× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bbe4ef632f3a8043b8adac6bb03b8a8b4ba6842154a018075644c16265a19176
File name: Xerox_doc.exe
Detection ratio: 4 / 42
Analysis date: 2010-07-16 11:51:45 UTC ( 7 years, 1 month ago ) View latest
Antivirus Result Update
AntiVir TR/Dropper.Gen 20100716
Panda Suspicious file 20100715
TrendMicro TROJ_FAKEAV.SMZQ 20100716
TrendMicro-HouseCall TROJ_FAKEAV.SMZQ 20100716
a-squared 20100716
AhnLab-V3 20100715
Antiy-AVL 20100715
Authentium 20100716
Avast 20100715
Avast5 20100715
AVG 20100715
BitDefender 20100716
CAT-QuickHeal 20100716
ClamAV 20100716
Comodo 20100716
DrWeb 20100716
eSafe 20100715
eTrust-Vet 20100716
F-Prot 20100715
F-Secure 20100716
Fortinet 20100715
GData 20100716
Ikarus 20100716
Jiangmin 20100716
Kaspersky 20100716
McAfee 20100716
McAfee-GW-Edition 20100716
Microsoft 20100716
NOD32 20100715
Norman 20100715
nProtect 20100716
PCTools 20100716
Prevx 20100716
Rising 20100716
Sophos AV 20100716
Sunbelt 20100716
SUPERAntiSpyware 20100716
Symantec 20100716
TheHacker 20100716
VBA32 20100715
ViRobot 20100716
VirusBuster 20100715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-07-16 08:53:51
Entry Point 0x00001144
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(518)
Ord(697)
Ord(607)
EVENT_SINK_AddRef
Ord(717)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(522)
Ord(520)
Ord(100)
Ord(526)
Ord(696)
ProcCallEngine
Ord(524)
EVENT_SINK_Release
Ord(617)
Ord(528)
Ord(644)
Ord(631)
Ord(619)
LoadResource
LockResource
FreeLibrary
ExitProcess
GetProcAddress
LoadLibraryA
CallWindowProcA
Number of PE resources by type
Struct(15) 11
RT_ICON 6
12 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 7
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:07:16 09:53:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
14848

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
27136

SubsystemVersion
4.0

EntryPoint
0x1144

OSVersion
4.0

ImageVersion
2.2

UninitializedDataSize
0

File identification
MD5 23a61e44dfadf5dcc931b325ff1939ec
SHA1 4adeff84dde436360c3e45b9806b8dc1f8155816
SHA256 bbe4ef632f3a8043b8adac6bb03b8a8b4ba6842154a018075644c16265a19176
ssdeep
768:gXbxeb/brqBqBuOU8rgWFTdBRQdvnKXfjwyd:E8BuOBrjFBBWfMEyd

authentihash f781eb49a3f56b3bc8e4f99391c462c780d852658fddd2809b98728f6d5c5100
imphash f8281bf34d5c8c2cb24da96042414545
File size 42.0 KB ( 43008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-07-16 11:51:45 UTC ( 7 years, 1 month ago )
Last submission 2015-08-25 19:29:04 UTC ( 1 year, 11 months ago )
File names xzNrziq.sys
4adeff84dde436360c3e45b9806b8dc1f8155816-23a61e44dfadf5dcc931b325ff1939ec.01.exe7379.vir
aa
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!