× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd3e6a441f64afb86360aca4983db734e495e21df2d4d98422288a4f1664a480
File name: Vodafone_MMS.jpg.exe
Detection ratio: 36 / 44
Analysis date: 2012-11-24 16:07:19 UTC ( 6 years, 2 months ago ) View latest
Antivirus Result Update
Yandex Trojan.DL.Wauchos!khDTIzzan/M 20121124
AhnLab-V3 Win-Trojan/Andromeda.48128 20121124
AntiVir BDS/Androm.EB.26 20121124
Avast Win32:LockScreen-NC [Trj] 20121124
AVG Crypt.BAWD 20121124
BitDefender Trojan.Generic.KD.780763 20121124
CAT-QuickHeal TrojanDownloader.Andromeda.co 20121124
ClamAV Win.Trojan.Agent-14023 20121124
Comodo Heur.Suspicious 20121124
DrWeb BackDoor.Andromeda.22 20121124
Emsisoft Trojan-Downloader.Win32.Androm (A) 20121124
ESET-NOD32 Win32/TrojanDownloader.Wauchos.A 20121124
F-Secure Trojan:W32/Agent.DUGG 20121124
Fortinet W32/Injector.WCT!tr 20121124
GData Trojan.Generic.KD.780763 20121124
Ikarus Trojan-Downloader.Win32.Karagany 20121124
Jiangmin TrojanDownloader.Andromeda.adb 20121124
K7AntiVirus Trojan 20121124
Kaspersky Trojan-Downloader.Win32.Andromeda.coh 20121124
Kingsoft Win32.Malware.Generic.a.(kcloud) 20121119
McAfee PWS-Zbot.gen.aow 20121124
McAfee-GW-Edition PWS-Zbot.gen.aow 20121124
Microsoft Worm:Win32/Gamarue.I 20121124
eScan Trojan.Generic.KD.780763 20121124
Norman W32/Kryptik.BWR 20121124
nProtect Trojan/W32.Small.48128.OR 20121124
Panda Trj/Zbot.M 20121124
PCTools Backdoor.Trojan 20121124
Sophos AV Mal/EncPk-AGD 20121124
Symantec Backdoor.Trojan 20121124
TheHacker Trojan/Downloader.Andromeda.coh 20121124
TrendMicro TROJ_INJECTO.ATJ 20121124
TrendMicro-HouseCall TROJ_INJECTO.ATJ 20121124
VBA32 Trojan-Downloader.Andromeda.coh 20121124
VIPRE Trojan.Win32.Generic!BT 20121124
ViRobot Trojan.Win32.A.Downloader.48128.KV 20121124
Antiy-AVL 20121123
ByteHero 20121116
Commtouch 20121124
eSafe 20121121
F-Prot 20121124
Rising 20121123
SUPERAntiSpyware 20121124
TotalDefense 20121123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00003F34
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetFileTitleW
GetStdHandle
EnterCriticalSection
GetModuleFileNameW
FreeLibrary
ExitProcess
GetThreadLocale
RtlUnwind
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
GetCommandLineA
lstrcpynW
RaiseException
GetModuleHandleA
WriteFile
GetCurrentThreadId
LocalFree
InitializeCriticalSection
FindResourceW
GetEnvironmentVariableW
VirtualFree
TlsGetValue
Sleep
TlsSetValue
GetProcessVersion
GetVersion
FindResourceA
VirtualAlloc
SleepEx
LeaveCriticalSection
SHGetFileInfoA
SHChangeNotify
ExtractAssociatedIconW
SHBrowseForFolderA
SHGetFileInfoW
FindExecutableW
IsCharAlphaNumericA
MessageBoxA
OpenIcon
GetKeyboardType
Number of PE resources by type
RT_RCDATA 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12800

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
34304

SubsystemVersion
4.0

EntryPoint
0x3f34

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3ce2b9522a476515737d07b877dae06e
SHA1 478cd2b7cb9005eee01a209b67424f71c819c87f
SHA256 cd3e6a441f64afb86360aca4983db734e495e21df2d4d98422288a4f1664a480
ssdeep
768:Qpjc89Q0PWV9U6R6LoSDs5fy+YBuAORsSmjZrdRR:C/Q5jU6R3f5fy+6uAORsv

authentihash 57cfd143cd5196fd8af663418f64a3cfe0435dd262ea028fac95ef0fabe31ad0
imphash d09cc0c469e42caa4883396c33817104
File size 47.0 KB ( 48128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 6 (93.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
peexe

VirusTotal metadata
First submission 2012-11-05 11:56:59 UTC ( 6 years, 3 months ago )
Last submission 2016-05-20 19:22:48 UTC ( 2 years, 9 months ago )
File names Vodafone_MMS.jpg.exe
aa
3ce2b9522a476515737d07b877dae06e
nmfbI6ei.jar
Vodafone_MMS.jpg.ex
a
smona_cd3e6a441f64afb86360aca4983db734e495e21df2d4d98422288a4f1664a480.bin
Vodafone_MMS.jpg.exe
1ea033519b5e53278d55a63b9e56e010d4e38221
file-4731376_bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs