× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bbf4288fd06fe2929c62287e5b66cd4b27b548591323c82dae65819aa065603a
File name: 9d29646b640057e598fa48335aa520f6.virus
Detection ratio: 28 / 54
Analysis date: 2016-07-08 10:36:31 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.Cerber.1 20160708
AhnLab-V3 Malware/Win32.Generic.N2041770346 20160708
ALYac Trojan.Ransom.Cerber.1 20160708
Antiy-AVL Trojan/Win32.TSGeneric 20160708
Arcabit Trojan.Ransom.Cerber.1 20160708
Avast Win32:Trojan-gen 20160708
AVG Generic_r.KMS 20160708
Avira (no cloud) TR/Crypt.Xpack.sbhd 20160708
AVware Trojan.Win32.Generic.pak!cobra 20160708
BitDefender Trojan.Ransom.Cerber.1 20160708
Emsisoft Trojan.Ransom.Cerber.1 (B) 20160708
ESET-NOD32 a variant of Win32/Kryptik.FBIV 20160708
F-Secure Trojan.Ransom.Cerber.1 20160708
GData Trojan.Ransom.Cerber.1 20160708
K7AntiVirus Riskware ( 0040eff71 ) 20160708
K7GW Riskware ( 0040eff71 ) 20160708
Kaspersky HEUR:Trojan.Win32.Generic 20160708
McAfee GenericR-HZA!9D29646B6400 20160708
McAfee-GW-Edition BehavesLike.Win32.Malware.dm 20160708
eScan Trojan.Ransom.Cerber.1 20160708
nProtect Trojan.Ransom.Cerber.1 20160708
Panda Trj/GdSda.A 20160707
Qihoo-360 QVM20.1.Malware.Gen 20160708
Sophos AV Mal/Generic-S 20160708
Symantec Packed.Generic.459 20160708
Tencent Win32.Trojan.Kryptik.Hufp 20160708
TrendMicro TROJ_GEN.R02EC0EG716 20160708
VIPRE Trojan.Win32.Generic.pak!cobra 20160708
AegisLab 20160708
Alibaba 20160708
Baidu 20160706
Bkav 20160707
CAT-QuickHeal 20160708
ClamAV 20160708
CMC 20160704
Comodo 20160708
Cyren 20160708
DrWeb 20160708
F-Prot 20160708
Fortinet 20160708
Ikarus 20160708
Jiangmin 20160708
Kingsoft 20160708
Malwarebytes 20160708
Microsoft 20160708
NANO-Antivirus 20160708
SUPERAntiSpyware 20160708
TheHacker 20160707
TotalDefense 20160708
TrendMicro-HouseCall 20160708
VBA32 20160707
ViRobot 20160708
Zillya 20160708
Zoner 20160708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2006 Microsoft Corporation. All rights reserved.

Product Microsoft Office Program Recovery
Original name offlb.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-28 15:08:18
Entry Point 0x00002280
Number of sections 4
PE sections
PE imports
RegOpenKeyW
RegQueryValueExW
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
ImageList_SetIconSize
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
SetMetaRgn
AddFontResourceA
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
CreateHalftonePalette
GdiFlush
GetTextCharset
GetROP2
DeleteEnhMetaFile
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GdiGetBatchLimit
RestoreDC
SetBkMode
StretchBlt
CreateFontW
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
BitBlt
SetTextColor
GetTextExtentPointW
CreatePatternBrush
ExtTextOutW
FillPath
CreateBitmap
MoveToEx
DeleteColorSpace
GetStockObject
EnumFontFamiliesExW
AbortPath
SetTextAlign
SetBrushOrgEx
CreateCompatibleDC
StartDocW
CloseEnhMetaFile
CreateHatchBrush
SetROP2
EndPage
BeginPath
SelectObject
CloseFigure
AbortDoc
CloseMetaFile
CancelDC
SetWindowOrgEx
DPtoLP
SetBkColor
OffsetWindowOrgEx
GetTextExtentPoint32W
CreateCompatibleBitmap
DeleteMetaFile
EndPath
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetProcAddress
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetTimeZoneInformation
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
SetLastError
PeekNamedPipe
TlsGetValue
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
LoadLibraryA
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
SetFileAttributesW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
FindResourceW
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
GetTempPathW
Sleep
GetClipboardViewer
CreateMenu
GetDoubleClickTime
LoadIconA
CountClipboardFormats
EndMenu
GetCapture
GetDialogBaseUnits
LoadIconW
GetClipboardOwner
GetClipboardSequenceNumber
GetCursor
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
123904

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.0.6606.1000

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

EntryPoint
0x2280

OriginalFileName
offlb.exe

MIMEType
application/octet-stream

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2016:06:28 16:08:18+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
12.0.6606.1000

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
113664

ProductName
Microsoft Office Program Recovery

ProductVersionNumber
12.0.6606.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9d29646b640057e598fa48335aa520f6
SHA1 2d27dadf8eda670a0294e7333cad58e60f5f3fca
SHA256 bbf4288fd06fe2929c62287e5b66cd4b27b548591323c82dae65819aa065603a
ssdeep
3072:nJT3MqJRrlwWJfaYCAMH2TMlz34S/4FKU4P/dKBMjQ6c:txw4uzD0Q1KBML

authentihash a3020454a6ea05af1d1a22940820f6fc84f421c0fdfc5fa0aae973fa5bd9b832
imphash 0f569e140712e8565d4bd5a183697897
File size 233.0 KB ( 238592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-08 10:36:31 UTC ( 2 years, 7 months ago )
Last submission 2016-07-22 03:09:35 UTC ( 2 years, 7 months ago )
File names 9d29646b640057e598fa48335aa520f6.virus
ilnX1BUZoj
offlb.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications