× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bca10ce68245ca2dbc03cb1d8629868150271609123c18954cd29423647c5334
File name: pdfmarks.exe
Detection ratio: 4 / 52
Analysis date: 2014-05-28 12:38:10 UTC ( 4 years, 12 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen 20140528
ESET-NOD32 Win32/TrojanDownloader.Waski.D 20140528
GData Win32.Trojan.Zbot.BL 20140528
VIPRE Trojan.Win32.Generic.pak!cobra 20140528
Ad-Aware 20140528
AegisLab 20140528
Yandex 20140527
AhnLab-V3 20140528
Antiy-AVL 20140528
Avast 20140528
AVG 20140528
Baidu-International 20140528
BitDefender 20140528
Bkav 20140528
ByteHero 20140528
CAT-QuickHeal 20140528
ClamAV 20140528
CMC 20140528
Commtouch 20140528
Comodo 20140528
DrWeb 20140528
Emsisoft 20140528
F-Prot 20140528
F-Secure 20140528
Fortinet 20140528
Ikarus 20140528
Jiangmin 20140528
K7AntiVirus 20140527
K7GW 20140527
Kaspersky 20140528
Kingsoft 20140528
Malwarebytes 20140528
McAfee 20140528
McAfee-GW-Edition 20140528
Microsoft 20140528
eScan 20140528
NANO-Antivirus 20140528
Norman 20140528
nProtect 20140528
Panda 20140528
Qihoo-360 20140528
Rising 20140528
Sophos AV 20140528
SUPERAntiSpyware 20140528
Symantec 20140528
Tencent 20140528
TheHacker 20140528
TotalDefense 20140528
TrendMicro 20140528
TrendMicro-HouseCall 20140528
VBA32 20140527
ViRobot 20140528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-27 21:29:47
Entry Point 0x00001013
Number of sections 4
PE sections
Overlays
MD5 179aaddeffe50474e1539b5ce3a74de8
File type ASCII text
Offset 23040
Size 124
Entropy 3.31
PE imports
GetLastError
HeapFree
EnterCriticalSection
GetOEMCP
IsDebuggerPresent
EncodePointer
TlsAlloc
VirtualProtect
RtlUnwind
GetCurrentProcess
LoadLibraryExA
LoadLibraryExW
GetStartupInfoW
GetSystemPowerStatus
GetProcessHeap
GetCPInfo
TlsFree
GetModuleHandleA
IsProcessorFeaturePresent
GetACP
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
OutputDebugStringW
VirtualFree
TlsGetValue
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:27 22:29:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
11.0

EntryPoint
0x1013

InitializedDataSize
13824

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ccfdffa746c4d770a298347f61b74ef6
SHA1 25be6600ee6d22b303d33be326e496625549dcaa
SHA256 bca10ce68245ca2dbc03cb1d8629868150271609123c18954cd29423647c5334
ssdeep
384:2Mv0aVJOt2obD3/HhzF8N+HBnFIy+YPe6xagk58sCub21:373OtJDvhzNsyXk58sCuS1

authentihash a342c6a3cab977e9951a32cf5bc61d58ecaaba48fb480573178b79cfc71201b4
imphash bbc712c81dbe5f313d887223f25de84e
File size 22.6 KB ( 23164 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-05-28 12:38:10 UTC ( 4 years, 12 months ago )
Last submission 2014-05-28 12:38:10 UTC ( 4 years, 12 months ago )
File names pdfmarks.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.