× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8cd4a12cf21a4e1f9bf2da069be51b52c777328ae6ed87ce29b495412773cd72
File name: doc255_pdf.exe
Detection ratio: 60 / 68
Analysis date: 2017-12-04 04:55:43 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.26767 20171204
AegisLab Troj.Downloader.W32.Agent!c 20171204
AhnLab-V3 Trojan/Win32.Upatre.R132243 20171203
ALYac Trojan.GenericKDZ.26767 20171203
Antiy-AVL Trojan/Win32.SGeneric 20171204
Arcabit Trojan.Generic.D688F 20171204
Avast Win32:Trojan-gen 20171204
AVG Win32:Trojan-gen 20171204
Avira (no cloud) ADWARE/Adware.Gen 20171203
AVware Trojan-Downloader.Win32.Upatre.aoa (v) 20171204
Baidu Win32.Trojan-Downloader.Waski.b 20171201
BitDefender Trojan.GenericKDZ.26767 20171204
CAT-QuickHeal TrojanDownloader.Upatre.AA3 20171202
ClamAV Win.Trojan.Upatre-6143 20171204
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171204
Cyren W32/Trojan.BBYE-4938 20171204
DrWeb Trojan.DownLoader11.56517 20171204
eGambit Unsafe.AI_Score_94% 20171204
Emsisoft Trojan.GenericKDZ.26767 (B) 20171204
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/TrojanDownloader.Waski.F 20171203
F-Prot W32/Trojan5.LLB 20171204
F-Secure Trojan.GenericKDZ.26767 20171204
Fortinet W32/Waski.F!tr.dldr 20171204
GData Trojan.GenericKDZ.26767 20171204
Ikarus Trojan-Downloader.Win32.Waski 20171203
Sophos ML heuristic 20170914
Jiangmin TrojanDownloader.Agent.enyh 20171204
K7AntiVirus Riskware ( 0040eff71 ) 20171203
K7GW Riskware ( 0040eff71 ) 20171204
Kaspersky Trojan-Downloader.Win32.Agent.hfhm 20171204
Malwarebytes Trojan.Email.FakeDoc 20171204
MAX malware (ai score=100) 20171204
McAfee Upatre-FAAJ!B4157A9F819A 20171204
McAfee-GW-Edition Upatre-FAAJ!B4157A9F819A 20171203
Microsoft TrojanDownloader:Win32/Upatre 20171204
eScan Trojan.GenericKDZ.26767 20171204
NANO-Antivirus Trojan.Win32.Dwn.dmjoqh 20171204
Palo Alto Networks (Known Signatures) generic.ml 20171204
Panda Trj/Genetic.gen 20171203
Qihoo-360 Malware.Radar01.Gen 20171204
Rising Downloader.Waski!8.184 (CLOUD) 20171204
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Upatre-R 20171204
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20171203
Symantec Trojan Horse 20171204
Tencent Win32.Trojan.Agent.Ts 20171204
TheHacker Trojan/Downloader.Waski.f 20171130
TotalDefense Win32/Upatre.FSEBTB 20171203
TrendMicro TROJ_UPATRE.SMAT 20171204
TrendMicro-HouseCall TROJ_UPATRE.SMAT 20171204
VBA32 TrojanDownloader.Agent 20171201
VIPRE Trojan-Downloader.Win32.Upatre.aoa (v) 20171204
ViRobot Trojan.Win32.Agent.75098 20171204
Webroot W32.Trojan.Gen 20171204
Yandex Trojan.DL.Agent!kzvKi+cZYEk 20171201
Zillya Downloader.Upatre.Win32.12156 20171201
ZoneAlarm by Check Point Trojan-Downloader.Win32.Agent.hfhm 20171204
Alibaba 20171204
Avast-Mobile 20171203
Bkav 20171201
CMC 20171204
Comodo 20171204
Kingsoft 20171204
nProtect 20171201
Symantec Mobile Insight 20171204
Trustlook 20171204
WhiteArmor 20171104
Zoner 20171204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-02 18:52:46
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 b35ece9967d47b73d8fab533ad38dc91
File type data
Offset 37376
Size 36984
Entropy 0.00
PE imports
CM_Add_Range
CM_Add_ID_ExA
CMP_UnregisterNotification
CM_Add_Empty_Log_Conf
CM_Create_DevNode_ExW
CM_Delete_DevNode_Key_Ex
CM_Add_ID_ExW
CMP_Report_LogOn
CMP_WaitServicesAvailable
CM_Create_DevNode_ExA
CM_Create_Range_List
CM_Delete_Class_Key_Ex
CM_Add_IDA
CM_Add_Res_Des_Ex
CM_Add_IDW
CM_Delete_DevNode_Key
CM_Add_Res_Des
CM_Delete_Range
CM_Create_DevNodeW
CMP_Init_Detection
CM_Connect_MachineA
CM_Create_DevNodeA
CM_Delete_Class_Key
CMP_WaitNoPendingInstallEvents
CMP_RegisterNotification
CM_Connect_MachineW
CM_Add_Empty_Log_Conf_Ex
DllGetClassObject
DllCanUnloadNow
DllRegisterServer
CMCreateProfile
ExitThread
TerminateThread
IsValidCodePage
GetEnvironmentStringsA
GetDriveTypeA
SearchPathA
GetDateFormatW
_lopen
GetPrivateProfileSectionA
GetSystemDirectoryA
GetACP
GetDiskFreeSpaceA
GetProcAddress
GetCurrentThread
LZRead
LZInit
Number of PE resources by type
RT_MENU 3
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:11:02 19:52:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
13.18

EntryPoint
0x1000

InitializedDataSize
86016

SubsystemVersion
5.1

ImageVersion
4.0

OSVersion
4.19

UninitializedDataSize
438272

Compressed bundles
File identification
MD5 b4157a9f819a9aeb401a4b7784f7916e
SHA1 fe384a3c1cfa772f7f07227e5556ae716a55a217
SHA256 8cd4a12cf21a4e1f9bf2da069be51b52c777328ae6ed87ce29b495412773cd72
ssdeep
384:POZXbVRfXCShxFEyHnYhQGGY7+bGc+QUzfvTlHVGfdE+u9CFMtavMiTDzDVEOEfm:PCVRfOpnHpHsLEOEzBDvBZ34D

authentihash 2975978f3493ecf5e071ac35314b6f9b7d5a40f8576eea0253c015e1d6a19c0d
imphash e764b52f5a476cf159f8ff24cfa2b857
File size 72.6 KB ( 74360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-01-16 17:42:06 UTC ( 3 years, 8 months ago )
Last submission 2015-04-24 03:28:02 UTC ( 3 years, 5 months ago )
File names doc255_pdf.exe.txt
8cd4a12cf21a4e1f9bf2da069be51b52c777328ae6ed87ce29b495412773cd72.bin
B4157A9F819A9AEB401A4B7784F7916E
doc255_pdf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections