× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7f8d088049d74cb12b12780abfd4b726174beecc4b49b4e7b7f5e6c4b04cccb
File name: voicemail.exe
Detection ratio: 7 / 26
Analysis date: 2013-11-20 20:32:13 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu-International Trojan.Win32.Kryptik.BPFV 20131120
Kaspersky UDS:DangerousObject.Multi.Generic 20131120
Sophos Mal/Generic-S 20131120
Symantec Suspicious.Cloud.5 20131120
TrendMicro PAK_Generic.001 20131120
TrendMicro-HouseCall PAK_Generic.001 20131120
VIPRE Trojan.Win32.Dofoil.qtz (v) 20131120
AVG 20131120
Agnitum 20131120
AhnLab-V3 20131120
AntiVir 20131120
Antiy-AVL 20131120
Avast 20131120
BitDefender 20131120
Bkav 20131120
ByteHero 20131118
CAT-QuickHeal 20131120
ClamAV 20131120
Commtouch 20131120
Comodo 20131120
DrWeb 20131120
ESET-NOD32 20131120
Emsisoft 20131120
F-Prot 20131120
F-Secure 20131120
Fortinet 20131120
GData 20131120
Ikarus 20131120
Jiangmin 20131120
K7AntiVirus 20131120
K7GW 20131120
Kingsoft 20130829
Malwarebytes 20131120
McAfee 20131120
McAfee-GW-Edition 20131120
MicroWorld-eScan 20131120
Microsoft None
NANO-Antivirus 20131120
Norman None
Panda 20131120
Rising None
SUPERAntiSpyware 20131120
TheHacker 20131120
TotalDefense 20131119
VBA32 20131120
ViRobot 20131120
nProtect 20131120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-21 01:39:10
Link date 2:39 AM 11/21/2013
Entry Point 0x00028001
Number of sections 5
PE sections
PE imports
GetProcAddress
GetModuleHandleA
LoadLibraryA
Ord(212)
PathGetCharTypeW
InvalidateRect
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:21 02:39:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

FileAccessDate
2014:03:20 00:48:32+01:00

EntryPoint
0x28001

InitializedDataSize
155648

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:20 00:48:32+01:00

UninitializedDataSize
0

File identification
MD5 41ca9645233648b3d59cb52e08a4e22a
SHA1 d14090529c34aafa5668dc38058c051bbcc5c895
SHA256 e7f8d088049d74cb12b12780abfd4b726174beecc4b49b4e7b7f5e6c4b04cccb
ssdeep
1536:zHDcHivuL76VMskNNrzm2ZdRKQJcNYaiUokh6Kkbl3Rp0uJA98oF:zP7Pk3rzm2ZdHwJVnATy

imphash 039bc224ffa8c0fd403d1ac424213a77
File size 93.5 KB ( 95744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe aspack

VirusTotal metadata
First submission 2013-11-20 18:20:44 UTC ( 4 months, 3 weeks ago )
Last submission 2014-03-19 23:43:02 UTC ( 3 weeks, 6 days ago )
File names VoiceMail.exe
Wedding_Invitation_Hackettstown_exe
VoiceMail_Perth.exe
voicemail.exe
41ca9645233648b3d59cb52e08a4e22a
sophownu.exe
voicemail.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications