× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dd013d1eff1781d0e0e36a48bdc0435b3ed0bc01252ae9da68e34344fc960e4a
File name: Detailed_Document_FAX_June-16_Date_2014_DOID.exe
Detection ratio: 0 / 54
Analysis date: 2014-06-16 15:05:02 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware 20140616
AegisLab 20140616
Yandex 20140614
AhnLab-V3 20140616
AntiVir 20140616
Antiy-AVL 20140616
Avast 20140616
AVG 20140616
Baidu-International 20140616
BitDefender 20140616
Bkav 20140616
ByteHero 20140616
CAT-QuickHeal 20140616
ClamAV 20140616
CMC 20140616
Commtouch 20140616
Comodo 20140616
DrWeb 20140616
Emsisoft 20140616
ESET-NOD32 20140616
F-Prot 20140616
F-Secure 20140616
Fortinet 20140616
GData 20140616
Ikarus 20140616
Jiangmin 20140616
K7AntiVirus 20140616
K7GW 20140616
Kaspersky 20140616
Kingsoft 20140616
Malwarebytes 20140616
McAfee 20140616
McAfee-GW-Edition 20140615
Microsoft 20140616
eScan 20140616
NANO-Antivirus 20140616
Norman 20140616
nProtect 20140616
Panda 20140616
Qihoo-360 20140616
Rising 20140616
Sophos 20140616
SUPERAntiSpyware 20140616
Symantec 20140616
Tencent 20140616
TheHacker 20140616
TotalDefense 20140616
TrendMicro 20140616
TrendMicro-HouseCall 20140616
VBA32 20140616
VIPRE 20140616
ViRobot 20140616
Zillya 20140616
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-16 07:36:48
Entry Point 0x00002B87
Number of sections 5
PE sections
PE imports
InitializeAcl
GetTextCharsetInfo
CreatePolygonRgn
GetWindowExtEx
Polygon
GetSystemPaletteEntries
SetMapMode
GetRgnBox
SaveDC
SetTextAlign
GetPaletteEntries
CreateRectRgnIndirect
SetROP2
CombineRgn
GetClipBox
GetObjectType
Rectangle
GetLayout
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
EnumFontFamiliesW
SetLayout
GetCharWidthW
SetPolyFillMode
SetWindowOrgEx
IntersectClipRect
RealizePalette
OffsetWindowOrgEx
CreatePatternBrush
CreateEllipticRgn
CreateBitmap
MoveToEx
CreatePalette
CreateDIBitmap
SetViewportOrgEx
SelectPalette
LineTo
ExtSelectClipRgn
CreateRoundRectRgn
SelectClipRgn
StretchBlt
StretchDIBits
ScaleWindowExtEx
ScaleViewportExtEx
CreateRectRgn
GetBkColor
GetNearestPaletteIndex
SetDIBColorTable
SetWindowExtEx
CreateSolidBrush
Polyline
GetViewportExtEx
SetViewportExtEx
SetRectRgn
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
HeapSetInformation
GetCurrentProcess
QueryDosDeviceW
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
CheckNameLegalDOS8Dot3A
GetCommandLineA
GetProcAddress
HeapSize
ExitProcess
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
GetPrivateProfileStringA
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
GetForegroundWindow
SetWindowRgn
GetScrollRange
SetLayeredWindowAttributes
SetMenuItemBitmaps
BeginPaint
HideCaret
GetScrollPos
EnableScrollBar
DestroyMenu
MapVirtualKeyW
PostQuitMessage
DefWindowProcA
TranslateAcceleratorW
GetNextDlgGroupItem
GetClassInfoExW
SendDlgItemMessageA
ShowScrollBar
IsIconic
SetScrollRange
PeekMessageW
InsertMenuItemW
SetMenu
CharUpperW
IntersectRect
GetWindowDC
CopyImage
ShowOwnedPopups
GetQueueStatus
GetMessageTime
RealChildWindowFromPoint
GetMenuDefaultItem
GetLastActivePopup
RegisterClassExA
EndDeferWindowPos
MapDialogRect
GetMenuStringW
CheckMenuItem
EnumDisplayMonitors
GetClassLongW
SetClassLongW
RegisterClassW
SendDlgItemMessageW
BeginDeferWindowPos
IsZoomed
UnregisterClassW
GetClassInfoW
UnpackDDElParam
WinHelpW
BringWindowToTop
SetScrollPos
InvertRect
CharNextW
GetKeyNameTextW
CreateWindowExA
GetClassNameW
TrackPopupMenu
IsDialogMessageW
ShowCursor
SetWindowContextHelpId
DestroyAcceleratorTable
RegisterClipboardFormatW
ValidateRect
PostThreadMessageW
CopyAcceleratorTableW
ReuseDDElParam
LoadAcceleratorsW
ScrollWindow
SetForegroundWindow
InvalidateRgn
NotifyWinEvent
IsChild
GetMenuCheckMarkDimensions
OleUninitialize
CLSIDFromProgID
OleTranslateAccelerator
OleLockRunning
OleDestroyMenuDescriptor
DoDragDrop
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal
OleFlushClipboard
IsAccelerator
CoCreateGuid
RegisterDragDrop
RevokeDragDrop
CoRegisterMessageFilter
OleGetClipboard
OleDuplicateData
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
CoInitialize
OleInitialize
CoLockObjectExternal
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoRevokeClassObject
StgCreateDocfileOnILockBytes
CoUninitialize
OleCreateMenuDescriptor
CoFreeUnusedLibraries
ReleaseStgMedium
OleSetContainedObject
OleIsCurrentClipboard
CoTaskMemFree
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:06:16 08:36:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
10.0

EntryPoint
0x2b87

InitializedDataSize
85504

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 3c5a4968f70f0883971d312f7f97d4a4
SHA1 0bd64a6b7743b7fcbab98c7d3d4b620e46d1c5e1
SHA256 dd013d1eff1781d0e0e36a48bdc0435b3ed0bc01252ae9da68e34344fc960e4a
ssdeep
3072:vNP9l4OtKsCbCNmzpqssl3mBjQeNA4bqS:vNP9l4TsHMzpp+3mVQeqmqS

authentihash 4ac4815a0cc92fd761bfa3269cf909954c318e95a58b08f9b710639ba059d6e7
imphash a221f553741351a6a880d061602e288c
File size 108.5 KB ( 111104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-16 14:05:03 UTC ( 2 years, 11 months ago )
Last submission 2014-10-30 15:26:29 UTC ( 2 years, 7 months ago )
File names vtakivid.exe
Detailed_Document_FAX_June-16_Date_2014_DOID.exe
xrogbcpj.exe
3c5a4968f70f0883971d312f7f97d4a4.exe
3c5a4968f70f0883971d312f7f97d4a4
dd013d1eff1781d0e0e36a48bdc0435b3ed0bc01252ae9da68e34344fc960e4a.exe
3c5a4968f70f0883971d312f7f97d4a4.bin
vti-rescan
file-7150275_exe
detailed_document_fax_june-16_date_2014_doid.exe
3c5a4968f70f0883971d312f7f97d4a4
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs