× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eba74d086dbed0ec15be6378f35b5e86c274c14643ffc23ea13fd63053d73ee1
File name: monthly bill Vodafone.pdf.exe
Detection ratio: 6 / 47
Analysis date: 2013-07-23 13:56:50 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Tepfer 20130710
Kaspersky UDS:DangerousObject.Multi.Generic 20130710
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130708
McAfee Artemis!3965D6F02781 20130710
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20130710
TheHacker Posible_Worm32 20130710
AVG 20130710
Agnitum 20130710
AntiVir 20130710
Antiy-AVL 20130710
Avast 20130710
BitDefender 20130710
ByteHero 20130613
CAT-QuickHeal 20130708
ClamAV 20130710
Commtouch 20130710
Comodo 20130709
DrWeb 20130710
ESET-NOD32 20130710
Emsisoft 20130710
F-Prot 20130710
F-Secure 20130710
Fortinet 20130710
GData 20130710
Ikarus 20130710
Jiangmin 20130710
K7AntiVirus 20130709
K7GW 20130709
Malwarebytes 20130710
MicroWorld-eScan 20130710
Microsoft 20130710
NANO-Antivirus 20130710
Norman 20130708
PCTools 20130710
Panda 20130710
Rising 20130709
SUPERAntiSpyware 20130710
Sophos 20130710
Symantec 20130710
TotalDefense 20130710
TrendMicro 20130710
TrendMicro-HouseCall 20130710
VBA32 20130710
VIPRE 20130710
ViRobot 20130710
eSafe 20130709
nProtect 20130710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-23 01:36:40
Link date 2:36 AM 7/23/2013
Entry Point 0x0001F8F0
Number of sections 3
PE sections
PE imports
InitCommonControlsEx
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
CoInitialize
EnumWindows
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:07:23 02:36:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
2.5

Warning
Possibly corrupt Version resource

EntryPoint
0x1f8f0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
81920

File identification
MD5 3965d6f027812306ea953dbd0ac0bce0
SHA1 0d0cfcf3fd89392b38dfb37f98eb4f266b214c4b
SHA256 eba74d086dbed0ec15be6378f35b5e86c274c14643ffc23ea13fd63053d73ee1
ssdeep
1536:S46jJ/1aqcC7ywr8ypfVF57uzQnxRnouy8oW1uMbOr7K:bg/1a3wrvvRoutjwhPK

File size 62.6 KB ( 64152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (63.7%)
Win32 Dynamic Link Library (generic) (15.7%)
Win32 Executable (generic) (10.8%)
Generic Win/DOS Executable (4.8%)
DOS Executable Generic (4.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-23 08:25:29 UTC ( 8 months, 4 weeks ago )
Last submission 2013-08-15 08:35:50 UTC ( 8 months ago )
File names vt-upload-p78c3
vt-upload-ZhoBW
comendo-56-1374567902
file-5754652_exe
23 july _ monthly bill's Vodafone.pdf 2.exe
vt-upload-791fK
fraudulent-report.html.749022.html.exe
monthly bill Vodafone.pdf.exe
mms
23.exe
vt-upload-3HuRx
vt-upload-u519v
comendo-56-1374567902
3ae44fe0c7be8db845ebe704e0624d94b7bd0358
fraudulent-report.html.749022.html.ex
malekal_3965d6f027812306ea953dbd0ac0bce0
comendo-56
vt-upload-pXW3t
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications