× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 86009abf648d41a6527f433db4cef40a8e7d29a91ddb9011182761d16f3ed196
File name: Copy_of_document_August-06-2014.exe
Detection ratio: 35 / 54
Analysis date: 2014-08-08 17:00:07 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
AVG Downloader.Generic13.CNGZ 20140808
AVware Trojan.Win32.Kuluoz.dad (v) 20140808
Ad-Aware Trojan.GenericKD.1794647 20140808
AhnLab-V3 Trojan/Win32.Kuluoz 20140808
Antiy-AVL Worm[Net]/Win32.Aspxor 20140808
Avast Win32:Malware-gen 20140807
Baidu-International Worm.Win32.Aspxor.AXk 20140808
BitDefender Trojan.GenericKD.1794647 20140808
Commtouch W32/Trojan.LFGU-1531 20140808
Comodo UnclassifiedMalware 20140808
DrWeb BackDoor.Kuluoz.4 20140808
ESET-NOD32 Win32/TrojanDownloader.Zortob.H 20140808
Emsisoft Trojan.GenericKD.1794647 (B) 20140808
F-Prot W32/Trojan3.JVO 20140808
F-Secure Trojan.GenericKD.1794647 20140808
Fortinet W32/Aspxor.BQFG!tr 20140808
GData Trojan.GenericKD.1794647 20140808
Ikarus Trojan-Spy.Zbot 20140808
K7AntiVirus Riskware ( 0040eff71 ) 20140808
K7GW Riskware ( 0040eff71 ) 20140808
Kaspersky Net-Worm.Win32.Aspxor.bqfg 20140808
McAfee Packed-BQ!49985D6AE280 20140808
McAfee-GW-Edition Packed-BQ!49985D6AE280 20140808
eScan Trojan.GenericKD.1794647 20140808
Microsoft TrojanDownloader:Win32/Kuluoz.D 20140808
NANO-Antivirus Trojan.Win32.Kuluoz.ddoxzg 20140808
Norman Kuluoz.EP 20140808
Panda Trj/Chgt.C 20140808
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140808
Sophos Troj/Wonton-FX 20140808
Symantec Trojan.Asprox.B 20140808
TrendMicro BKDR_KULUOZ.WSCN 20140808
TrendMicro-HouseCall BKDR_KULUOZ.WSCN 20140808
VIPRE Trojan.Win32.Kuluoz.dad (v) 20140808
nProtect Trojan.GenericKD.1794647 20140808
AegisLab 20140808
Yandex 20140808
AntiVir 20140808
Bkav 20140808
ByteHero 20140808
CAT-QuickHeal 20140808
CMC 20140807
ClamAV 20140808
Jiangmin 20140808
Kingsoft 20140808
Malwarebytes 20140808
Qihoo-360 20140808
SUPERAntiSpyware 20140804
Tencent 20140808
TheHacker 20140805
TotalDefense 20140808
VBA32 20140808
ViRobot 20140808
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-07 06:48:33
Entry Point 0x00005135
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LoadLibraryA
LCMapStringW
SetHandleCount
GetSystemInfo
lstrlenA
LoadLibraryW
GlobalFree
GetVersionExW
FreeLibrary
QueryPerformanceCounter
FatalAppExitA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
SizeofResource
CompareFileTime
GetLocaleInfoA
GetCurrentProcessId
GetCurrentDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetStartupInfoW
LeaveCriticalSection
CreateMutexA
SetFilePointer
GetCPInfo
GetFileAttributesA
TlsFree
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
GetStartupInfoA
CreateFileMappingA
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
GetOEMCP
LocalFree
TerminateProcess
GetEnvironmentStrings
GetModuleFileNameA
LCMapStringA
WideCharToMultiByte
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
LocalAlloc
SetLastError
InterlockedIncrement
SHFileOperationW
MapWindowPoints
GetMessageA
RegisterClassA
DefWindowProcW
DestroyMenu
DefWindowProcA
GetSystemMetrics
PeekMessageW
DispatchMessageA
EndPaint
ScrollWindowEx
SetMenuItemInfoW
SetActiveWindow
SendMessageW
SetClipboardData
LoadStringW
SetTimer
IsIconic
ScreenToClient
wsprintfA
GetDCEx
GetMenuStringA
GetWindowTextW
GetDesktopWindow
IsWindowUnicode
Ord(134)
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:08:07 07:48:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
7.1

EntryPoint
0x5135

InitializedDataSize
69632

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 49985d6ae2805c2301bd941c783991e4
SHA1 c42ed3d147e3bcb3780821e5a84c68fe53891633
SHA256 86009abf648d41a6527f433db4cef40a8e7d29a91ddb9011182761d16f3ed196
ssdeep
1536:1JbIYeyFZJkTDYU35H/K2HJ87Z2CS6YBYhnPWeCCf/uaF2toOePoyjbb:fb9ZIYm5HC2p87OFUPW6/V2SOePfb

authentihash f889c2e3590a0c0829ffe74a6e590d4187db7c05ce496cb13ac5361c3d52485d
imphash c6958cc2fe7e07fc5e3f887bb9c322cd
File size 104.0 KB ( 106496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-06 20:33:38 UTC ( 2 years, 6 months ago )
Last submission 2014-10-30 15:20:28 UTC ( 2 years, 3 months ago )
File names 49985d6ae2805c2301bd941c783991e4.exe
86009abf648d41a6527f433db4cef40a8e7d29a91ddb9011182761d16f3ed196.exe
49985d6ae2805c2301bd941c783991e4
Copy_of_document_August-06-2014.exe
c-ed418-6867-1407369656
49985d6ae2805c2301bd941c783991e4
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs