× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 738fb941d3df297ea2646a73ee179e4cb3de24ff1a4dec416478d8ef148210b2
File name: Z5xf1wPM.exe.bin
Detection ratio: 24 / 58
Analysis date: 2017-03-03 08:43:02 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CEJM 20170303
Arcabit Trojan.Agent.CEJM 20170303
Avira (no cloud) TR/Crypt.Xpack.amyap 20170303
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9954 20170303
BitDefender Trojan.Agent.CEJM 20170303
Bkav W32.eHeur.Malware12 20170302
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.Encoder.10307 20170303
Emsisoft Trojan.Agent.CEJM (B) 20170303
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Generik.CUEDSJS 20170303
F-Secure Trojan.Agent.CEJM 20170303
Fortinet Generik.CUEDSJS!tr 20170303
GData Trojan.Agent.CEJM 20170303
Ikarus Trojan.SuspectCRC 20170303
Sophos ML virus.win32.sality.at 20170203
Kaspersky Trojan-Ransom.Win32.SageCrypt.vt 20170303
Malwarebytes Ransom.SageLocker 20170303
McAfee RDN/Generic.grp 20170303
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20170303
eScan Trojan.Agent.CEJM 20170303
Symantec Trojan.Gen.8 20170302
VIPRE Trojan.Win32.Generic!BT 20170303
Webroot Malicious 20170303
AegisLab 20170303
AhnLab-V3 20170302
Alibaba 20170228
ALYac 20170303
Antiy-AVL 20170303
Avast 20170303
AVG 20170302
AVware 20170303
CAT-QuickHeal 20170302
ClamAV 20170303
CMC 20170303
Comodo 20170303
Cyren 20170303
F-Prot 20170303
Jiangmin 20170301
K7AntiVirus 20170303
K7GW 20170303
Kingsoft 20170303
Microsoft 20170303
NANO-Antivirus 20170303
nProtect 20170303
Panda 20170302
Qihoo-360 20170303
Rising 20170303
Sophos AV 20170303
SUPERAntiSpyware 20170303
Tencent 20170303
TheHacker 20170302
TrendMicro 20170303
TrendMicro-HouseCall 20170303
Trustlook 20170303
VBA32 20170302
ViRobot 20170303
WhiteArmor 20170222
Yandex 20170225
Zillya 20170302
Zoner 20170303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2016 Adobe Systems Incorporated. All rights reserved.

Product Adobe Reader Components
Internal name Adobe Reader Components
Description Adobe Reader Components
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-02 10:32:09
Entry Point 0x00007CBC
Number of sections 4
PE sections
Overlays
MD5 10ad5ac031d95c85e50cff5a87b77256
File type data
Offset 295936
Size 768
Entropy 1.75
PE imports
RegCloseKey
CreateWellKnownSid
RegSetValueExA
GetUserNameA
RegCreateKeyExA
GetSecurityInfo
IsTextUnicode
ConvertSidToStringSidA
GetOpenFileNameA
ChooseFontA
CloseEnhMetaFile
LineTo
DeleteDC
SetBkMode
CreateFontA
MoveToEx
TextOutA
Rectangle
SelectObject
CreateEnhMetaFileA
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetTextColor
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
ConnectNamedPipe
InitializeCriticalSection
TlsGetValue
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
GetCPInfo
GetUserDefaultLCID
GetProcessHeap
lstrcpyA
GetComputerNameA
IsValidLocale
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
CreateNamedPipeA
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
EnumSystemLocalesA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
WNetGetConnectionA
Ord(64)
PathUnquoteSpacesA
SetFocus
UpdateWindow
EndDialog
LoadMenuA
DestroyMenu
PostQuitMessage
DefWindowProcA
FindWindowA
SendDlgItemMessageA
CharLowerA
OemToCharA
GetWindowRect
EndPaint
SetMenu
SetDlgItemTextA
GetDlgItemTextA
CreatePopupMenu
MessageBoxA
GetWindowDC
SetWindowLongA
GetWindowLongA
GetWindow
CharUpperA
CheckDlgButton
GetMenuItemID
CopyImage
DrawTextA
BeginPaint
SetWindowTextA
GetMenu
LoadStringA
SendMessageA
GetDlgItem
DrawMenuBar
TrackPopupMenuEx
InsertMenuA
wsprintfA
CreateWindowExA
LoadIconA
InvalidateRect
GetMenuItemCount
GetDesktopWindow
LoadImageA
GetClassNameA
GetDC
EnableWindow
GetWindowTextA
ModifyMenuA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA
ioctlsocket
CoCreateInstance
CoUninitialize
CoInitialize
StgOpenStorage
Ord(204)
Number of PE resources by type
RT_ICON 5
TEXT 3
RT_MANIFEST 1
RT_VERSION 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
196608

ImageVersion
0.0

ProductName
Adobe Reader Components

FileVersionNumber
5.0.0.43

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:03:02 11:32:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Adobe Reader Components

ProductVersion
5.0.0.43

FileDescription
Adobe Reader Components

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2016 Adobe Systems Incorporated. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
98304

FileSubtype
0

ProductVersionNumber
5.0.0.43

EntryPoint
0x7cbc

ObjectFileType
Executable application

File identification
MD5 3c4fcc372351d7bb565928e937413c82
SHA1 cf03e97edb4a85f4435d379d4245c2e7096b8f3f
SHA256 738fb941d3df297ea2646a73ee179e4cb3de24ff1a4dec416478d8ef148210b2
ssdeep
6144:TUBikM8P8SWkbO35Oh85img8MXyainqF:IB91HCpWMQ8Rn

authentihash 051ffb47c5a158bc8a58c1781db3a4f95f7726612740b53735dbf79887acd33f
imphash dc2919130cb029efb91a4696cd444549
File size 289.8 KB ( 296704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-02 15:58:09 UTC ( 1 year, 11 months ago )
Last submission 2017-03-09 09:35:39 UTC ( 1 year, 11 months ago )
File names rXb9YkUf.exe
Adobe Reader Components
738fb941d3df297ea2646a73ee179e4cb3de24ff1a4dec416478d8ef148210b2.exe
Z5xf1wPM.exe.bin
738fb941d3df297ea2646a73ee179e4cb3de24ff1a4dec416478d8ef148210b2.exe
pula.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
UDP communications