× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8497756f2b6f1bda5c979a16ae443f575c4cfc86854aa4730aa3ca9fbddc0d8
File name: wordpad
Detection ratio: 61 / 67
Analysis date: 2017-12-06 19:10:26 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7372501 20171206
AegisLab Troj.W32.Menti!c 20171206
AhnLab-V3 Trojan/Win32.Zbot.R19828 20171206
ALYac Trojan.Generic.7372501 20171206
Antiy-AVL Trojan/Win32.TSGeneric 20171206
Arcabit Trojan.Generic.D707ED5 20171206
Avast Win32:SmokeLoader-RG [Trj] 20171206
AVG Win32:SmokeLoader-RG [Trj] 20171206
Avira (no cloud) TR/Offend.KD.520644 20171206
AVware Trojan.Win32.Generic!BT 20171206
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9949 20171206
BitDefender Trojan.Generic.7372501 20171206
CAT-QuickHeal Trojan.Dorv 20171206
ClamAV Win.Trojan.Zbot-52606 20171206
CMC Trojan.Win32.Menti!O 20171206
Comodo TrojWare.Win32.Kryptik.ZLIA 20171206
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171206
Cyren W32/Zbot.GEMS-7244 20171206
DrWeb Trojan.PWS.Panda.547 20171206
Emsisoft Trojan.Generic.7372501 (B) 20171206
Endgame malicious (moderate confidence) 20171130
ESET-NOD32 Win32/Spy.Zbot.YW 20171206
F-Prot W32/Zbot.BGM 20171206
F-Secure Trojan.Generic.7372501 20171206
Fortinet W32/Menti.BJW!tr 20171206
GData Trojan.Generic.7372501 20171206
Ikarus Trojan.Win32.Menti 20171206
Sophos ML heuristic 20170914
Jiangmin Trojan/Generic.abmvi 20171206
K7AntiVirus Riskware ( 0015e4f11 ) 20171205
K7GW Riskware ( 0015e4f11 ) 20171206
Kaspersky Trojan.Win32.Menti.lhnm 20171206
Kingsoft Win32.Troj.Undef.(kcloud) 20171206
Malwarebytes Trojan.FakeMS.ED 20171206
MAX malware (ai score=100) 20171206
McAfee Generic Downloader.me 20171206
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20171206
Microsoft PWS:Win32/Zbot 20171206
eScan Trojan.Generic.7372501 20171206
NANO-Antivirus Trojan.Win32.Menti.iwisa 20171206
nProtect Trojan/W32.Agent.162816.KD 20171206
Palo Alto Networks (Known Signatures) generic.ml 20171206
Panda Generic Malware 20171206
Qihoo-360 Win32/Trojan.e54 20171206
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Troj/Zbot-BJW 20171206
SUPERAntiSpyware Trojan.Agent/Gen-MultiThreat 20171206
Symantec Trojan.Gen 20171206
Tencent Win32.Trojan.Menti.Ecuj 20171206
TheHacker Trojan/Menti.lhnm 20171205
TrendMicro TROJ_RANSOM.BPB 20171206
TrendMicro-HouseCall TROJ_RANSOM.BPB 20171206
VBA32 Trojan.Menti 20171206
VIPRE Trojan.Win32.Generic!BT 20171206
ViRobot Trojan.Win32.A.Menti.162816.H 20171206
Webroot Trojan.Dropper.Gen 20171206
Yandex TrojanSpy.Zbot!wPP+mPRIvGE 20171205
Zillya Trojan.Menti.Win32.25983 20171206
ZoneAlarm by Check Point Trojan.Win32.Menti.lhnm 20171206
Alibaba 20171206
Avast-Mobile 20171206
Bkav 20171206
eGambit 20171206
Rising 20171206
Symantec Mobile Insight 20171206
Trustlook 20171206
WhiteArmor 20171204
Zoner 20171206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name wordpad
Internal name wordpad
File version 5.1.2600.5512 (xpsp.080413-2105)
Description Текстовый редактор WordPad (MFC)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-17 22:21:06
Entry Point 0x00039F50
Number of sections 3
PE sections
Overlays
MD5 730806f2d1e7409ce6d6a82e3c9b1f8c
File type data
Offset 162304
Size 512
Entropy 7.52
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DefMDIChildProcA
GetFileVersionInfoA
Number of PE resources by type
RT_STRING 4
RT_CURSOR 4
RT_DIALOG 3
RT_ACCELERATOR 3
RT_GROUP_ICON 3
Struct(31) 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
7.4

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
77824

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x39f50

OriginalFileName
wordpad

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-2105)

TimeStamp
2011:06:17 23:21:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wordpad

ProductVersion
5.1.2600.5512

FileDescription
WordPad (MFC)

OSVersion
6.4

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
159744

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8d698ec8aed074dce23a1bca8cd894d2
SHA1 8149405cc98b6a646f0ef44b4be771ad39100127
SHA256 e8497756f2b6f1bda5c979a16ae443f575c4cfc86854aa4730aa3ca9fbddc0d8
ssdeep
3072:5fKTSGMmqQ/xvYKHLIJJaYfiPRg1pMtrWDjGRLiG5/I8IGPUpzfoutIV1rN:tMWmX/xQKHLE8PRvija7KpGGoSI5

authentihash 3ae2305ced62e753a531ee9bb66e3897935ccb4d231d66dd0fde5146676c7ea3
imphash 3c9cf2cbd904e87609e50831d4dc02bc
File size 159.0 KB ( 162816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-01-26 19:40:53 UTC ( 6 years, 5 months ago )
Last submission 2017-12-06 19:10:26 UTC ( 6 months, 2 weeks ago )
File names e8497756f2b6f1bda5c979a16ae443f575c4cfc86854aa4730aa3ca9fbddc0d8.bin
file-3470701_exe
smona132787851555897002695
DOCInfo.exe
wordpad
8149405cc98b6a646f0ef44b4be771ad39100127.bin
smona132787851712066466796
"calc.exe"
info.exe.x-msdownload
smona132787851571401336544
readme.exe
smona132787851666738490326
smona_e8497756f2b6f1bda5c979a16ae443f575c4cfc86854aa4730aa3ca9fbddc0d8.bin
about.exe
wpbt0.dll
smona132787851766700733335
download (76)
smona132787851754263663098
8149405cc98b6a646f0ef44b4be771ad39100127_calc.ex
w2.exe
about.exe.x-msdownload
w.php
428 27.01.2012 00.57.58.422
8d698ec8aed074dce23a1bca8cd894d2
smona132787851791738037478
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!