× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b464005685ca43d878739bad86f5bfdf39eab2db95f3c7f8b77ea776cbb21e5c
File name: Copy_of_document_July-16-2014.exe
Detection ratio: 17 / 54
Analysis date: 2014-07-17 09:25:03 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AVG Crypt3.AFBF 20140717
AntiVir TR/Spy.ZBot.llr.1 20140717
Avast Win32:Malware-gen 20140717
Commtouch W32/Trojan.JAGM-6480 20140717
DrWeb BackDoor.Kuluoz.4 20140717
ESET-NOD32 a variant of Win32/Kryptik.CGWJ 20140717
F-Prot W32/Trojan3.JJL 20140717
Fortinet W32/Kryptik.CGWJ!tr 20140717
Ikarus Trojan-Spy.Zbot 20140717
McAfee RDN/Generic.tfr!eb 20140717
McAfee-GW-Edition Artemis!CC19A778B730 20140716
Qihoo-360 HEUR/Malware.QVM07.Gen 20140717
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140716
Sophos Troj/Wonton-CJ 20140717
Symantec Trojan.Asprox.B 20140717
TrendMicro TROJ_MIPC.008575GG14 20140717
TrendMicro-HouseCall TROJ_MIPC.008575GG14 20140717
Ad-Aware 20140717
AegisLab 20140717
Yandex 20140716
AhnLab-V3 20140716
Antiy-AVL 20140717
Baidu-International 20140717
BitDefender 20140717
Bkav 20140716
ByteHero 20140717
CAT-QuickHeal 20140717
CMC 20140717
ClamAV 20140717
Comodo 20140717
Emsisoft 20140717
F-Secure 20140717
GData 20140717
Jiangmin 20140717
K7AntiVirus 20140716
K7GW 20140717
Kaspersky 20140717
Kingsoft 20140717
Malwarebytes 20140717
eScan 20140717
Microsoft 20140717
NANO-Antivirus 20140717
Norman 20140717
Panda 20140717
SUPERAntiSpyware 20140717
Tencent 20140717
TheHacker 20140714
TotalDefense 20140716
VBA32 20140715
VIPRE 20140717
ViRobot 20140717
Zillya 20140716
Zoner 20140714
nProtect 20140717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-17 05:44:03
Entry Point 0x000050F5
Number of sections 4
PE sections
PE imports
GetStdHandle
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetTimeZoneInformation
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
SetLastError
InitializeCriticalSection
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
SetEnvironmentVariableA
TerminateProcess
InterlockedDecrement
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
CompareStringW
GetCurrentThreadId
CompareStringA
IsValidLocale
GetProcAddress
CreateEventW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
lstrlenW
SizeofResource
CompareFileTime
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
ReadFile
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHFileOperationW
GetSystemMetrics
Ord(138)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:07:17 06:44:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.1

EntryPoint
0x50f5

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 cc19a778b730d310a1bea1518bdc7a6f
SHA1 9a7b01553bc5a2da3116b9f15b03a2248b419419
SHA256 b464005685ca43d878739bad86f5bfdf39eab2db95f3c7f8b77ea776cbb21e5c
ssdeep
3072:JZZPcLBYh408t/G0WbZVtbWpiDghK3LZI+K4:JZmdYh38t/G0WtVFWpto3W4

authentihash 5da9089349c16283320f6746f17061e59a5d2ee6410f80319373e9edd84e626e
imphash 52e38987b2d2bf615820a8a502d62dbc
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-16 19:45:50 UTC ( 2 years, 7 months ago )
Last submission 2016-06-29 21:54:28 UTC ( 7 months, 3 weeks ago )
File names cc19a778b730d310a1bea1518bdc7a6f.exe
0.99_0_Kuluoz_Kuluoz_1__home_logger_ham_tmp.kS__f_document_July-16-2014.exe.cld
Copy_of_document_July-16-2014.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs