× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d567e8853aa3cbccbd5082471f761f75d77daf68c8d448e88875f141d6d0ab6f
File name: document_8731_pdf.exe
Detection ratio: 4 / 54
Analysis date: 2014-11-18 13:46:45 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
ByteHero Virus.Win32.Heur.c 20141118
McAfee-GW-Edition BehavesLike.Win32.Autorun.nt 20141118
Norman Upatre.FE 20141117
Qihoo-360 Malware.QVM19.Gen 20141118
Ad-Aware 20141118
AegisLab 20141118
Yandex 20141117
AhnLab-V3 20141118
Antiy-AVL 20141118
Avast 20141118
AVG 20141118
Avira (no cloud) 20141118
AVware 20141118
Baidu-International 20141107
BitDefender 20141118
Bkav 20141118
CAT-QuickHeal 20141118
ClamAV 20141118
CMC 20141118
Comodo 20141118
Cyren 20141118
DrWeb 20141118
Emsisoft 20141118
ESET-NOD32 20141118
F-Prot 20141118
F-Secure 20141118
Fortinet 20141118
GData 20141118
Ikarus 20141118
Jiangmin 20141117
K7AntiVirus 20141118
K7GW 20141118
Kaspersky 20141118
Kingsoft 20141118
Malwarebytes 20141118
McAfee 20141118
Microsoft 20141118
eScan 20141118
NANO-Antivirus 20141118
nProtect 20141118
Panda 20141118
Rising 20141117
Sophos AV 20141118
SUPERAntiSpyware 20141118
Symantec 20141118
Tencent 20141118
TheHacker 20141117
TotalDefense 20141118
TrendMicro 20141118
VBA32 20141118
VIPRE 20141118
ViRobot 20141118
Zillya 20141117
Zoner 20141118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-02 18:53:34
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
CertModifyCertificatesToTrust
CertSelectCertificateW
CertConfigureTrustA
CertTrustFinalPolicy
CertTrustCertPolicy
CertSelectCertificateA
CertTrustCleanup
CertConfigureTrustW
CallNamedPipeW
GetSystemTime
ReadFile
CreateFileA
GetTickCount
EnumCalendarInfoW
PeekConsoleInputA
GetVersionExA
GetSystemDirectoryA
DsGetDcNextW
DsValidateSubnetNameA
NetDfsGetClientInfo
DsValidateSubnetNameW
DsGetDcNextA
NetDfsEnum
RasGetConnectionStatistics
RasGetEapUserIdentityA
RasGetAutodialEnableA
RasGetAutodialEnableW
RasGetEapUserIdentityW
RasGetEntryPropertiesA
RasScriptReceive
RasGetCredentialsW
RasGetEntryPropertiesW
RasGetCredentialsA
RasGetCountryInfoA
RasGetConnectStatusW
RasGetEntryDialParamsA
RasGetAutodialAddressA
RasGetAutodialParamW
RasGetConnectStatusA
RasGetCountryInfoW
RasGetAutodialParamA
RasGetAutodialAddressW
RasGetEntryDialParamsW
RasGetCustomAuthDataA
RasGetErrorStringW
RasSetCredentialsA
RasGetEapUserDataA
RasDialW
RasDeleteSubEntryA
RasGetErrorStringA
RasGetCustomAuthDataW
RasFreeEapUserIdentityW
RasDialA
RasGetEapUserDataW
Number of PE resources by type
RT_ICON 2
RT_MENU 2
RT_GROUP_ICON 1
RT_FONT 1
Number of PE resources by language
NEUTRAL 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:02 19:53:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
3.7

FileTypeExtension
exe

InitializedDataSize
86016

SubsystemVersion
5.1

EntryPoint
0x1000

OSVersion
3.2

ImageVersion
4.0

UninitializedDataSize
438272

Compressed bundles
File identification
MD5 fd020eab574a73011a8b9ae4854e59f6
SHA1 ec877e9f825d957e3fb848b4a6b07435406481ba
SHA256 d567e8853aa3cbccbd5082471f761f75d77daf68c8d448e88875f141d6d0ab6f
ssdeep
384:OznmyeyFdH3zwniUa+ctntrp7XfyPs/Do1FQoiH6iAlOcqsGBg:O1tzwiUalt9p+Ps/Do1FQ36hlOYGB

authentihash ecfa454e9057c761aa34df32e2108f2893cab49b8e0c16f0a3ee4ff826494ba5
imphash 67349e4a5dd29ce30cc38a1906d5663d
File size 35.0 KB ( 35840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-18 13:36:32 UTC ( 4 years, 6 months ago )
Last submission 2015-11-15 02:12:35 UTC ( 3 years, 6 months ago )
File names document_8731_pdf.exe
WL-09b4628227fd47726599136c8e4fa51d-0
document_8731_pdf.exe.dat
d567e8853aa3cbccbd5082471f761f75d77daf68c8d448e88875f141d6d0ab6f.exe
iwtOj.scr
fd020eab574a73011a8b9ae4854e59f6.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections