× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a5c3e1dbd24c87418fe5f0ec85da1ec0b001c9de8c7cba92473512fc4b07bea
File name: Mailing_Label.exe
Detection ratio: 11 / 44
Analysis date: 2013-08-15 20:23:56 UTC ( 4 years, 4 months ago ) View latest
Antivirus Result Update
DrWeb BackDoor.Kuluoz.4 20130815
Emsisoft Trojan-Downloader.Win32.Kuluoz (A) 20130815
ESET-NOD32 a variant of Win32/Kryptik.BFSM 20130815
Fortinet W32/DOFOIL.LF!tr 20130815
Kaspersky Trojan-Downloader.Win32.Dofoil.qud 20130815
McAfee RDN/Generic.tfr!do 20130815
McAfee-GW-Edition Artemis!FC633EB67273 20130815
Panda Suspicious file 20130815
Sophos AV Mal/Weelsof-E 20130815
TrendMicro TROJ_DOFOIL.SMJ 20130815
VIPRE Trojan.Win32.Kuluoz.b (v) 20130815
Yandex 20130814
AhnLab-V3 20130815
AntiVir 20130815
Antiy-AVL 20130815
Avast 20130815
AVG 20130815
BitDefender 20130815
ByteHero 20130814
CAT-QuickHeal 20130814
ClamAV 20130815
Commtouch 20130815
Comodo 20130815
F-Prot 20130815
F-Secure 20130815
GData 20130815
Ikarus 20130815
Jiangmin 20130815
K7AntiVirus 20130814
K7GW 20130814
Kingsoft 20130723
Malwarebytes 20130815
Microsoft 20130815
eScan 20130815
NANO-Antivirus 20130815
Norman 20130815
nProtect 20130815
PCTools 20130815
Rising 20130815
SUPERAntiSpyware 20130815
Symantec 20130815
TheHacker 20130814
TotalDefense 20130815
TrendMicro-HouseCall 20130815
VBA32 20130815
ViRobot 20130815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name mein.exe
Description For test purpose on1y!
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-15 19:53:42
Entry Point 0x00002706
Number of sections 4
PE sections
PE imports
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TryEnterCriticalSection
GetVersionExW
FreeLibrary
IsDebuggerPresent
HeapAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetPriorityClass
MultiByteToWideChar
InterlockedCompareExchange
CreateMutexA
SetFilePointer
CreateSemaphoreA
WideCharToMultiByte
GetModuleHandleA
lstrcmpA
InterlockedExchange
WriteFile
WaitForSingleObject
GetModuleHandleW
FreeLibraryAndExitThread
InitializeCriticalSection
CreateEventA
FindClose
CreateFileA
ExitProcess
LeaveCriticalSection
_adjust_fdiv
_acmdln
_except_handler3
__p__fmode
__p__commode
__setusermatherr
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
Ord(168)
Number of PE resources by type
RT_ACCELERATOR 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
36864

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

LinkerVersion
7.1

FileTypeExtension
exe

OriginalFileName
mein.exe

MIMEType
application/octet-stream

TimeStamp
2013:08:15 20:53:42+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
For test purpose on1y!

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Like

CodeSize
8192

FileSubtype
0

ProductVersionNumber
1.9.0.0

EntryPoint
0x2706

ObjectFileType
Executable application

File identification
MD5 fc633eb672734020a1fc44d0ae78d264
SHA1 988835c975c09f0ea441687ec3588c37acf193a1
SHA256 9a5c3e1dbd24c87418fe5f0ec85da1ec0b001c9de8c7cba92473512fc4b07bea
ssdeep
768:zpRKPglM8CKT0sNUhWXmdpH3llJ2NOW/3tNeGActI2+8aHG:zzTlM8dNOBPH3lj2UI3tNeuIC

authentihash 24dab733e3aeb60dcd250decf2f51c6165227a411a2b4690ae71c62725f3171e
imphash c88477213d7664dfde43570619af3410
File size 44.0 KB ( 45056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-08-15 13:20:30 UTC ( 4 years, 4 months ago )
Last submission 2014-03-20 02:10:53 UTC ( 3 years, 9 months ago )
File names Mailing_Label_US.exe
vt-upload-luglF
Mailing_Label_DE_Schweinfurt.exe
bjrroouo.exe
vt-upload-DNKJB
fc633eb672734020a1fc44d0ae78d264
Mailing_Label_GB_exe
Mailing_Label_GB_exe.exe
fc633eb672734020a1fc44d0ae78d264.malware
988835C975C09F0EA441687EC3588C37ACF193A1.exe
mein.exe
vt-upload-bgcFp
Mailing_Label_GB.exe
Mailing_Label.exe
Mailing_Label_US_Columbia_ZIP29212.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!