× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 699714f3545e0d2142e486b908bdaadf3dd5b714653002a4dd1ec3de25465bc3
File name: NF_Pedido04-4589511.pdf.cpl
Detection ratio: 38 / 51
Analysis date: 2014-04-22 00:09:29 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.128213 20140421
Yandex Trojan.DL.Banload!h/Jk5tHCIx0 20140421
AntiVir TR/Graftor.128213.5 20140421
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20140422
Avast Win32:Banker-KRJ [Trj] 20140421
AVG Downloader.Banload2.GLL 20140421
Baidu-International Trojan.Win32.Banload.Ax 20140421
BitDefender Gen:Variant.Graftor.128213 20140422
CAT-QuickHeal Trojan.Dynamer 20140421
Comodo UnclassifiedMalware 20140421
DrWeb Trojan.PWS.Banker1.13154 20140421
Emsisoft Gen:Variant.Graftor.128213 (B) 20140421
ESET-NOD32 a variant of Win32/TrojanDownloader.Banload.TBQ 20140421
F-Prot W32/Downloader.F.gen!Eldorado 20140421
F-Secure Gen:Variant.Graftor.128213 20140421
Fortinet W32/Banload.SVA!tr.dldr 20140421
GData Gen:Variant.Graftor.128213 20140421
Ikarus Trojan-Downloader.Win32.Small 20140421
Jiangmin TrojanDownloader.Banload.bmfr 20140421
K7AntiVirus Trojan-Downloader ( 004954ed1 ) 20140421
K7GW Trojan-Downloader ( 004954ed1 ) 20140421
Kaspersky Trojan-Downloader.Win32.Banload.crnb 20140421
Kingsoft Win32.Troj.Undef.(kcloud) 20140422
Malwarebytes Trojan.Banker.CPL 20140421
McAfee Artemis!F81E1AEABC23 20140421
McAfee-GW-Edition Artemis!F81E1AEABC23 20140422
Microsoft Trojan:Win32/Dynamer!ac 20140421
eScan Gen:Variant.Graftor.128213 20140421
NANO-Antivirus Trojan.Win32.DownLoad3.cwfbzj 20140421
Norman Suspicious_Gen5.AMHMO 20140421
Panda Trj/CI.A 20140421
Qihoo-360 HEUR/Malware.QVM21.Gen 20140422
Sophos AV Mal/Generic-S 20140422
Symantec Trojan.Gen 20140421
TrendMicro TROJ_BANLOAD.YZV 20140421
TrendMicro-HouseCall TROJ_BANLOAD.YZV 20140422
VBA32 Trojan-Downloader.Banload.crnb 20140421
VIPRE Trojan-Downloader.Win32.Banload.rxb (v) 20140422
AegisLab 20140421
AhnLab-V3 20140421
Bkav 20140418
ByteHero 20140422
ClamAV 20140421
CMC 20140421
Commtouch 20140421
nProtect 20140421
Rising 20140421
SUPERAntiSpyware 20140422
TheHacker 20140421
TotalDefense 20140421
ViRobot 20140422
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000BBAD0
Number of sections 3
PE sections
PE imports
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
CoInitialize
VariantCopy
VerQueryValueA
InternetOpenA
PE exports
Number of PE resources by type
RT_STRING 24
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 4
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 54
PORTUGUESE BRAZILIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
282624

LinkerVersion
2.25

EntryPoint
0xbbad0

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
483328

Compressed bundles
File identification
MD5 f81e1aeabc23c0ba12ab679bc84ca68b
SHA1 2bfceec2c062651027013bf6e225c5d4cc9c7a69
SHA256 699714f3545e0d2142e486b908bdaadf3dd5b714653002a4dd1ec3de25465bc3
ssdeep
6144:vZRMULbpM2NwrNIYCO3eePB2X7I8Lweq/8HdEB2ooE:vkU/pvqiPOOeP6I87DEZf

authentihash c51be6a88d102bbd4f55a54628589020569f9061d8dc37014008221fdd298630
imphash b0820fa2c87830ffa17effefcbcaf739
File size 281.0 KB ( 287744 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
Win16/32 Executable Delphi generic (2.9%)
Tags
pedll upx

VirusTotal metadata
First submission 2014-02-21 17:49:39 UTC ( 3 years, 9 months ago )
Last submission 2017-04-26 04:51:50 UTC ( 6 months, 4 weeks ago )
File names F81E1AEABC23C0BA12AB679BC84CA68B
NF_Pedido04-4589511.pdf.cpl
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!