× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d652e561ab9cab454a962838877798912520312499d9bc6cc8748050a5826925
File name: rapport.pdf.exe
Detection ratio: 5 / 42
Analysis date: 2012-04-10 10:46:01 UTC ( 6 years, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20120409
DrWeb Trojan.PWS.Panda.655 20120410
Fortinet W32/Zbot.RO!tr 20120410
McAfee PWS-Zbot.gen.ro 20120410
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20120402
AntiVir 20120410
Antiy-AVL 20120410
Avast 20120410
AVG 20120410
BitDefender 20120410
ByteHero 20120407
CAT-QuickHeal 20120410
ClamAV 20120410
Commtouch 20120410
Comodo 20120410
Emsisoft 20120410
eSafe 20120408
eTrust-Vet 20120410
F-Prot 20120409
F-Secure 20120410
GData 20120410
Ikarus 20120410
Jiangmin 20120410
K7AntiVirus 20120409
Kaspersky 20120410
McAfee-GW-Edition 20120409
Microsoft 20120410
NOD32 20120410
Norman 20120409
nProtect 20120409
Panda 20120409
PCTools 20120410
Rising 20120410
Sophos AV 20120410
Symantec 20120410
TheHacker 20120410
TrendMicro 20120409
TrendMicro-HouseCall 20120409
VBA32 20120409
VIPRE 20120410
ViRobot 20120410
VirusBuster 20120409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0002C8C4
Number of sections 6
PE sections
Overlays
MD5 a26b968476f8219fb29b8d08b98c53a0
File type data
Offset 198144
Size 512
Entropy 7.59
PE imports
GetInformationCodeAuthzLevelW
LsaLookupPrivilegeValue
TraceEvent
LsaGetQuotasForAccount
GetKernelObjectSecurity
ReplaceTextW
LoadAlterBitmap
FindTextA
PageSetupDlgA
PrintDlgExA
EnumFontFamiliesA
CreateCompatibleDC
DeleteColorSpace
GetObjectType
WaitCommEvent
GetProfileStringW
GetVolumeInformationA
DosPathToSessionPathW
LockFileEx
BuildCommDCBAndTimeoutsA
MapViewOfFileEx
LocalAlloc
CompareFileTime
LoadLibraryW
SetLocaleInfoA
GetCurrentDirectoryA
PulseEvent
RtlCaptureContext
GetProfileIntA
EnumDateFormatsA
VerifyConsoleIoHandle
GetConsoleAliasExesW
GetCalendarInfoA
SetFileAttributesW
SendNotifyMessageA
SetWindowPlacement
OffsetRect
CreateIconIndirect
DefWindowProcA
LoadMenuW
SetPropW
ToUnicodeEx
SetWindowLongW
EnableWindow
RegisterClipboardFormatA
LockWindowUpdate
DialogBoxParamA
TranslateMessageEx
GetMenuDefaultItem
SetDlgItemTextW
CreateCursor
DrawCaption
GetWindowModuleFileNameA
CheckMenuItem
PrintWindow
UnlockWindowStation
GetLastActivePopup
SetWindowTextW
SetMenuDefaultItem
SetLastErrorEx
CloseWindowStation
wsprintfA
CreateMenu
IsDialogMessageW
MonitorFromPoint
RegisterClipboardFormatW
GetKeyboardLayout
EnumDesktopWindows
FindWindowExW
GetTabbedTextExtentW
IsChild
AddMonitorA
EnumFormsA
StartDocPrinterA
Number of PE resources by type
RT_DIALOG 4
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
179200

LinkerVersion
8.0

EntryPoint
0x2c8c4

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 b849d83081ff7bfe236d32893de8adb9
SHA1 4a1c0bf90e6cd65e05f9effceb85d58068d5a4f3
SHA256 d652e561ab9cab454a962838877798912520312499d9bc6cc8748050a5826925
ssdeep
3072:zrX3z0ss/NZmIlYZh7sG95SdwoOTfmb0QMX3FCspXp84iHCwtNdBH/hSsPbut:HDYnmHh7sTWoSeb0nX3FC53dHSo+

authentihash e645c87f8d8acc76f1f71d68191652a40c79b070b4f413279f1b910a0b00d698
imphash b3510a24a09d22dfd8542ed7f6958da0
File size 194.0 KB ( 198656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-04-10 10:46:01 UTC ( 6 years, 7 months ago )
Last submission 2017-02-27 20:15:43 UTC ( 1 year, 8 months ago )
File names b849d83081ff7bfe236d32893de8adb9
aa
1334056302.rapport.pdf.exe
RPxV.vbs
ziivsSl.dwg
rapport.pdf.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications