× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bbe4ef632f3a8043b8adac6bb03b8a8b4ba6842154a018075644c16265a19176
File name: Xerox_doc.exe
Detection ratio: 4 / 42
Analysis date: 2010-07-16 11:51:45 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
AntiVir TR/Dropper.Gen 20100716
Panda Suspicious file 20100715
TrendMicro TROJ_FAKEAV.SMZQ 20100716
TrendMicro-HouseCall TROJ_FAKEAV.SMZQ 20100716
AVG 20100715
AhnLab-V3 20100715
Antiy-AVL 20100715
Authentium 20100716
Avast 20100715
Avast5 20100715
BitDefender 20100716
CAT-QuickHeal 20100716
ClamAV 20100716
Comodo 20100716
DrWeb 20100716
F-Prot 20100715
F-Secure 20100716
Fortinet 20100715
GData 20100716
Ikarus 20100716
Jiangmin 20100716
Kaspersky 20100716
McAfee 20100716
McAfee-GW-Edition 20100716
Microsoft 20100716
NOD32 20100715
Norman 20100715
PCTools 20100716
Prevx 20100716
Rising 20100716
SUPERAntiSpyware 20100716
Sophos 20100716
Sunbelt 20100716
Symantec 20100716
TheHacker 20100716
VBA32 20100715
ViRobot 20100716
VirusBuster 20100715
a-squared 20100716
eSafe 20100715
eTrust-Vet 20100716
nProtect 20100716
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-07-16 08:53:51
Link date 9:53 AM 7/16/2010
Entry Point 0x00001144
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(518)
Ord(697)
Ord(607)
EVENT_SINK_AddRef
Ord(717)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(522)
Ord(520)
Ord(100)
Ord(526)
Ord(696)
ProcCallEngine
Ord(524)
EVENT_SINK_Release
Ord(617)
Ord(528)
Ord(644)
Ord(631)
Ord(619)
LoadResource
LockResource
FreeLibrary
ExitProcess
GetProcAddress
LoadLibraryA
CallWindowProcA
Number of PE resources by type
Struct(15) 11
RT_ICON 6
12 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 7
ARABIC NEUTRAL 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:07:16 09:53:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
14848

LinkerVersion
7.1

FileAccessDate
2014:02:07 14:16:46+01:00

EntryPoint
0x1144

InitializedDataSize
27136

SubsystemVersion
4.0

ImageVersion
2.2

OSVersion
4.0

FileCreateDate
2014:02:07 14:16:46+01:00

UninitializedDataSize
0

File identification
MD5 23a61e44dfadf5dcc931b325ff1939ec
SHA1 4adeff84dde436360c3e45b9806b8dc1f8155816
SHA256 bbe4ef632f3a8043b8adac6bb03b8a8b4ba6842154a018075644c16265a19176
ssdeep
768:gXbxeb/brqBqBuOU8rgWFTdBRQdvnKXfjwyd:E8BuOBrjFBBWfMEyd

imphash f8281bf34d5c8c2cb24da96042414545
File size 42.0 KB ( 43008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-07-16 11:51:45 UTC ( 3 years, 9 months ago )
Last submission 2014-02-07 13:14:33 UTC ( 2 months, 1 week ago )
File names 4adeff84dde436360c3e45b9806b8dc1f8155816-23a61e44dfadf5dcc931b325ff1939ec.01.exe7379.vir
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!