× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 877e228525fd6b1a4166bf0ab3fcf041ef28bdedff4905d7e3257000e66f2988
File name: Copy_of_document_Date_June-24-2014.exe
Detection ratio: 7 / 54
Analysis date: 2014-06-24 14:49:09 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Forucon 20140624
Bkav HW32.CDB.599c 20140624
McAfee Artemis!0829817D83D5 20140624
McAfee-GW-Edition Artemis!0829817D83D5 20140623
Qihoo-360 HEUR/Malware.QVM07.Gen 20140624
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140623
Sophos Mal/Zbot-RN 20140624
Ad-Aware 20140624
AegisLab 20140624
Yandex 20140623
AntiVir 20140624
Antiy-AVL 20140624
Avast 20140624
AVG 20140624
Baidu-International 20140624
BitDefender 20140624
ByteHero 20140624
CAT-QuickHeal 20140624
ClamAV 20140624
CMC 20140624
Commtouch 20140624
Comodo 20140624
DrWeb 20140624
Emsisoft 20140624
ESET-NOD32 20140624
F-Prot 20140624
F-Secure 20140624
Fortinet 20140624
GData 20140624
Ikarus 20140624
Jiangmin 20140624
K7AntiVirus 20140623
K7GW 20140623
Kaspersky 20140624
Kingsoft 20140624
Malwarebytes 20140624
Microsoft 20140624
eScan 20140624
NANO-Antivirus 20140624
Norman 20140624
nProtect 20140624
Panda 20140624
SUPERAntiSpyware 20140624
Symantec 20140624
Tencent 20140624
TheHacker 20140622
TotalDefense 20140624
TrendMicro 20140624
TrendMicro-HouseCall 20140624
VBA32 20140624
VIPRE 20140624
ViRobot 20140624
Zillya 20140624
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-24 08:04:13
Entry Point 0x00011554
Number of sections 6
PE sections
PE imports
AddAuditAccessAceEx
InitializeAcl
SetROP2
SetMapMode
RestoreDC
SetPolyFillMode
FloodFill
SaveDC
GetClipBox
OpenMutexA
CreateToolhelp32Snapshot
GetLastError
GetStartupInfoA
CreateThread
LoadLibraryA
GetModuleHandleA
FindFirstFileA
ExitProcess
QueryDosDeviceW
GetPrivateProfileStringW
CheckNameLegalDOS8Dot3A
Sleep
WaitForMultipleObjects
GetProcAddress
GetModuleFileNameA
SetLastError
__p__fmode
malloc
fread
fclose
fopen
_except_handler3
??2@YAPAXI@Z
fseek
ftell
exit
_XcptFilter
__setusermatherr
_controlfp
_adjust_fdiv
_acmdln
memset
__p__commode
free
__getmainargs
calloc
memcpy
_initterm
_exit
__set_app_type
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
IsZoomed
GetForegroundWindow
GetClassInfoExW
IntersectRect
SetMenuItemBitmaps
GetScrollPos
DestroyMenu
MapVirtualKeyW
SendDlgItemMessageA
BeginDeferWindowPos
SetScrollRange
PeekMessageW
SetMenu
GetScrollRange
GetWindowDC
SendDlgItemMessageW
GetMessageTime
RegisterClipboardFormatW
GetDC
EndDeferWindowPos
MapDialogRect
CheckMenuItem
GetClassLongW
GetLastActivePopup
ShowScrollBar
WinHelpW
GetClassInfoW
GetMenuCheckMarkDimensions
SetScrollPos
RegisterClassW
GetKeyNameTextW
GetClassNameW
TrackPopupMenu
ShowOwnedPopups
ValidateRect
IsDialogMessageW
ScrollWindow
IsChild
GetMenuStringW
OleLockRunning
CLSIDFromProgID
OleTranslateAccelerator
OleUninitialize
OleDestroyMenuDescriptor
DoDragDrop
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal
OleFlushClipboard
IsAccelerator
OleSetContainedObject
RegisterDragDrop
RevokeDragDrop
CoRegisterMessageFilter
OleGetClipboard
OleDuplicateData
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
StgCreateDocfileOnILockBytes
CoInitialize
OleInitialize
CoLockObjectExternal
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoRevokeClassObject
CoUninitialize
OleCreateMenuDescriptor
CoFreeUnusedLibraries
ReleaseStgMedium
CoCreateGuid
OleIsCurrentClipboard
CoTaskMemFree
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:06:24 09:04:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67584

LinkerVersion
10.0

EntryPoint
0x11554

InitializedDataSize
8704

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 0829817d83d583f5a55075dc0017ef52
SHA1 2d664a743df843a8b01b040932511c10bbb2f823
SHA256 877e228525fd6b1a4166bf0ab3fcf041ef28bdedff4905d7e3257000e66f2988
ssdeep
1536:cytxYXA0QxLVezcq2tBhFy0hHjZxTP1QRnopzesPhn70TOHKDdRwl58KM:lxYXy1VezgBhvjjpQRno5eQn70TOHKx5

authentihash e59f6466ee0db4fa88725495fd5568653e71207a07f5da54f1e03cb9eda8b971
imphash 2ce9f1ef38736707f33952f1e5c39c32
File size 75.0 KB ( 76800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-24 13:22:14 UTC ( 2 years, 11 months ago )
Last submission 2014-08-16 10:30:59 UTC ( 2 years, 9 months ago )
File names 0829817d83d583f5a55075dc0017ef52.exe
sqpjksqw.exe
caqsppdd.exe
COPY_OF_DOCUMENT_DATE_JUNE-24-2014.EXE
0829817d83d583f5a55075dc0017ef52
copy_of_document_date_june-24-2014.exe
Copy_of_document_Date_June-24-2014.exe
COPY_OF_DOCUMENT_DATE_JUNE-24-2014.DOC
877e228525fd6b1a4166bf0ab3fcf041ef28bdedff4905d7e3257000e66f2988.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!