× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5cfc306255bfcb28011d0010c33152d150894420e1f6ba6102e1ceec042cfa0
File name: Copy_of_document_July-23-2014.exe
Detection ratio: 22 / 52
Analysis date: 2014-07-24 11:28:27 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AVG Luhe.Fiha.A 20140724
AhnLab-V3 Trojan/Win32.Dofoil 20140723
AntiVir TR/Crypt.XPACK.Gen7 20140724
Avast Win32:Malware-gen 20140724
Baidu-International Trojan.Win32.Dofoil.aJ 20140724
Commtouch W32/Trojan.JCLH-7212 20140724
DrWeb BackDoor.Kuluoz.4 20140724
ESET-NOD32 a variant of Generik.LLKJFDY 20140724
F-Prot W32/Trojan3.JNV 20140724
Fortinet W32/Wonton.CJ!tr 20140724
Ikarus Net-Worm.Win32.Aspxor 20140724
Kaspersky Trojan-Downloader.Win32.Dofoil.bmgo 20140724
McAfee RDN/Generic.tfr!eb 20140724
McAfee-GW-Edition Artemis!046F9DBEDCF0 20140723
Microsoft TrojanDownloader:Win32/Kuluoz.D 20140724
Qihoo-360 HEUR/Malware.QVM07.Gen 20140724
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140724
Sophos Troj/Wonton-CJ 20140724
Symantec Trojan.Asprox.B 20140724
TrendMicro TROJ_ZORTOB.WPB 20140724
TrendMicro-HouseCall TROJ_MIPC.008575GO14 20140724
VBA32 BScope.P2P-Worm.Palevo 20140724
Ad-Aware 20140724
AegisLab 20140724
Yandex 20140723
Antiy-AVL 20140724
BitDefender 20140724
Bkav 20140724
ByteHero 20131127
CAT-QuickHeal 20140724
CMC 20140724
ClamAV 20140724
Comodo 20140724
Emsisoft 20140724
F-Secure 20140724
GData 20140724
Jiangmin 20140724
K7AntiVirus 20140723
K7GW 20140723
Kingsoft 20140724
Malwarebytes 20140724
eScan 20140724
NANO-Antivirus 20140724
Norman 20140724
Panda 20140724
SUPERAntiSpyware 20140724
Tencent 20140724
TheHacker 20140722
TotalDefense 20140724
VIPRE 20140724
ViRobot 20140724
Zoner 20140723
nProtect 20140724
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-24 04:47:08
Entry Point 0x00004BB5
Number of sections 4
PE sections
PE imports
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
FreeLibraryAndExitThread
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
SetLastError
InitializeCriticalSection
TryEnterCriticalSection
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetModuleHandleA
SetEnvironmentVariableA
TerminateProcess
InterlockedDecrement
GlobalAlloc
CreateEventW
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
FreeLibrary
QueryPerformanceCounter
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
CompareStringW
GetCurrentThreadId
CompareStringA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
lstrlenW
SizeofResource
CompareFileTime
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
ReadFile
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHFileOperationW
GetSystemMetrics
Ord(206)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:07:24 05:47:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.1

EntryPoint
0x4bb5

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 046f9dbedcf03749d0e7ae5cc120897d
SHA1 c0c8c675ec4472480d905224a1b0309f5be7403c
SHA256 a5cfc306255bfcb28011d0010c33152d150894420e1f6ba6102e1ceec042cfa0
ssdeep
3072:OQeAWQkT7ltDrFKHMNHATPLjvzpbpIXZHP9:CAWXZtDZ0MNg7L7tQ

authentihash cf58862477cfe4fdb1b9586788ab29aa0e37d602ed5c3270ad84a503c8789de8
imphash 76babb83760f9031446b611a30cdd637
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-23 21:05:02 UTC ( 2 years, 7 months ago )
Last submission 2014-07-24 10:39:38 UTC ( 2 years, 7 months ago )
File names copy_of_document_july-23-2014.exe
046f9dbedcf03749d0e7ae5cc120897d
Copy_of_document_July-23-2014.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs