× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7e4f213497690234e042903ff82932e785744fb1d17019a9dc502a53c072b107
File name: 2017-01-04 Anliegerinformation_GmbH.vcf.exe
Detection ratio: 9 / 56
Analysis date: 2017-01-04 10:59:54 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Downloader.W32.Agent.l3NC 20170104
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20170104
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Sophos ML worm.win32.vobfus.jn 20161216
Kaspersky HEUR:Trojan.Win32.Generic 20170104
McAfee-GW-Edition BehavesLike.Win32.Ransom.ph 20170104
Rising Malware.Generic!RPMHuNYptGP@2 (thunder) 20170104
Symantec Heur.AdvML.B 20170104
Tencent Win32.Trojan.Inject.Auto 20170104
Ad-Aware 20170104
AhnLab-V3 20170104
Alibaba 20170104
ALYac 20170104
Antiy-AVL 20170104
Arcabit 20170104
Avast 20170104
AVG 20170104
Avira (no cloud) 20170104
AVware 20170104
BitDefender 20170104
Bkav 20170103
CAT-QuickHeal 20170104
ClamAV 20170104
CMC 20170104
Comodo 20170104
Cyren 20170104
DrWeb 20170104
Emsisoft 20170104
ESET-NOD32 20170104
F-Prot 20170104
F-Secure 20170104
Fortinet 20170104
GData 20170104
Ikarus 20170104
Jiangmin 20170104
K7AntiVirus 20170104
K7GW 20170104
Kingsoft 20170104
Malwarebytes 20170104
McAfee 20170104
Microsoft 20170104
eScan 20170104
NANO-Antivirus 20170104
nProtect 20170104
Panda 20170103
Qihoo-360 20170104
Sophos AV 20170104
SUPERAntiSpyware 20170104
TheHacker 20170102
TrendMicro 20170104
TrendMicro-HouseCall 20170104
Trustlook 20170104
VBA32 20170103
VIPRE 20170104
ViRobot 20170104
WhiteArmor 20161221
Yandex 20170103
Zillya 20170102
Zoner 20170104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-05 14:03:51
Entry Point 0x000031F1
Number of sections 3
PE sections
PE imports
Ctl3dGetVer
Ctl3dEnabled
ReleaseMutex
CreateNamedPipeW
GetProfileStringW
WaitForSingleObject
GetConsoleAliasW
LoadLibraryA
GetStartupInfoA
LoadLibraryExA
GetPrivateProfileIntA
DeleteFileA
GetAtomNameW
GetConsoleTitleA
lstrcatW
InterlockedCompareExchange
CreateMutexA
FindResourceExA
IsBadStringPtrA
GetGeoInfoA
FindFirstFileA
GlobalAddAtomA
GetProcessVersion
ReadFile
GetProcAddress
ReadConsoleA
SetEvent
GetCurrencyFormatA
OpenEventW
GetFullPathNameW
CreateFileA
OpenSemaphoreW
InvokeControlPanel
drvCommConfigDialogA
InsertMenuA
CharPrevA
GetCaretPos
LoadBitmapW
GetWindowTextA
PeekMessageA
DialogBoxParamA
LoadIconW
PostMessageW
CharNextW
DrawStateW
GetClassLongA
CharToOemA
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:05 15:03:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32256

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
16896

SubsystemVersion
4.0

EntryPoint
0x31f1

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 68e39805205e451813a6cf2609313fe1
SHA1 476eeb1cf5b3d41addd93d631adee1c937f105e8
SHA256 7e4f213497690234e042903ff82932e785744fb1d17019a9dc502a53c072b107
ssdeep
768:xR4fF5zwCpcd/N0CBDzjWneG5vMHFemKiB:4Tk+ne4vMluiB

authentihash 0f24bd8195fd278e13e99b185d508eb568426d501054637795ea9acb40c726cd
imphash 6e2e2576309348e286e7c3d31df05b3d
File size 49.0 KB ( 50176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-04 08:44:37 UTC ( 2 years, 3 months ago )
Last submission 2017-05-05 11:44:54 UTC ( 1 year, 11 months ago )
File names TTT2017-02.vir.HSvir
verschickt Artikelnummer via DHL.pdf.exe
verschickt Artikelnummer via DHL.pdf.exe.VIRUS
localfile~
verschickt Artikelnummer via DHL.pdf.exe
Bestellpositionen (alle Preise in EUR).doc.exe
2017-01-04 Anliegerinformation_GmbH.vcf.exe
68e39805205e451813a6cf2609313fe1
verschickt_Artikelnummer_via_DHL.pdf.exe
7e4f213497690234e042903ff82932e785744fb1d17019a9dc502a53c072b107
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications