× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bd9680283424eb294a6a2b788bac911a15b47eb7f1a251cc6ad501df7e1acff
File name: 001097223241.exe
Detection ratio: 0 / 56
Analysis date: 2015-08-20 11:56:07 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150820
AegisLab 20150820
Yandex 20150819
AhnLab-V3 20150820
Alibaba 20150820
ALYac 20150820
Antiy-AVL 20150820
Arcabit 20150820
Avast 20150820
AVG 20150820
Avira (no cloud) 20150820
AVware 20150820
Baidu-International 20150820
BitDefender 20150820
Bkav 20150820
ByteHero 20150820
CAT-QuickHeal 20150819
ClamAV 20150820
CMC 20150819
Comodo 20150820
Cyren 20150820
DrWeb 20150820
Emsisoft 20150820
ESET-NOD32 20150820
F-Prot 20150820
F-Secure 20150820
Fortinet 20150820
GData 20150820
Ikarus 20150820
Jiangmin 20150819
K7AntiVirus 20150820
K7GW 20150820
Kaspersky 20150820
Kingsoft 20150820
Malwarebytes 20150820
McAfee 20150820
McAfee-GW-Edition 20150820
Microsoft 20150820
eScan 20150820
NANO-Antivirus 20150820
nProtect 20150820
Panda 20150820
Qihoo-360 20150820
Rising 20150817
Sophos AV 20150820
SUPERAntiSpyware 20150820
Symantec 20150819
Tencent 20150820
TheHacker 20150820
TrendMicro 20150820
TrendMicro-HouseCall 20150820
VBA32 20150820
VIPRE 20150820
ViRobot 20150820
Zillya 20150820
Zoner 20150820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-11-06 03:03:14
Entry Point 0x00003000
Number of sections 5
PE sections
PE imports
GetModuleHandleA
ExitProcess
GetCommandLineW
DragAcceptFiles
DragQueryFileW
DragFinish
ShellAboutW
GetMessageA
CreateWindowExA
LoadIconA
DispatchMessageA
TranslateMessage
DefWindowProcA
RegisterClassExA
ChooseFontW
PageSetupDlgW
FindTextW
GetSaveFileNameW
CommDlgExtendedError
Number of PE resources by type
RT_BITMAP 1
RT_MENU 1
RT_MANIFEST 1
RT_GROUP_ICON 1
RT_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2003:11:06 04:03:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6656

LinkerVersion
1.71

EntryPoint
0x3000

InitializedDataSize
18432

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 af00d30cab4d1cff9b3deeda74531a5e
SHA1 7e1220c74b31642d3129872bfb2a81b560f8ea85
SHA256 6bd9680283424eb294a6a2b788bac911a15b47eb7f1a251cc6ad501df7e1acff
ssdeep
384:/bYVFDtZ2haONTevBegbjK2yStydAsre7rZ426zB2KsC6G0nH:/bYVhPsaOB6Be0tySJrd6V2Kc

authentihash b9d027bf6198e7de42264c6da5deceee8ed41172294423e526c012732bdfd513
imphash 64e4956b65f68eeee6c31364abcd60ab
File size 25.5 KB ( 26112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (53.8%)
Windows screen saver (25.5%)
Win32 Executable (generic) (8.7%)
Win16/32 Executable Delphi generic (4.0%)
Generic Win/DOS Executable (3.8%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-08-20 09:51:59 UTC ( 3 years, 9 months ago )
Last submission 2016-05-03 15:26:46 UTC ( 3 years ago )
File names 0003_.b64.zip-1.exe
Incoming Fax.exe
af00d30cab4d1cff9b3deeda74531a5e.malware
001097223241.vxe
100% Malware100% Malware001097223241.exe
001097223241.exe
af00d30cab4d1cff9b3deeda74531a5e.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F02JH0ZHK15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!