× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4e2415dae5d4153d9a400ffb692c519d79889e62319ec08c5d03ba5f8f0300d
File name: malware.exe
Detection ratio: 3 / 55
Analysis date: 2016-04-29 08:15:18 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.Kryptik.aco 20160429
Kaspersky HEUR:Trojan.Win32.Generic 20160429
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20160429
Ad-Aware 20160429
AegisLab 20160429
AhnLab-V3 20160428
Alibaba 20160429
ALYac 20160429
Antiy-AVL 20160429
Arcabit 20160429
Avast 20160429
AVG 20160429
Avira (no cloud) 20160429
AVware 20160429
Baidu-International 20160428
BitDefender 20160429
Bkav 20160428
CAT-QuickHeal 20160429
ClamAV 20160429
CMC 20160428
Comodo 20160429
Cyren 20160429
DrWeb 20160429
Emsisoft 20160429
ESET-NOD32 20160429
F-Prot 20160429
F-Secure 20160429
Fortinet 20160429
GData 20160429
Ikarus 20160429
Jiangmin 20160429
K7AntiVirus 20160429
K7GW 20160429
Kingsoft 20160429
Malwarebytes 20160429
McAfee 20160429
McAfee-GW-Edition 20160429
Microsoft 20160429
eScan 20160429
NANO-Antivirus 20160429
nProtect 20160429
Panda 20160428
Rising 20160429
SUPERAntiSpyware 20160429
Symantec 20160429
Tencent 20160429
TheHacker 20160429
TrendMicro 20160429
TrendMicro-HouseCall 20160429
VBA32 20160428
VIPRE 20160429
ViRobot 20160429
Yandex 20160428
Zillya 20160429
Zoner 20160429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1987-2012 by SoftMaker Software GmbH and its licensors

Product TextMaker
Original name TextMaker.exe
Internal name TextMaker
File version 2012,0,0,670
Description TextMaker
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-28 19:55:25
Entry Point 0x00007454
Number of sections 5
PE sections
PE imports
LookupPrivilegeValueA
GetFileSecurityW
CommDlgExtendedError
GetCharWidthA
GetTextMetricsA
CreatePen
DeleteDC
SetTextColor
GetLastError
InterlockedDecrement
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
VirtualAllocEx
LoadLibraryA
SetEvent
GetOEMCP
LCMapStringA
HeapDestroy
EncodePointer
TlsAlloc
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetACP
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetFileType
GetLocaleInfoA
GetFileSize
SetHandleCount
LockResource
lstrlenW
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
InterlockedIncrement
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
TerminateThread
GetProcessHeap
ExitProcess
CompareStringW
WideCharToMultiByte
SetEnvironmentVariableW
GetStringTypeA
GetModuleHandleA
lstrcmpA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CompareStringA
GetTempFileNameA
lstrcpynA
IsWow64Process
lstrcmpW
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
SetEnvironmentVariableA
TlsFree
SetThreadContext
TerminateProcess
GetModuleFileNameA
GetTimeZoneInformation
InitializeCriticalSection
HeapCreate
VirtualFree
LocalFileTimeToFileTime
GetEnvironmentStringsW
IsDebuggerPresent
Sleep
MoveFileW
GetTickCount
TlsSetValue
CreateFileA
HeapAlloc
OutputDebugStringA
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
CloseHandle
SHGetSpecialFolderLocation
SHGetMalloc
SystemParametersInfoA
GetInputState
SetWindowTextA
OemToCharA
GetWindowRect
GetClassLongW
EndDialog
LoadBitmapW
IsDlgButtonChecked
CallWindowProcW
EmptyClipboard
CheckRadioButton
GetClientRect
IsCharAlphaA
DefWindowProcA
LoadCursorA
InvertRect
SetMenu
GetClipboardData
PtInRect
Number of PE resources by type
RT_STRING 24
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 26
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2012.9.11.670

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
80896

EntryPoint
0x7454

OriginalFileName
TextMaker.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1987-2012 by SoftMaker Software GmbH and its licensors

FileVersion
2012,0,0,670

TimeStamp
2016:04:28 20:55:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TextMaker

ProductVersion
2012

FileDescription
TextMaker

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SoftMaker Software GmbH

CodeSize
56832

ProductName
TextMaker

ProductVersionNumber
2012.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ca3dab26b7706393e2276f30f8f9c02b
SHA1 f2f23858ad797878ce346b9acea8ca364f61b9ca
SHA256 c4e2415dae5d4153d9a400ffb692c519d79889e62319ec08c5d03ba5f8f0300d
ssdeep
3072:hU9z4nBkUO+bkbt7pHJPWsPPawm98dk+uRwuDPF:hUR4nmUOQKNpPlwqM

authentihash 62dedba1de8a1dc2b8374a21c0daab162ceb8e88f487e8c28f4605b67b41f543
imphash 1bd026083ad1eb39af12fecc10991493
File size 135.5 KB ( 138752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-29 08:13:19 UTC ( 1 year, 5 months ago )
Last submission 2017-08-20 20:51:38 UTC ( 2 months ago )
File names malware.exe
TextMaker.exe
VIR_08j78h65e.exevir
08j78h65e
TextMaker
08j78h65e.exe
uHN6h.xltx
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications