× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: beb88b755e582bec4be34418c3737a9f5f0639ace19936842834643b7fcb191f
File name: a7e61592dd81416c93835a7b0548ad7d.kaf
Detection ratio: 9 / 52
Analysis date: 2014-08-19 23:23:34 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
AntiVir TR/PSW.Zbot.Y.2629 20140819
Antiy-AVL Trojan/Win32.SGeneric 20140819
Kaspersky Trojan-Spy.Win32.Zbot.tvhv 20140819
Malwarebytes Trojan.FakeMS 20140819
Microsoft PWS:Win32/Zbot.gen!Y 20140819
Qihoo-360 HEUR/Malware.QVM20.Gen 20140820
Sophos AV Mal/Generic-S 20140819
Symantec Suspicious.Cloud.5 20140819
TrendMicro-HouseCall Suspicious_GEN.F47V0819 20140819
Ad-Aware 20140819
AegisLab 20140819
Yandex 20140819
AhnLab-V3 20140819
Avast 20140819
AVG 20140819
Baidu-International 20140819
BitDefender 20140819
Bkav 20140818
ByteHero 20140820
CAT-QuickHeal 20140819
ClamAV 20140819
CMC 20140818
Commtouch 20140819
Comodo 20140819
DrWeb 20140819
Emsisoft 20140819
ESET-NOD32 20140819
F-Prot 20140820
F-Secure 20140819
Fortinet 20140819
GData 20140819
Ikarus 20140819
Jiangmin 20140815
K7AntiVirus 20140819
K7GW 20140819
Kingsoft 20140820
McAfee 20140819
McAfee-GW-Edition 20140819
eScan 20140819
NANO-Antivirus 20140819
Norman 20140819
nProtect 20140819
Panda 20140819
Rising 20140819
SUPERAntiSpyware 20140819
Tencent 20140820
TheHacker 20140817
TotalDefense 20140819
TrendMicro 20140819
VBA32 20140819
VIPRE 20140820
ViRobot 20140819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Windows® Internet Explorer
Original name extexport.exe
Internal name extexport
File version 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Description Internet Explorer ImpExp FF exporter
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-19 07:38:44
Entry Point 0x00003980
Number of sections 4
PE sections
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
File identification
MD5 a7e61592dd81416c93835a7b0548ad7d
SHA1 a847f760ef942d463040d39bad0d55f0133fa2a1
SHA256 beb88b755e582bec4be34418c3737a9f5f0639ace19936842834643b7fcb191f
ssdeep
6144:NDjfsE6COIVmTBJYobBk3ZhzJL68uhUbqrfmWD7DfjLfDjf7rfrbT7fTrfzj/jr:xb6HXT5FkTJ1uhU2t3X/vnn/PXX/Hv/

imphash 36166c4c85e00d4fd8c5f7c5f0438ed4
File size 272.0 KB ( 278528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-19 13:54:36 UTC ( 4 years, 7 months ago )
Last submission 2014-08-22 09:46:00 UTC ( 4 years, 7 months ago )
File names extexport.exe
a7e61592dd81416c93835a7b0548ad7d.kaf
vti-rescan
extexport
a7e61592dd81416c93835a7b0548ad7d.kaf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.