× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bfcf9b3156f55ade8f73f7517edb9c1a3b32f5767519c91280e14689f36ecf2a
File name: office.exe
Detection ratio: 26 / 54
Analysis date: 2014-10-15 10:39:40 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.22722 20141015
AegisLab Troj.W32.Gen 20141015
AhnLab-V3 Worm/Win32.Autorun 20141014
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20141015
Avast Win32:Malware-gen 20141015
AVG Win32/Cryptor 20141015
Avira (no cloud) BDS/Zegost.Gen4 20141015
BitDefender Gen:Variant.Symmi.22722 20141015
CAT-QuickHeal Trojan.Dynamer.AC3 20141015
DrWeb Trojan.DownLoader11.35510 20141015
Emsisoft Gen:Variant.Symmi.22722 (B) 20141015
ESET-NOD32 a variant of Win32/Agent.VNC 20141015
F-Secure Gen:Variant.Symmi.22722 20141015
Fortinet W32/Agent.VNC!tr 20141015
GData Gen:Variant.Symmi.22722 20141015
Ikarus Trojan.FBAccountLock 20141015
Kaspersky HEUR:Trojan.Win32.Generic 20141015
Malwarebytes Trojan.Agent 20141015
McAfee Trojan-FEMT!A8E68870ECA2 20141015
McAfee-GW-Edition BehavesLike.Win32.Spybot.gh 20141015
eScan Gen:Variant.Symmi.22722 20141015
NANO-Antivirus Trojan.Win32.PEF.dfwimq 20141015
Norman Agent.BELJE 20141015
Sophos AV Mal/Zbot-SJ 20141015
SUPERAntiSpyware Trojan.Agent/Gen-Foreign 20141015
Zillya Trojan.ZBot.Win32.670 20141015
Yandex 20141015
AVware 20141015
Baidu-International 20141015
Bkav 20141014
ByteHero 20141015
ClamAV 20141015
CMC 20141013
Comodo 20141015
Cyren 20141015
F-Prot 20141015
Jiangmin 20141014
K7AntiVirus 20141014
K7GW 20141014
Kingsoft 20141015
Microsoft 20141015
nProtect 20141015
Qihoo-360 20141015
Rising 20141015
Symantec 20141015
Tencent 20141015
TheHacker 20141013
TotalDefense 20141014
TrendMicro 20141015
TrendMicro-HouseCall 20141015
VBA32 20141015
VIPRE 20141015
ViRobot 20141015
Zoner 20141014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-24 14:59:54
Entry Point 0x00037F33
Number of sections 3
PE sections
PE imports
ClearEventLogA
FileEncryptionStatusA
AddAuditAccessObjectAce
ObjectDeleteAuditAlarmA
InitializeSecurityDescriptor
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
PurgeComm
SignalObjectAndWait
QueueUserAPC
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
DebugActiveProcessStop
FreeEnvironmentStringsW
InitializeSListHead
WaitCommEvent
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
HeapLock
InitAtomTable
InterlockedPushEntrySList
LoadResource
FindClose
TlsGetValue
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
GetNumaProcessorNode
LoadLibraryExA
SetHandleCount
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
DebugSetProcessKillOnExit
GlobalAddAtomA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetProcessShutdownParameters
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetCommBreak
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
CreateDirectoryA
DeleteFileA
ReadProcessMemory
GetProcAddress
GetDriveTypeA
GetProcessHeap
QueryDepthSList
CompareStringW
SetDefaultCommConfigA
FindFirstFileA
HeapValidate
CompareStringA
GetTempFileNameA
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
UnregisterWaitEx
GetEnvironmentStringsW
GetQueuedCompletionStatus
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
MapUserPhysicalPages
WideCharToMultiByte
HeapSize
BackupRead
GetCommandLineA
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
DeleteAtom
CloseHandle
GetACP
GetModuleHandleW
SetCommConfig
IsValidCodePage
HeapCreate
VirtualFree
Sleep
OpenEventA
VirtualAlloc
DnsHostnameToComputerNameA
RedrawWindow
GetMessagePos
GetParent
InternalGetWindowText
GetScrollRange
HideCaret
CreateIconIndirect
CopyIcon
ClipCursor
SetClassLongA
FlashWindowEx
GetClipboardData
SetDebugErrorLevel
GetWindowThreadProcessId
CreateIconFromResourceEx
GetSystemMetrics
OemToCharBuffA
ScrollWindowEx
IsCharAlphaA
SetProcessWindowStation
SetKeyboardState
CopyImage
DrawTextA
GetProcessDefaultLayout
LockWorkStation
GetListBoxInfo
GetMenuItemRect
EnumDisplayDevicesA
GetWindowPlacement
TileWindows
GetMenuCheckMarkDimensions
SetMenuDefaultItem
IsWindow
GetCapture
TranslateAcceleratorA
GetSysColorBrush
GetClassNameA
GetFocus
GetActiveWindow
GetMessageA
LookupIconIdFromDirectory
IsDialogMessageA
WindowFromDC
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:09:24 15:59:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
296448

LinkerVersion
9.0

FileAccessDate
2014:10:15 15:25:44+01:00

EntryPoint
0x37f33

InitializedDataSize
142848

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:10:15 15:25:44+01:00

UninitializedDataSize
0

File identification
MD5 a8e68870eca2522dec8c0a37a3f61b53
SHA1 6f293f06bae3fdf77c07be820f16798f11862d32
SHA256 bfcf9b3156f55ade8f73f7517edb9c1a3b32f5767519c91280e14689f36ecf2a
ssdeep
6144:gSmsm0GZbCx9Bb7t6A31JkkFevRThFXwFfFc35wsFpqo3mCzGVQTgi59Ag5fnD+q:A0ma9B9lJkkov9XwoKbSmrVjaA0aud

authentihash d69a42095630c6e1f3de7df5b247f98737fb272bd2c97f87bc62c6c70db4aaf1
imphash 42ec8602b46cb022092de41ccf448da0
File size 421.5 KB ( 431616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Clipper DOS Executable (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-15 10:39:40 UTC ( 4 years, 7 months ago )
Last submission 2014-10-15 10:39:40 UTC ( 4 years, 7 months ago )
File names office.exe
cPHr.msc
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections