× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 862ef9ca05749742df2787277742eefbe3f7024d68a5635a6f296f0c07e71439
File name: InvoiceRef.exe
Detection ratio: 5 / 59
Analysis date: 2017-02-22 22:38:19 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (moderate confidence) 20170222
Kaspersky UDS:DangerousObject.Multi.Generic 20170222
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170222
Webroot Malicious 20170222
Ad-Aware 20170222
AegisLab 20170222
AhnLab-V3 20170222
Alibaba 20170222
ALYac 20170222
Antiy-AVL 20170222
Arcabit 20170222
Avast 20170222
AVG 20170222
Avira (no cloud) 20170222
AVware 20170222
Baidu 20170222
BitDefender 20170222
Bkav 20170222
CAT-QuickHeal 20170222
ClamAV 20170222
CMC 20170222
Comodo 20170222
Cyren 20170222
DrWeb 20170222
Emsisoft 20170222
ESET-NOD32 20170222
F-Prot 20170222
F-Secure 20170222
Fortinet 20170222
GData 20170222
Ikarus 20170222
Sophos ML 20170203
Jiangmin 20170222
K7AntiVirus 20170222
K7GW 20170222
Kingsoft 20170222
Malwarebytes 20170222
McAfee 20170222
McAfee-GW-Edition 20170222
Microsoft 20170222
eScan 20170222
NANO-Antivirus 20170222
nProtect 20170222
Panda 20170222
Rising None
Sophos AV 20170222
SUPERAntiSpyware 20170222
Symantec 20170222
Tencent 20170222
TheHacker 20170221
TotalDefense 20170222
TrendMicro 20170222
TrendMicro-HouseCall 20170222
Trustlook 20170222
VBA32 20170222
VIPRE 20170222
ViRobot 20170222
WhiteArmor 20170222
Yandex 20170222
Zillya 20170222
Zoner 20170222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2015 Adobe Systems Incorporated. All rights reserved.

Product Adobe Service Manager
Internal name Adobe Service Manager
Description Adobe Download Manager
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-20 14:40:34
Entry Point 0x0000D348
Number of sections 4
PE sections
Overlays
MD5 7535fb6ae45b0bb88d37e617c036af99
File type data
Offset 287232
Size 512
Entropy 2.42
PE imports
SetSecurityDescriptorOwner
CloseServiceHandle
OpenServiceA
SetServiceStatus
SetNamedSecurityInfoA
ControlService
InitializeSecurityDescriptor
ConvertStringSidToSidA
StartServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
EnumServicesStatusExA
ImageList_Create
Ord(17)
ImageList_Add
GetOpenFileNameA
PrintDlgA
ChooseFontA
SetMapMode
GetWindowOrgEx
SetViewportExtEx
CreatePen
SaveDC
CreateFontIndirectA
CombineRgn
EnumFontsA
GetPixel
Rectangle
Polygon
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
GetTextExtentPointA
SetPixel
BitBlt
SetTextColor
CreatePatternBrush
GetObjectA
CreateFontA
CreateDCA
CreateBitmap
MoveToEx
GetStockObject
SetViewportOrgEx
CreateCompatibleDC
CreateRectRgn
SelectObject
Pie
Ellipse
SetWindowExtEx
CreateSolidBrush
DPtoLP
ExtCreatePen
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
FindResourceExA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
ReadConsoleInputA
GetUserDefaultLangID
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
_lclose
CreateThread
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetUserDefaultLCID
lstrcpyW
lstrcpyA
IsValidLocale
GetProcAddress
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
OpenFile
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetConsoleTitleA
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
WideCharToMultiByte
IsValidCodePage
SetConsoleMode
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
NetUserEnum
NetWkstaUserGetInfo
NetApiBufferFree
VariantTimeToSystemTime
RpcServerUseProtseqEpA
SHGetFolderPathW
StrChrW
SetFocus
GetMessageA
GetParent
ReleaseDC
DestroyWindow
OffsetRect
ReleaseCapture
ChangeDisplaySettingsA
PostQuitMessage
DefWindowProcA
FindWindowA
LoadBitmapA
SetWindowPos
RemoveMenu
SendDlgItemMessageA
MessageBoxW
GetWindowRect
DispatchMessageA
EndPaint
UpdateWindow
SetCapture
MoveWindow
MapWindowPoints
MessageBoxA
GetWindowDC
TranslateMessage
DialogBoxParamA
InvalidateRect
GetSysColor
GetDC
InsertMenuItemA
DrawTextA
LoadMenuA
CheckMenuItem
GetMenu
ShowWindow
SetClipboardData
PtInRect
SendMessageA
IsWindowEnabled
GetClientRect
GetDlgItem
CreateDialogParamA
ClientToScreen
SetRect
EnumDisplaySettingsA
GetSubMenu
BeginPaint
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
OpenClipboard
GetFocus
EmptyClipboard
CloseClipboard
DestroyMenu
RegisterClassExA
GetAncestor
IsDialogMessageA
SetCursor
DrawThemeBackground
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoWaitForMultipleHandles
Number of PE resources by type
RT_ICON 4
TEXT 3
RT_MANIFEST 1
RT_VERSION 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.145

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
158720

EntryPoint
0xd348

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Adobe Systems Incorporated. All rights reserved.

TimeStamp
2017:02:20 15:40:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Adobe Service Manager

ProductVersion
2.0.0.145

FileDescription
Adobe Download Manager

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
127488

ProductName
Adobe Service Manager

ProductVersionNumber
2.0.0.145

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 19a30bd853a697ffdf68f9c52f36c34e
SHA1 d1a521a783c96ba2b7318763bb4618e020a34cac
SHA256 862ef9ca05749742df2787277742eefbe3f7024d68a5635a6f296f0c07e71439
ssdeep
3072:P3ZFVu2Yow+ur6wHKAqrISvn+0BLAA8/+wMQG1shxm5h2W32+FTkPbTOZ+L+4Dgi:9u0umlDv+0JAAykKOX32tT3LJt6vA

authentihash a74c4ac96ed15eee80ca6222ae633b429087a1173a227da185bce3e438e56654
imphash dbf81d0aefcf8e75741153d15287f38c
File size 281.0 KB ( 287744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-22 22:38:19 UTC ( 2 years, 2 months ago )
Last submission 2017-02-24 00:27:30 UTC ( 2 years, 2 months ago )
File names InvoiceRef.exe
localfile~
Adobe Service Manager
aLzL8QNa.exe
862ef9ca05749742df2787277742eefbe3f7024d68a5635a6f296f0c07e71439.exe
InvoiceRef.exe
InvoiceRef.exe
InvoiceRef.exe
InvoiceRef.exe
InvoiceRef.exe
aLzL8QNa.exe
862ef9ca05749742df2787277742eefbe3f7024d68a5635a6f296f0c07e71439.bin
InvoiceRef.exe
5t2C2l7P.exe
InvoiceRef.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications