× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7b02471a2cef7b6ac6a4c3504b14b700a96457ae9f0d5e17bf0aba7d74f49b90
File name: docf.exe
Detection ratio: 7 / 69
Analysis date: 2018-04-20 07:36:50 UTC ( 1 year ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180419
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Endgame malicious (high confidence) 20180403
Fortinet W32/Kryptik.GCVH!tr 20180420
Qihoo-360 HEUR/QVM19.1.A02B.Malware.Gen 20180420
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Elenoocka-E 20180420
Ad-Aware 20180420
AegisLab 20180420
AhnLab-V3 20180419
Alibaba 20180420
ALYac 20180420
Antiy-AVL 20180418
Arcabit 20180420
Avast 20180420
Avast-Mobile 20180420
AVG 20180420
Avira (no cloud) 20180420
AVware 20180420
Babable 20180406
BitDefender 20180420
Bkav 20180410
CAT-QuickHeal 20180419
ClamAV 20180420
CMC 20180419
Comodo 20180420
Cybereason 20180225
Cylance 20180420
Cyren 20180420
DrWeb 20180420
eGambit 20180420
Emsisoft 20180420
ESET-NOD32 20180420
F-Prot 20180420
F-Secure 20180420
GData 20180420
Ikarus 20180419
Sophos ML 20180121
Jiangmin 20180420
K7AntiVirus 20180420
K7GW 20180420
Kaspersky 20180420
Kingsoft 20180420
Malwarebytes 20180420
MAX 20180420
McAfee 20180420
McAfee-GW-Edition 20180420
Microsoft 20180420
eScan 20180420
NANO-Antivirus 20180420
nProtect 20180420
Palo Alto Networks (Known Signatures) 20180420
Panda 20180419
Rising 20180420
SUPERAntiSpyware 20180420
Symantec 20180419
Symantec Mobile Insight 20180419
Tencent 20180420
TheHacker 20180415
TotalDefense 20180420
TrendMicro 20180420
TrendMicro-HouseCall 20180420
Trustlook 20180420
VBA32 20180419
VIPRE 20180420
ViRobot 20180420
Webroot 20180420
Yandex 20180419
Zillya 20180419
ZoneAlarm by Check Point 20180420
Zoner 20180419
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-17 18:24:07
Entry Point 0x00006E15
Number of sections 4
PE sections
Overlays
MD5 662c60874c884cee1321d70d045efb9a
File type data
Offset 95232
Size 7880
Entropy 7.50
PE imports
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookCopyFilter
Ctl3dRegister
Ctl3dGetVer
GetFileAttributesA
WaitForSingleObject
lstrcmp
CreateJobObjectW
GetTickCount
TlsAlloc
LoadLibraryA
lstrlenW
LoadLibraryExA
GetCommandLineW
lstrcat
SetErrorMode
GetProcAddress
FindResourceExA
FindNextFileW
GetTempFileNameA
SetLocalTime
CreateProcessA
CreateEventW
LocalFileTimeToFileTime
ReadConsoleW
TlsSetValue
CreateFileA
InterlockedIncrement
InsertMenuA
MessageBoxExA
LoadImageW
LoadIconA
DispatchMessageA
CharToOemW
LoadMenuA
PostMessageA
GetMessageW
GetWindow
LoadBitmapA
GetClassLongA
PE exports
Number of PE resources by type
Struct(18) 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:04:17 19:24:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
51712

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
40960

SubsystemVersion
4.0

EntryPoint
0x6e15

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 028eb27c37fc89497f60e149a57f2207
SHA1 b0b33fd38deab3055f0a3944c9f3b746e0184e1a
SHA256 7b02471a2cef7b6ac6a4c3504b14b700a96457ae9f0d5e17bf0aba7d74f49b90
ssdeep
1536:0RNu5Bb1yyMc5EXDkptV8yiqsDaRZNU/h9l+ij:guHU1DkpmDEZNU/j

authentihash f6f278ae312cd65efbb6815101e8ff1e58f1f2b924e562427df82840f7f6a585
imphash 6638887a4486fbb074e7026e02e290c1
File size 100.7 KB ( 103112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-04-20 07:36:50 UTC ( 1 year ago )
Last submission 2018-05-02 23:36:06 UTC ( 11 months, 3 weeks ago )
File names docf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs