× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd3147d1a6a06a59dc2362229a642a4de11fb0d49525b4333208530716bfe139
File name: tax_guide_pdf.exe
Detection ratio: 2 / 57
Analysis date: 2015-01-13 14:49:43 UTC ( 4 years, 4 months ago ) View latest
Antivirus Result Update
Kaspersky HEUR:Trojan.Win32.Generic 20150113
Norman Upatre.FH 20150113
Ad-Aware 20150113
AegisLab 20150113
Yandex 20150112
AhnLab-V3 20150113
Alibaba 20150112
ALYac 20150113
Antiy-AVL 20150112
Avast 20150113
AVG 20150113
Avira (no cloud) 20150110
AVware 20150113
Baidu-International 20150113
BitDefender 20150113
Bkav 20150113
ByteHero 20150113
CAT-QuickHeal 20150113
ClamAV 20150113
CMC 20150113
Comodo 20150113
Cyren 20150113
DrWeb 20150113
Emsisoft 20150113
ESET-NOD32 20150113
F-Prot 20150113
F-Secure 20150113
Fortinet 20150111
GData 20150113
Ikarus 20150113
Jiangmin 20150112
K7AntiVirus 20150113
K7GW 20150113
Kingsoft 20150113
Malwarebytes 20150113
McAfee 20150113
McAfee-GW-Edition 20150113
Microsoft 20150113
eScan 20150113
NANO-Antivirus 20150113
nProtect 20150113
Panda 20150113
Qihoo-360 20150113
Rising 20150112
Sophos AV 20150113
SUPERAntiSpyware 20150113
Symantec 20150113
Tencent 20150113
TheHacker 20150112
TotalDefense 20150112
TrendMicro 20150113
TrendMicro-HouseCall 20150113
VBA32 20150113
VIPRE 20150113
ViRobot 20150113
Zillya 20150112
Zoner 20150112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-11 02:32:55
Entry Point 0x00001610
Number of sections 3
PE sections
Overlays
MD5 c81a614088e543c255c9a3e5ea5071d4
File type data
Offset 26624
Size 117814
Entropy 0.00
PE imports
InitCommonControlsEx
CopyFileW
LoadResource
HeapAlloc
GetStartupInfoA
SizeofResource
GetCurrentDirectoryW
LockResource
GetCommandLineW
lstrcatW
lstrcpynW
lstrcpyW
GetModuleHandleA
ReadFile
InterlockedExchange
CloseHandle
InitializeCriticalSection
HeapCreate
FindResourceW
CreateFileW
InterlockedDecrement
SleepEx
InterlockedIncrement
_except_handler3
__p__fmode
_adjust_fdiv
_acmdln
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_exit
_controlfp
__set_app_type
SendMessageW
GetWindowRect
SendDlgItemMessageW
DialogBoxParamW
SendMessageA
LoadStringW
GetClientRect
GetDlgItem
PostQuitMessage
SetWindowPos
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Nice

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.3

LanguageCode
Unknown (0608)

FileFlagsMask
0x0000

FileDescription
Stormix progss

CharacterSet
Unknown (06C0)

InitializedDataSize
16896

EntryPoint
0x1610

OriginalFileName
Stormix.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014 Stormix

FileVersion
0, 0, 0, 3

TimeStamp
2012:08:11 03:32:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Stormix

ProductVersion
0, 0, 0, 3

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Stormix

CodeSize
8704

ProductName
Stormix progs

ProductVersionNumber
0.0.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a9c570d706a6b16990aac9a108c7054d
SHA1 60c1897b1df1415f3d2149183741cf3b1d17a603
SHA256 bd3147d1a6a06a59dc2362229a642a4de11fb0d49525b4333208530716bfe139
ssdeep
384:sZ7FXTxXO3GVjfTNN1RKbPxDNqEd1A0qNkqD:GjfD1RSxD3jcBD

authentihash 52e8c8d8719b9fe6f73f9f1da2f7696770557e8a6ee2cf295ad50e3f3f950c8c
imphash e818090d3a1842596281c01c68a5c3b3
File size 141.1 KB ( 144438 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-01-13 14:49:43 UTC ( 4 years, 4 months ago )
Last submission 2015-01-13 14:49:43 UTC ( 4 years, 4 months ago )
File names tax_guide_pdf.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.