× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de70dd9d3c7b992cef1dcf04ca55dbc5945993f2eedc6f72b403724e0af3d96e
File name: Fax_83478923748923748923748927389423423423.exex
Detection ratio: 1 / 57
Analysis date: 2015-04-24 10:07:53 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Tencent Trojan.Win32.Qudamah.Gen.3 20150424
Ad-Aware 20150424
AegisLab 20150424
Yandex 20150423
AhnLab-V3 20150424
Alibaba 20150424
ALYac 20150424
Antiy-AVL 20150424
Avast 20150424
AVG 20150424
Avira (no cloud) 20150424
AVware 20150424
Baidu-International 20150421
BitDefender 20150424
Bkav 20150423
ByteHero 20150424
CAT-QuickHeal 20150423
ClamAV 20150424
CMC 20150423
Comodo 20150424
Cyren 20150424
DrWeb 20150424
Emsisoft 20150424
ESET-NOD32 20150424
F-Prot 20150424
F-Secure 20150424
Fortinet 20150423
GData 20150424
Ikarus 20150424
Jiangmin 20150423
K7AntiVirus 20150424
K7GW 20150424
Kaspersky 20150424
Kingsoft 20150424
Malwarebytes 20150424
McAfee 20150424
McAfee-GW-Edition 20150423
Microsoft 20150424
eScan 20150424
NANO-Antivirus 20150424
Norman 20150424
nProtect 20150424
Panda 20150424
Qihoo-360 20150424
Rising 20150423
Sophos AV 20150424
SUPERAntiSpyware 20150424
Symantec 20150424
TheHacker 20150423
TotalDefense 20150423
TrendMicro 20150424
TrendMicro-HouseCall 20150424
VBA32 20150424
VIPRE 20150424
ViRobot 20150424
Zillya 20150424
Zoner 20150424
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-24 06:44:09
Entry Point 0x00009157
Number of sections 4
PE sections
Overlays
MD5 16da70ba0d79379707994425e8c02e16
File type data
Offset 76288
Size 31582
Entropy 7.99
PE imports
SetArcDirection
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
lstrcmpA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
EmptyClipboard
KillTimer
DrawStateA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:24 07:44:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
54784

LinkerVersion
10.0

EntryPoint
0x9157

InitializedDataSize
24576

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 4367aa573f020fc7f92592abf07bb993
SHA1 bdd3a8dbe24ec7255c4ddb1053bb2e7654bb32d0
SHA256 de70dd9d3c7b992cef1dcf04ca55dbc5945993f2eedc6f72b403724e0af3d96e
ssdeep
1536:RgFkH0wb8P20aYPIZj1MDHJ9RowH8vkkNo0ngU//Y05mxVlb4xDw:OkUmQ2Nd1yH/ud5o0nv/R6N

imphash 0c51b3a74950c2ed11a874f62065b210
File size 105.3 KB ( 107870 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe usb-autorun overlay

VirusTotal metadata
First submission 2015-04-24 10:07:53 UTC ( 2 years, 6 months ago )
Last submission 2017-04-12 01:02:10 UTC ( 6 months, 2 weeks ago )
File names 4367aa573f020fc7f92592abf07bb993.exe
svchost.pe
green_card_usa_483273289748923749823798.exe
green_card_usa_483273289748923749823798.exe-2015-04-24.19-10-01.txt
1.exe
FAX_8347.pe
csrss.exe
Fax_83478923748923748923748927389423423423.exex
Fax_83478923748923748923748927389423423423.exe
rundll32.exe-vir_
BDD3A8DBE24EC7255C4DDB1053BB2E7654BB32D0
de70dd9d3c7b992cef1dcf04ca55dbc5945993f2eedc6f72b403724e0af3d96e.exe.000
Fax_83478923748923748923748927389423423423.exe
VirusShare_4367aa573f020fc7f92592abf07bb993
35.exe
Fax_83478923748923748923748927389423423423.ex_
Fax83478923748923748923748927389423423423.exe
Fax_83478923748923748923748927389423423423(1).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs