× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0d2d070f3ff98e2fdfe7d0e54aeb9c0e551afb4758625880d61fa41d4c5cc41
File name: 3c3944f52d194fd86d12ebccb2c7cf85
Detection ratio: 24 / 53
Analysis date: 2014-07-23 11:16:35 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1772533 20140723
AhnLab-V3 Trojan/Win32.Dofoil 20140722
AntiVir TR/Crypt.XPACK.Gen7 20140723
Avast Win32:Malware-gen 20140723
BitDefender Trojan.GenericKD.1772533 20140723
ByteHero Trojan.Malware.Obscu.Gen.004 20140723
Commtouch W32/Trojan.ASWP-9209 20140723
DrWeb BackDoor.Kuluoz.4 20140723
Emsisoft Trojan.GenericKD.1772533 (B) 20140723
ESET-NOD32 Win32/TrojanDownloader.Zortob.B 20140723
F-Prot W32/Trojan3.JMV 20140723
GData Trojan.GenericKD.1772533 20140723
Ikarus Trojan-Spy.Zbot 20140723
Kaspersky Net-Worm.Win32.Aspxor.bqak 20140723
McAfee RDN/Generic.tfr!eb 20140723
McAfee-GW-Edition Artemis!3C3944F52D19 20140722
eScan Trojan.GenericKD.1772533 20140723
Qihoo-360 HEUR/Malware.QVM07.Gen 20140723
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140723
Sophos AV Troj/Wonton-CJ 20140723
Symantec Trojan.Asprox.B 20140723
TrendMicro TROJ_MIPC.008575GN14 20140723
TrendMicro-HouseCall TROJ_MIPC.008575GN14 20140723
VBA32 BScope.Trojan-Dropper.8612 20140722
AegisLab 20140723
Yandex 20140722
Antiy-AVL 20140723
AVG 20140723
Baidu-International 20140723
Bkav 20140723
CAT-QuickHeal 20140723
ClamAV 20140723
CMC 20140722
Comodo 20140723
F-Secure 20140723
Fortinet 20140723
Jiangmin 20140723
K7AntiVirus 20140722
K7GW 20140723
Kingsoft 20140723
Malwarebytes 20140723
Microsoft 20140723
NANO-Antivirus 20140723
Norman 20140723
nProtect 20140722
Panda 20140722
SUPERAntiSpyware 20140723
Tencent 20140723
TheHacker 20140722
TotalDefense 20140723
VIPRE 20140723
ViRobot 20140723
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-23 04:57:09
Entry Point 0x000052F5
Number of sections 4
PE sections
PE imports
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
FreeLibraryAndExitThread
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
SetLastError
InitializeCriticalSection
TryEnterCriticalSection
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetModuleHandleA
SetEnvironmentVariableA
TerminateProcess
InterlockedDecrement
GlobalAlloc
CreateEventW
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
FreeLibrary
QueryPerformanceCounter
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
CompareStringW
GetCurrentThreadId
CompareStringA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
lstrlenW
SizeofResource
CompareFileTime
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
ReadFile
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHFileOperationW
GetSystemMetrics
Ord(206)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:05:23 05:57:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.1

EntryPoint
0x52f5

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3c3944f52d194fd86d12ebccb2c7cf85
SHA1 9a754f1b087204352b96df75db84c499d704bd39
SHA256 e0d2d070f3ff98e2fdfe7d0e54aeb9c0e551afb4758625880d61fa41d4c5cc41
ssdeep
3072:lHT2z41E407PKtxDyS5p63Aulw0lK0McwE5SoooZgPxU:JT2ca7Kt5p5piAuK0ZT5x

authentihash e4366280cb8402adc0fb2c67ac698e49417e0b31cc2e563ee98a4d39d3e1da14
imphash ddbe9339540bc0d2203b842404081647
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-22 21:10:13 UTC ( 3 years, 3 months ago )
Last submission 2014-07-23 11:13:58 UTC ( 3 years, 3 months ago )
File names c-dc71f-6405-1406076991
3c3944f52d194fd86d12ebccb2c7cf85
Copy_of_document_July-22-2014.exe
e0d2d070f3ff98e2fdfe7d0e54aeb9c0e551afb4758625880d61fa41d4c5cc41.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs