× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2e2809ee961c66a6da1815fb028f1fd061a024c6e7681201c054cbe7c1757a7
File name: 10.tmp
Detection ratio: 25 / 56
Analysis date: 2015-04-16 00:19:30 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2296575 20150415
Avast Win32:Malware-gen 20150416
AVG Atros.RHO 20150416
BitDefender Trojan.GenericKD.2296575 20150416
ByteHero Virus.Win32.Heur.p 20150416
CMC Heur.Win32.VBKrypt.3!O 20150413
Emsisoft Trojan.GenericKD.2296575 (B) 20150416
ESET-NOD32 Win32/Emotet.AD 20150416
F-Secure Trojan.GenericKD.2296575 20150415
Fortinet W32/Blocker.AD!tr 20150416
GData Trojan.GenericKD.2296575 20150416
Ikarus Trojan.Win32.Emotet 20150415
K7AntiVirus Trojan ( 004b5df11 ) 20150415
K7GW Trojan ( 004b5df11 ) 20150415
Kaspersky Trojan-Ransom.Win32.Blocker.gybh 20150416
Malwarebytes Trojan.Ransom.RV 20150415
McAfee Artemis!0AF32CB973AC 20150416
Microsoft Trojan:Win32/Emotet.G 20150416
eScan Trojan.GenericKD.2296575 20150416
nProtect Trojan.GenericKD.2296575 20150415
Panda Trj/Chgt.O 20150415
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150416
Sophos AV Mal/Generic-S 20150416
Symantec Trojan.Zbot 20150416
Tencent Trojan.Win32.Qudamah.Gen.17 20150416
AegisLab 20150416
Yandex 20150414
AhnLab-V3 20150415
Alibaba 20150416
ALYac 20150415
Antiy-AVL 20150415
AVware 20150416
Baidu-International 20150415
Bkav 20150415
CAT-QuickHeal 20150415
ClamAV 20150415
Comodo 20150415
Cyren 20150416
DrWeb 20150416
F-Prot 20150416
Jiangmin 20150414
Kingsoft 20150416
McAfee-GW-Edition 20150416
NANO-Antivirus 20150416
Norman 20150415
Rising 20150415
SUPERAntiSpyware 20150415
TheHacker 20150415
TotalDefense 20150415
TrendMicro 20150415
TrendMicro-HouseCall 20150415
VBA32 20150415
VIPRE 20150416
ViRobot 20150415
Zillya 20150416
Zoner 20150413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
REW is room acoustics analysis software for measuring

Publisher REW is room acoustics analysis software for measuring
Product REW is room acoustics analysis software for measuring
Original name TextConv.exe
Internal name TextConv
File version 1.00.0076
Description REW is room acoustics analysis software for measuring
Comments REW is room acoustics analysis software for measuring
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-14 08:06:44
Entry Point 0x0000113C
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(537)
Ord(516)
Ord(616)
EVENT_SINK_Invoke
Ord(320)
Ord(685)
Ord(525)
EVENT_SINK_AddRef
Ord(300)
EVENT_SINK_GetIDsOfNames
Ord(717)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Zombie_GetTypeInfoCount
Zombie_GetTypeInfo
Ord(599)
Ord(608)
Ord(570)
Ord(534)
Ord(100)
Ord(319)
Ord(321)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(306)
Ord(631)
Ord(563)
Number of PE resources by type
RT_ICON 4
RT_STRING 1
RT_VERSION 1
CEROL 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
THAI DEFAULT 2
PE resources
ExifTool file metadata
CodeSize
86016

FileDescription
REW is room acoustics analysis software for measuring

Comments
REW is room acoustics analysis software for measuring

InitializedDataSize
53248

ImageVersion
1.0

ProductName
REW is room acoustics analysis software for measuring

FileVersionNumber
1.0.0.76

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
TextConv.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.00.0076

TimeStamp
2015:04:14 09:06:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TextConv

SubsystemVersion
4.0

ProductVersion
1.00.0076

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

LegalCopyright
REW is room acoustics analysis software for measuring

MachineType
Intel 386 or later, and compatibles

CompanyName
REW is room acoustics analysis software for measuring

LegalTrademarks
REW is room acoustics analysis software for measuring

FileSubtype
0

ProductVersionNumber
1.0.0.76

EntryPoint
0x113c

ObjectFileType
Executable application

File identification
MD5 0af32cb973ac0a763b0bfe6a710e8121
SHA1 8eb7676d95b151c0f5be54a165d1907372666f7e
SHA256 a2e2809ee961c66a6da1815fb028f1fd061a024c6e7681201c054cbe7c1757a7
ssdeep
3072:hOQhZOOQhZOOQhZVJkFpZN0OQhZOOQhZOOQhZe7+mKQDtouWI:pJC+mroRI

authentihash e8cd80f0539db2a3ed605f39cc8bcb62b73e5fe1c01c1ad90bb2bde6ca744c8e
imphash 1f614779d3e100250648b5b97afb050f
File size 178.2 KB ( 182525 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-14 13:40:17 UTC ( 4 years, 1 month ago )
Last submission 2015-04-14 13:40:17 UTC ( 4 years, 1 month ago )
File names TextConv.exe
TextConv
10.tmp
A2E2809EE961C66A6DA1815FB028F1FD061A024C6E7681201C054CBE7C1757A7.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!