× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c57f3f74ccc38913e094480aa09593d3f28f73c48d621fe5136d4bb9f249be80
File name: Hotel-Reservation-Confirmation_from_Booking.exe
Detection ratio: 30 / 42
Analysis date: 2012-07-14 01:35:35 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Yakes 20120713
AntiVir TR/Cridex.EB.21 20120713
Avast Win32:Zbot-OWP [Trj] 20120713
AVG Win32/Cryptor 20120713
BitDefender Trojan.Generic.KDV.670829 20120713
Commtouch W32/Falab.F7.gen!Eldorado 20120714
Comodo UnclassifiedMalware 20120713
DrWeb BackDoor.Andromeda.22 20120714
Emsisoft Trojan-Spy.Agent!IK 20120714
F-Prot W32/Falab.F7.gen!Eldorado 20120713
F-Secure Trojan.Generic.KDV.670829 20120714
Fortinet W32/Kryptik.AB!tr 20120714
GData Trojan.Generic.KDV.670829 20120713
Ikarus Trojan-Spy.Agent 20120713
K7AntiVirus Trojan 20120713
Kaspersky Backdoor.Win32.Androm.cp 20120714
McAfee PWS-Zbot.gen.hv 20120714
McAfee-GW-Edition PWS-Zbot.gen.hv 20120714
Microsoft Worm:Win32/Gamarue.F 20120714
NOD32 a variant of Win32/Kryptik.AIHQ 20120713
Norman W32/Suspicious_Gen4.AOEEB 20120713
nProtect Trojan.Generic.KDV.670829 20120713
Panda Trj/CI.A 20120713
PCTools Downloader.Dromedan 20120714
Sophos AV Mal/Katusha-F 20120714
Symantec Downloader.Dromedan 20120714
TrendMicro TROJ_AGENT.BDAH 20120714
TrendMicro-HouseCall TROJ_AGENT.BDAH 20120713
VIPRE Trojan.Win32.Generic!BT 20120714
ViRobot Backdoor.Win32.A.Androm.49152 20120713
Antiy-AVL 20120712
ByteHero 20120613
CAT-QuickHeal 20120713
ClamAV 20120713
eSafe 20120712
Jiangmin 20120713
Rising 20120713
SUPERAntiSpyware 20120713
TheHacker 20120713
TotalDefense 20120713
VBA32 20120712
VirusBuster 20120713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-25 05:01:22
Entry Point 0x000022F6
Number of sections 5
PE sections
PE imports
GetTickCount
PathIsFileSpecA
PathStripPathW
Ord(29)
PE exports
Number of PE resources by type
RT_DIALOG 2
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:25 06:01:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
30720

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
17408

SubsystemVersion
5.1

EntryPoint
0x22f6

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 7b60d5b4af4b1612cd2be56cfc4c1b92
SHA1 b21538d8e1e7eb8039d36644602ad51b7c56d1f7
SHA256 c57f3f74ccc38913e094480aa09593d3f28f73c48d621fe5136d4bb9f249be80
ssdeep
768:53A4p/GrOQagtpQxrRRXsvyQkoeKPbMRLn9Of0x0BLMELjs8SUQVIMoX6gq:5Q4crOQaJfKyQNeQbMPOf/BwE884ti6D

authentihash 51c5f14e91caf328078eef9b681aebf135730a5d0e2cebcd782411d35394e38b
imphash b4d89882979ca0e0fe0374846a59abde
File size 48.0 KB ( 49152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-12 10:34:40 UTC ( 6 years, 5 months ago )
Last submission 2013-06-21 13:26:08 UTC ( 5 years, 6 months ago )
File names 63204FB40077F50CC06F00B1D6FF7E0026E0BEBA.exe
V8GsMLcs.docx
smona_c57f3f74ccc38913e094480aa09593d3f28f73c48d621fe5136d4bb9f249be80.bin
aa
7b60d5b4af4b1612cd2be56cfc4c1b92
file-4228868_exe
Hotel-Reservation-Confirmation_from_Booking.exe
Hotel-Reservation-Confirmation_from_Booking.ex_
3
svchost.exe
file
Hotel-Reservation-Confirmation_from_Booking.ext
26e51e5d70b3ebb1950547101e369885d10108893a38d2bf6844b58442476ad5bfa5d8d36a54940bf6cfdfe6012a8407c15b666a21b3a0cd57b1739cb6d1da84
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!