× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b94ede0ea117334a7eaad8211dc3f430f242cabe45eaf565eaa9c28d13cd63af
File name: iLMqBS9rCGZl.exe
Detection ratio: 37 / 56
Analysis date: 2015-04-23 12:50:31 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.596294 20150423
Yandex Trojan.Bublik!vkwhOGHa9i4 20150422
AhnLab-V3 Worm/Win32.VBNA 20150423
Antiy-AVL Trojan/Win32.Bublik 20150423
Avast Win32:Emotet-P [Trj] 20150423
AVG Atros.QLP 20150423
Avira (no cloud) TR/Injector.198909.1 20150423
AVware Trojan.Win32.Generic!BT 20150423
Baidu-International Trojan.Win32.Bublik.dnty 20150421
BitDefender Gen:Variant.Kazy.596294 20150423
ByteHero Virus.Win32.Heur.p 20150423
CMC Heur.Win32.VBKrypt.3!O 20150423
Cyren W32/Trojan.KCYE-8147 20150423
Emsisoft Gen:Variant.Kazy.596294 (B) 20150423
ESET-NOD32 a variant of Win32/Injector.BYGW 20150423
F-Secure Gen:Variant.Kazy.596294 20150423
Fortinet W32/BYGW!tr 20150423
GData Gen:Variant.Kazy.596294 20150423
Ikarus Trojan.Win32.Injector 20150423
Jiangmin Trojan/Bublik.ppm 20150422
K7AntiVirus Trojan ( 004bd02a1 ) 20150423
K7GW Trojan ( 004bd02a1 ) 20150423
Kaspersky Trojan.Win32.Bublik.dnty 20150423
Malwarebytes Trojan.Agent.TXC 20150423
McAfee Artemis!64A9A7041FAB 20150423
Microsoft Trojan:Win32/Emotet.G 20150423
eScan Gen:Variant.Kazy.596294 20150423
NANO-Antivirus Trojan.Win32.Bublik.dqtjpo 20150422
Norman Troj_Generic_2.JVM 20150423
Panda Trj/Genetic.gen 20150423
Qihoo-360 Win32/Trojan.f6e 20150423
Sophos AV Mal/Generic-S 20150423
SUPERAntiSpyware Trojan.Agent/Gen-Ransom 20150423
Tencent Trojan.Win32.Qudamah.Gen.17 20150423
TrendMicro TROJ_GEN.R03EC0DDM15 20150423
TrendMicro-HouseCall TROJ_GEN.R03EC0DDM15 20150423
VIPRE Trojan.Win32.Generic!BT 20150423
AegisLab 20150423
Alibaba 20150423
Bkav 20150423
CAT-QuickHeal 20150423
ClamAV 20150423
Comodo 20150423
DrWeb 20150423
F-Prot 20150423
Kingsoft 20150423
McAfee-GW-Edition 20150422
nProtect 20150423
Rising 20150423
Symantec 20150423
TheHacker 20150422
TotalDefense 20150423
VBA32 20150423
ViRobot 20150423
Zillya 20150422
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
acoustics analysis software for measuring

Publisher acoustics analysis software for measuring
Product acoustics analysis software for measuring
Original name TextConv.exe
Internal name TextConv
File version 1.00.0015
Description acoustics analysis software for measuring
Comments acoustics analysis software for measuring
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-11 11:11:26
Entry Point 0x00001128
Number of sections 3
PE sections
Overlays
MD5 2f9d7723d2f16da9f2764216598e2034
File type data
Offset 147456
Size 51453
Entropy 7.95
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(537)
Ord(648)
Ord(516)
Ord(685)
Ord(594)
Ord(689)
Ord(525)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(100)
Ord(599)
Ord(608)
Ord(570)
Ord(571)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(593)
Ord(306)
Ord(631)
Ord(563)
Number of PE resources by type
RT_ICON 4
RT_STRING 1
RT_VERSION 1
CEROL 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
THAI DEFAULT 2
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
acoustics analysis software for measuring

SubsystemVersion
4.0

Comments
acoustics analysis software for measuring

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.15

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
acoustics analysis software for measuring

CharacterSet
Unicode

InitializedDataSize
53248

EntryPoint
0x1128

OriginalFileName
TextConv.exe

MIMEType
application/octet-stream

LegalCopyright
acoustics analysis software for measuring

FileVersion
1.00.0015

TimeStamp
2015:04:11 12:11:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TextConv

ProductVersion
1.00.0015

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
acoustics analysis software for measuring

CodeSize
102400

ProductName
acoustics analysis software for measuring

ProductVersionNumber
1.0.0.15

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 64a9a7041fab5a73b8e1ebd686c27cfd
SHA1 a5343d323f618e206647e8403be7ce969ca9a939
SHA256 b94ede0ea117334a7eaad8211dc3f430f242cabe45eaf565eaa9c28d13cd63af
ssdeep
3072:BOQhZOOQhZOOQhZhzpsgS0OQhZOOQhZOOQhZU7+mKQDtouWI:Ej+mroRI

authentihash 5d91ebbb2fa4242b6f1e0ab73a6d30e0952e1fd6ae8c3f2619e82dd9a52f9988
imphash e9c7d402150ccfcc98bb88e155a1e3b6
File size 194.2 KB ( 198909 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-16 00:25:19 UTC ( 4 years, 1 month ago )
Last submission 2015-04-16 00:25:19 UTC ( 4 years, 1 month ago )
File names TextConv.exe
TextConv
iLMqBS9rCGZl.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R03EC0DDM15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!