× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df830c2269a8637bcbb8a6b743d96982d40ada95fe18cc73331737d0504abe36
File name: 477f504ecc4eec070a8360008aaed8c5
Detection ratio: 39 / 54
Analysis date: 2014-08-05 13:15:53 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.148332 20140805
Yandex TrojanSpy.Zbot!nH5htqzyiRw 20140804
AhnLab-V3 Dropper/Win32.Necurs 20140804
AntiVir TR/Crypt.Xpack.93745 20140805
Antiy-AVL Trojan/Win32.Yakes 20140805
Avast Win32:Malware-gen 20140805
AVG Inject2.AOQU 20140805
AVware Trojan.Win32.Generic!BT 20140805
Baidu-International Trojan.Win32.Zbot.afI 20140805
BitDefender Gen:Variant.Graftor.148332 20140805
Bkav HW32.Laneul.fmwa 20140805
DrWeb Trojan.Betabot.3 20140805
Emsisoft Gen:Variant.Graftor.148332 (B) 20140805
ESET-NOD32 a variant of Win32/Injector.BIHM 20140805
F-Secure Gen:Variant.Graftor.148332 20140805
Fortinet W32/Zbot.BIHM!tr 20140805
GData Gen:Variant.Graftor.148332 20140805
Ikarus Backdoor.Win32.Azbreg 20140805
K7AntiVirus Riskware ( 0040eff71 ) 20140805
K7GW Riskware ( 0040eff71 ) 20140805
Kaspersky Trojan-Spy.Win32.Zbot.tpnn 20140805
Kingsoft Win32.Troj.Zbot.tp.(kcloud) 20140805
Malwarebytes Trojan.Ransom.ED 20140805
McAfee RDN/Generic PWS.y!b2m 20140805
McAfee-GW-Edition RDN/Generic PWS.y!b2m 20140804
Microsoft PWS:Win32/Zbot 20140805
eScan Gen:Variant.Graftor.148332 20140805
NANO-Antivirus Trojan.Win32.Androm.dcncqe 20140805
Norman ZBot.UONS 20140805
Panda Trj/CI.A 20140805
Rising PE:Trojan.Win32.Generic.170897E7!386439143 20140805
Sophos AV Troj/Wonton-FK 20140805
Symantec WS.Reputation.1 20140805
Tencent Win32.Trojan-spy.Zbot.Pdcx 20140805
TotalDefense Win32/Zbot.fdSVMP 20140805
TrendMicro TROJ_GEN.R028C0DGO14 20140805
TrendMicro-HouseCall TROJ_GEN.R028C0DGO14 20140805
VBA32 Malware-Cryptor.Limpopo 20140805
VIPRE Trojan.Win32.Generic!BT 20140805
AegisLab 20140805
ByteHero 20140805
CAT-QuickHeal 20140805
ClamAV 20140805
CMC 20140804
Commtouch 20140805
Comodo 20140805
F-Prot 20140805
Jiangmin 20140805
nProtect 20140805
Qihoo-360 20140805
SUPERAntiSpyware 20140804
TheHacker 20140805
ViRobot 20140805
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-21 00:58:44
Entry Point 0x0000A030
Number of sections 4
PE sections
PE imports
GetLogColorSpaceA
DeleteEnhMetaFile
GetOutlineTextMetricsA
CreateEllipticRgn
GdiGetBatchLimit
SetDIBitsToDevice
CopyMetaFileW
GetWorldTransform
EnumMetaFile
GdiGradientFill
GetDIBits
GetTextFaceW
GetCharWidthA
ExtTextOutW
GetPixel
SetRectRgn
PolylineTo
GetDeviceGammaRamp
DefineDosDeviceW
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
UpdateResourceW
GetSystemInfo
GetLastError
FindVolumeClose
GetOEMCP
QueryPerformanceCounter
HeapDestroy
HeapAlloc
GetHandleInformation
GetCommMask
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
FreeEnvironmentStringsW
OpenProcess
CreateIoCompletionPort
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
TlsFree
GetFileType
CreateFileMappingW
CheckRemoteDebuggerPresent
GetCPInfo
GetStringTypeA
GetModuleHandleA
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
QueryInformationJobObject
ClearCommError
GetACP
HeapReAlloc
GetStringTypeW
LocalUnlock
ExitProcess
SetStdHandle
TlsAlloc
LCMapStringA
SetHandleCount
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
GetEnvironmentStringsW
TlsGetValue
Sleep
TerminateProcess
TlsSetValue
GetTickCount
OutputDebugStringA
InterlockedIncrement
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
Ord(89)
AnimateWindow
UnregisterHotKey
SetMenuItemBitmaps
VkKeyScanExA
GetMessageW
LockSetForegroundWindow
GetNextDlgGroupItem
SetClipboardViewer
GetClassNameA
GetNextDlgTabItem
IsWindow
GetTabbedTextExtentA
SetMenu
SendMessageCallbackA
PostMessageA
DrawIcon
EnumChildWindows
IsMenu
DestroyCursor
PostMessageW
RemoveMenu
GetInputState
DrawCaption
ChildWindowFromPointEx
MenuItemFromPoint
ShowCaret
SetParent
GetLastActivePopup
AnyPopup
IsZoomed
HiliteMenuItem
IsCharAlphaNumericW
BringWindowToTop
EnableMenuItem
InsertMenuA
DragObject
WaitForInputIdle
EnumPropsExW
CreateIconFromResource
GetSystemMenu
UserHandleGrantAccess
TabbedTextOutW
MapVirtualKeyExA
DragDetect
Number of PE resources by type
RT_FONT 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.6.5.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
ASCII

InitializedDataSize
185856

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright AkelSoft 2003-2011

FileVersion
0, 0, 0, 0

TimeStamp
2014:07:21 01:58:44+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:08:05 14:17:52+01:00

ProductVersion
0, 0, 0, 0

FileDescription
AkelPad (x86) text editor

OSVersion
5.0

FileCreateDate
2014:08:05 14:17:52+01:00

OriginalFilename
AkelPad.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
61440

ProductName
AkelPad

ProductVersionNumber
0.0.0.0

EntryPoint
0xa030

ObjectFileType
Dynamic link library

File identification
MD5 477f504ecc4eec070a8360008aaed8c5
SHA1 646260c70dbee636d72154c13725cb78601187da
SHA256 df830c2269a8637bcbb8a6b743d96982d40ada95fe18cc73331737d0504abe36
ssdeep
3072:4mYpqc0+JgEqeqTBy80NgZRfRy7hterJ8rs/wBQqHsJS4p7ASjyla/w0tH:4mZchgEq5OoSh8SkwBoxjU0F

imphash 5d246d80c0da739b68656731d7241021
File size 243.8 KB ( 249643 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-03 22:10:32 UTC ( 4 years, 7 months ago )
Last submission 2014-08-05 13:15:53 UTC ( 4 years, 7 months ago )
File names 477f504ecc4eec070a8360008aaed8c5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs