× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d986b496b9a9778a2616e882e8e6493046fa993ed7f04f5d96c88c3f74ddc7a3
File name: 6c65037029a63e7e7a489dec4dfe6d4365c3671c
Detection ratio: 28 / 56
Analysis date: 2015-04-15 08:11:03 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.596294 20150415
ALYac Gen:Variant.Jaik.6690 20150415
Avast Win32:Emotet-P [Trj] 20150415
AVG Inject2.BYBH 20150415
AVware Trojan.Win32.Generic!BT 20150415
Baidu-International Trojan.Win32.Bublik.dnty 20150414
BitDefender Gen:Variant.Kazy.596294 20150415
ByteHero Virus.Win32.Heur.p 20150415
CMC Heur.Win32.VBKrypt.3!O 20150413
Emsisoft Gen:Variant.Kazy.596294 (B) 20150415
ESET-NOD32 a variant of Win32/Injector.BYGW 20150415
F-Secure Gen:Variant.Kazy.596294 20150415
Fortinet W32/BYED!tr 20150415
GData Gen:Variant.Kazy.596294 20150415
Ikarus Trojan.Win32.Injector 20150415
K7AntiVirus Trojan ( 004bd2f41 ) 20150415
K7GW Trojan ( 004bd2f41 ) 20150415
Kaspersky Trojan.Win32.Bublik.dnty 20150415
McAfee Artemis!3D1D65DCCCC5 20150415
Microsoft Trojan:Win32/Emotet.G 20150414
eScan Gen:Variant.Kazy.596294 20150415
Norman Suspicious_Gen4.IFIZP 20150415
Panda Trj/Genetic.gen 20150414
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150415
Sophos AV Mal/Generic-S 20150415
Tencent Trojan.Win32.Qudamah.Gen.17 20150415
TrendMicro-HouseCall Suspicious_GEN.F47V0413 20150415
VIPRE Trojan.Win32.Generic!BT 20150415
AegisLab 20150415
Yandex 20150414
AhnLab-V3 20150415
Alibaba 20150415
Antiy-AVL 20150415
Bkav 20150414
CAT-QuickHeal 20150415
ClamAV 20150415
Comodo 20150415
Cyren 20150415
DrWeb 20150415
F-Prot 20150415
Jiangmin 20150414
Kingsoft 20150415
Malwarebytes 20150415
McAfee-GW-Edition 20150414
NANO-Antivirus 20150415
nProtect 20150415
Rising 20150414
SUPERAntiSpyware 20150415
Symantec 20150415
TheHacker 20150414
TotalDefense 20150414
TrendMicro 20150415
VBA32 20150414
ViRobot 20150415
Zillya 20150414
Zoner 20150413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Pick which country you're in and we'll tell you more about Berocca®. Select your Country. Argentina

Publisher Pick which country you're in and we'll tell you more about Berocca®. Select your C...
Product Pick which country you're in and we'll tell you more about Berocca®. Select your Country. Argentina
Original name TextConv.exe
Internal name TextConv
File version 1.00.0015
Description Pick which country you're in and we'll tell you more about Berocca®. Select your Country. Argentina
Comments Pick which country you're in and we'll tell you more about Berocca®. Select your Country. Argentina
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-12 07:32:30
Entry Point 0x00001128
Number of sections 3
PE sections
Overlays
MD5 2f9d7723d2f16da9f2764216598e2034
File type data
Offset 147456
Size 51453
Entropy 7.95
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(537)
Ord(648)
Ord(516)
Ord(685)
Ord(594)
Ord(689)
Ord(525)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(100)
Ord(599)
Ord(608)
Ord(570)
Ord(571)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(593)
Ord(306)
Ord(631)
Ord(563)
Number of PE resources by type
RT_ICON 4
RT_STRING 1
RT_VERSION 1
CEROL 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
THAI DEFAULT 2
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Pick which country you're in and we'll tell you more about Berocca . Select your Country. Argentina

SubsystemVersion
4.0

Comments
Pick which country you're in and we'll tell you more about Berocca . Select your Country. Argentina

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.15

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Pick which country you're in and we'll tell you more about Berocca . Select your Country. Argentina

CharacterSet
Unicode

InitializedDataSize
53248

EntryPoint
0x1128

OriginalFileName
TextConv.exe

MIMEType
application/octet-stream

LegalCopyright
Pick which country you're in and we'll tell you more about Berocca . Select your Country. Argentina

FileVersion
1.00.0015

TimeStamp
2015:04:12 08:32:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TextConv

ProductVersion
1.00.0015

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pick which country you're in and we'll tell you more about Berocca . Select your Country. Argentina

CodeSize
102400

ProductName
Pick which country you're in and we'll tell you more about Berocca . Select your Country. Argentina

ProductVersionNumber
1.0.0.15

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3d1d65dcccc518337ceec68ae85a96ff
SHA1 90109da5d8b8867c5f0815835fb96fa404bafec6
SHA256 d986b496b9a9778a2616e882e8e6493046fa993ed7f04f5d96c88c3f74ddc7a3
ssdeep
3072:FOQhZOOQhZOOQhZol4psa50OQhZOOQhZOOQhZe7+mKQDtouWI:qm+mroRI

authentihash faed38cce41390caa854c5829b9761d947e3969e708697955f2e511e38dbb06a
imphash e9c7d402150ccfcc98bb88e155a1e3b6
File size 194.2 KB ( 198909 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-13 20:10:31 UTC ( 4 years, 1 month ago )
Last submission 2015-08-17 12:54:36 UTC ( 3 years, 9 months ago )
File names 65072733
TextConv
M473.mal
TextConv.exe
6c65037029a63e7e7a489dec4dfe6d4365c3671c
8a1.exe
kQzG.tiff
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00GC0DDJ15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!