× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab036a9c324ad09ab36d3d805e5bcdc8be8103ceb7db3dd5f95dafa1054b96c0
File name: Document_HM901417.exe
Detection ratio: 3 / 55
Analysis date: 2015-07-01 11:07:19 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150701
SUPERAntiSpyware Trojan.Agent/Gen-Upatre 20150701
Tencent Win32.Trojan.Fakedoc.Auto 20150701
Ad-Aware 20150701
AegisLab 20150701
Yandex 20150630
AhnLab-V3 20150630
Alibaba 20150630
ALYac 20150701
Antiy-AVL 20150701
Arcabit 20150630
Avast 20150701
AVG 20150701
Avira (no cloud) 20150701
AVware 20150701
Baidu-International 20150701
BitDefender 20150701
Bkav 20150630
ByteHero 20150701
CAT-QuickHeal 20150701
ClamAV 20150701
Comodo 20150701
Cyren 20150701
DrWeb 20150701
Emsisoft 20150701
ESET-NOD32 20150701
F-Prot 20150701
F-Secure 20150701
Fortinet 20150701
GData 20150701
Ikarus 20150701
Jiangmin 20150630
K7AntiVirus 20150701
K7GW 20150701
Kingsoft 20150701
Malwarebytes 20150701
McAfee 20150701
McAfee-GW-Edition 20150630
Microsoft 20150701
eScan 20150701
NANO-Antivirus 20150701
nProtect 20150701
Panda 20150701
Qihoo-360 20150701
Rising 20150630
Sophos AV 20150701
Symantec 20150701
TheHacker 20150701
TrendMicro 20150701
TrendMicro-HouseCall 20150701
VBA32 20150701
VIPRE 20150701
ViRobot 20150701
Zillya 20150701
Zoner 20150701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-13 04:54:02
Entry Point 0x0000142C
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
_acmdln_dll
_fmode_dll
exit
_XcptFilter
__GetMainArgs
_initterm
_local_unwind2
_exit
_commode_dll
_global_unwind2
GetBkColor
GetStockObject
TextOutA
SetBkColor
CreateSolidBrush
SetTextAlign
DeleteObject
GetLastError
GetStartupInfoA
GetModuleHandleA
ReadFile
GetCurrentDirectoryA
LoadLibraryA
SetFocus
GetMessageA
BeginPaint
LoadCursorA
LoadIconA
LoadStringA
DispatchMessageA
EndPaint
EndDialog
PostQuitMessage
SendMessageA
DialogBoxParamA
CreateWindowExA
TranslateMessage
DefWindowProcA
ShowWindow
DestroyWindow
UpdateWindow
RegisterClassExA
Number of PE resources by type
RT_STRING 4
RT_GROUP_CURSOR 3
RT_CURSOR 3
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ROMANIAN 10
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
27648

ImageVersion
7.4

ProductName
WadeScan

FileVersionNumber
2.3.0.96

LanguageCode
Unknown (05A9)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (0610)

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
2.3.0.61

TimeStamp
2013:11:13 05:54:02+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
4.3

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Wade-soft

CodeSize
8192

FileSubtype
0

ProductVersionNumber
2.3.0.61

EntryPoint
0x142c

ObjectFileType
Executable application

File identification
MD5 99a65db1393a13ced779568526e947ef
SHA1 dbf17f6087a3fdd013cee33e6183136c79cf0d14
SHA256 ab036a9c324ad09ab36d3d805e5bcdc8be8103ceb7db3dd5f95dafa1054b96c0
ssdeep
384:+3AZEG4GwiWhRtr64ViTG0D1h4NIoGBjCbhL+bXQoNRnH/JJGtpBQvUZBWgfUsDU:+3lG4GwVcS5GBzbXQ+nfyt/QsZBWgvD

authentihash 3bcc72a173f725f782e33f11579fd7fd47d35140566382ec4b67eb4c681730da
imphash ad5f10e235dd5eafffc3ab06ac684966
File size 35.5 KB ( 36352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-01 10:07:24 UTC ( 3 years, 10 months ago )
Last submission 2018-01-29 17:32:36 UTC ( 1 year, 3 months ago )
File names Document_HM901417.exe
Document_HM901417.bin
aIetqio1H.tiff
99a65db1393a13ced779568526e947ef
Document_HM901417_exe
99a65db1393a13ced779568526e947ef.exe
ab036a9c324ad09ab36d3d805e5bcdc8be8103ceb7db3dd5f95dafa1054b96c0.log
Documents_RS902117.exe
Application-304991.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs