× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c7d876613a1133a52bdc3f11ee58ff009caa8d79e5a8bfc96f106fd7a8472d1
File name: rapport.pdf.exe
Detection ratio: 5 / 42
Analysis date: 2012-04-04 09:33:59 UTC ( 6 years, 10 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.PWS.Panda.655 20120404
Fortinet W32/Zbot.RO!tr 20120404
McAfee PWS-Zbot.gen.ro 20120404
NOD32 a variant of Win32/Kryptik.ADQO 20120404
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20120402
AhnLab-V3 20120404
AntiVir 20120404
Antiy-AVL 20120403
Avast 20120403
AVG 20120404
BitDefender 20120404
ByteHero 20120403
CAT-QuickHeal 20120404
ClamAV 20120404
Commtouch 20120404
Comodo 20120404
Emsisoft 20120404
eSafe 20120402
eTrust-Vet 20120403
F-Prot 20120403
F-Secure 20120404
GData 20120404
Ikarus 20120404
Jiangmin 20120331
K7AntiVirus 20120403
Kaspersky 20120403
McAfee-GW-Edition 20120403
Microsoft 20120404
Norman 20120403
nProtect 20120404
Panda 20120403
PCTools 20120404
Rising 20120401
Sophos AV 20120404
Symantec 20120404
TheHacker 20120403
TrendMicro 20120404
TrendMicro-HouseCall 20120404
VBA32 20120403
VIPRE 20120404
ViRobot 20120404
VirusBuster 20120403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0002C21C
Number of sections 6
PE sections
Overlays
MD5 a26b968476f8219fb29b8d08b98c53a0
File type data
Offset 196608
Size 512
Entropy 7.59
PE imports
GetSystemWow64DirectoryW
FlushConsoleInputBuffer
CreateNamedPipeW
LoadLibraryW
ReplaceFile
BuildCommDCBW
MoveFileWithProgressA
SetInformationJobObject
SystemTimeToTzSpecificLocalTime
OpenFile
SetProcessWorkingSetSize
SetFileShortNameW
CompareFileTime
LocalAlloc
CancelDeviceWakeupRequest
GetConsoleTitleW
GetUserDefaultLCID
RestoreLastError
GetTempPathA
FindFirstFileExA
GetTempFileNameA
WriteConsoleOutputW
SetMailslotInfo
OpenJobObjectW
GetDefaultCommConfigW
SetFileAttributesW
SetWaitableTimer
EmptyClipboard
RegisterClipboardFormatA
SetMenuItemBitmaps
BroadcastSystemMessageA
CreateDialogIndirectParamA
TranslateAcceleratorW
SetMenuContextHelpId
ShowWindow
PrivateExtractIconsA
SetClipboardViewer
SetWindowWord
GrayStringW
SendMessageCallbackA
LoadKeyboardLayoutW
SetWindowLongA
GetAltTabInfoA
ActivateKeyboardLayout
CopyImage
CreateDialogParamW
MapDialogRect
EditWndProc
SetWindowTextA
SetParent
SendMessageA
LoadStringW
WindowFromDC
DeleteMenu
SetWindowsHookExA
CharToOemW
SetDlgItemInt
CreateIconFromResource
CallWindowProcA
OpenClipboard
DialogBoxIndirectParamA
GetMenuStringW
VerQueryValueW
VerLanguageNameW
VerFindFileW
WTSVirtualChannelPurgeOutput
WTSQuerySessionInformationA
WTSVirtualChannelOpen
WTSVirtualChannelQuery
WTSDisconnectSession
Number of PE resources by type
RT_DIALOG 4
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 15:22:17-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
177664

LinkerVersion
8.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x2c21c

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a025d1e92bb21a1f494059fb12280802
SHA1 6a809b8b40c04aadc7fd50f11925744de4652353
SHA256 7c7d876613a1133a52bdc3f11ee58ff009caa8d79e5a8bfc96f106fd7a8472d1
ssdeep
6144:3yyasGhsOwp7tkMALLsl0ZUSjAa/7BdF1TSVkimU:3yyasGhsOgBckOZPjAa/vDTLFU

authentihash 4650d0b799be0f2dbe39fbd0f986780349c554cedd27f0f54b6037735477fb0f
imphash 6dccb2f2fe19de94b8b760abe044d35c
File size 192.5 KB ( 197120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-04-04 09:33:59 UTC ( 6 years, 10 months ago )
Last submission 2019-01-30 08:45:55 UTC ( 3 weeks ago )
File names 6a809b8b40c04aadc7fd50f11925744de4652353_rapport.pdf.ex
rapport.pdf.exe
rapport.pdf.ex
A025D1E92BB21A1F494059FB12280802
file-3764584_exe
a025d1e92bb21a1f494059fb12280802
ASsaihZBf2.ps1
7c7d876613a1133a52bdc3f11ee58ff009caa8d79e5a8bfc96f106fd7a8472d1
output.1383967.txt
1383967
7c7d876613a1133a52bdc3f11ee58ff009caa8d79e5a8bfc96f106fd7a8472d1.bin
a025d1e92bb21a1f494059fb12280802.exe
IFweYPldo.jpg
rapport.pdf.exe-371qlk
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!