.exe
fgnsgfnsdfgn
Fax details and transmission_report.doc.exe
Fax details and transmission_report.doc_01.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Moved files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications