× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2722895e5c79647e756f455170a908af0cf091ab3d9ef038c02b9b10b107c0b
File name: eft_rbc.pif
Detection ratio: 6 / 54
Analysis date: 2014-07-15 20:02:36 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Bkav HW32.Keylogger.coik 20140715
Qihoo-360 HEUR/Malware.QVM20.Gen 20140715
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140715
Sophos AV Mal/Generic-S 20140715
Symantec Trojan.Zbot 20140715
TrendMicro-HouseCall TROJ_GEN.F0D1H00GF14 20140715
Ad-Aware 20140715
AegisLab 20140715
Yandex 20140715
AhnLab-V3 20140715
AntiVir 20140715
Antiy-AVL 20140715
Avast 20140715
AVG 20140715
Baidu-International 20140715
BitDefender 20140715
ByteHero 20140715
CAT-QuickHeal 20140715
ClamAV 20140715
CMC 20140714
Commtouch 20140715
Comodo 20140715
DrWeb 20140715
Emsisoft 20140715
ESET-NOD32 20140715
F-Prot 20140715
F-Secure 20140715
Fortinet 20140715
GData 20140715
Ikarus 20140715
Jiangmin 20140715
K7AntiVirus 20140715
K7GW 20140715
Kaspersky 20140715
Kingsoft 20140715
Malwarebytes 20140715
McAfee 20140715
McAfee-GW-Edition 20140715
Microsoft 20140715
eScan 20140715
NANO-Antivirus 20140715
Norman 20140715
nProtect 20140715
Panda 20140715
SUPERAntiSpyware 20140715
Tencent 20140715
TheHacker 20140714
TotalDefense 20140715
TrendMicro 20140715
VBA32 20140715
VIPRE 20140715
ViRobot 20140715
Zillya 20140715
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © AkelSoft 2003-2011

Product AkelPad
Original name AkelPad.exe
File version 0, 0, 0, 0
Description AkelPad (x86) text editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-15 14:24:47
Entry Point 0x00001C50
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExW
AbortPath
FillPath
GetSystemPaletteUse
EndDoc
GetBkMode
CancelDC
GetTextColor
PathToRegion
GdiFlush
GetFontLanguageInfo
CreateCompatibleDC
DeleteObject
CreateMetaFileW
GetDriveTypeA
VirtualAlloc
GetCurrentProcessId
GetModuleHandleA
GetFileAttributesA
GetParent
LoadBitmapW
GetClipboardOwner
GetShellWindow
ShowWindow
GetSystemMetrics
GetKBCodePage
VkKeyScanA
IsCharAlphaA
IsWindowEnabled
GetFocus
GetSysColor
GetKeyState
GetAsyncKeyState
SendMessageW
PaintDesktop
GetLastActivePopup
IsCharLowerA
IsWindowVisible
SendMessageA
GetDlgItem
GetThreadDesktop
LoadIconA
CountClipboardFormats
CloseDesktop
GetDialogBaseUnits
IsMenu
GetWindowTextLengthW
DestroyWindow
WindowFromDC
Number of PE resources by type
RT_DIALOG 18
RT_GROUP_CURSOR 16
RT_CURSOR 16
RT_STRING 8
RT_ICON 4
RT_BITMAP 3
RT_MENU 2
RT_ACCELERATOR 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 42
ENGLISH US 31
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.6.5.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
ASCII

InitializedDataSize
461312

EntryPoint
0x1c50

OriginalFileName
AkelPad.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright AkelSoft 2003-2011

FileVersion
0, 0, 0, 0

TimeStamp
2014:07:15 15:24:47+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0, 0, 0, 0

FileDescription
AkelPad (x86) text editor

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
5632

ProductName
AkelPad

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 de8a79d31d4183c9492d50d29e840785
SHA1 9fadc7fc8be9b0e963d496cc2c1dd3530d502940
SHA256 d2722895e5c79647e756f455170a908af0cf091ab3d9ef038c02b9b10b107c0b
ssdeep
6144:Sz+FMRV2Y595OciEx0HegM9W2rA5YmfVQg+QtO83:Sz02V/EPgOegQJtvQtOI

authentihash 5ee8d16ff9b353a7c23d8c850f32d23e9811d32d271f0b08ea878dff0de1dfc9
imphash 29077603d4ed9e40f4f07f7098f23199
File size 456.0 KB ( 466944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-15 16:11:26 UTC ( 4 years, 6 months ago )
Last submission 2014-07-28 13:28:04 UTC ( 4 years, 5 months ago )
File names eft_rbc.pif
AkelPad.exe
d2722895e5c79647e756f455170a908af0cf091ab3d9ef038c02b9b10b107c0b_d2722895e5c79647e756f455170a908af0cf091ab3d9ef038c02b9b10b107c0b
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R034E01J914.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.