× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ecc45bedd8ea48ae85c3ce9c1a77aa2ab39efa0de9d3c4fc3f5a5be2adf2e5df
File name: Copy_of_document_July-30-2014.exe
Detection ratio: 29 / 54
Analysis date: 2014-07-31 16:42:37 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1785237 20140731
AhnLab-V3 Trojan/Win32.Kuluoz 20140731
AntiVir TR/Crypt.XPACK.Gen7 20140731
Avast Win32:Malware-gen 20140731
AVware Trojan.Win32.Kuluoz.dad (v) 20140731
Baidu-International Trojan.Win32.Kryptik.BCHWT 20140731
BitDefender Trojan.GenericKD.1785237 20140731
ByteHero Trojan.Malware.Obscu.Gen.004 20140731
Commtouch W32/Trojan.GURH-6740 20140731
Comodo UnclassifiedMalware 20140731
Emsisoft Trojan-Downloader.Win32.Kuluoz (A) 20140731
ESET-NOD32 Win32/TrojanDownloader.Zortob.B 20140731
F-Prot W32/Trojan3.JRB 20140731
F-Secure Trojan.GenericKD.1785237 20140731
Fortinet W32/PACKED.BQ!tr 20140731
GData Trojan.GenericKD.1785237 20140731
Ikarus Net-Worm.Win32.Aspxor 20140731
McAfee Packed-BQ!529E7348BCA2 20140731
McAfee-GW-Edition Packed-BQ!529E7348BCA2 20140731
eScan Trojan.GenericKD.1785237 20140731
nProtect Trojan.GenericKD.1785237 20140731
Panda Trj/CI.A 20140731
Qihoo-360 Win32/Trojan.cb1 20140731
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140731
Sophos Mal/EncPk-AAQ 20140731
Symantec Trojan.Asprox.B 20140731
TrendMicro TROJ_KULUOZ.WSCK 20140731
TrendMicro-HouseCall TROJ_KULUOZ.WSCK 20140731
VIPRE Trojan.Win32.Kuluoz.dad (v) 20140731
AegisLab 20140731
Yandex 20140730
Antiy-AVL 20140731
AVG 20140731
Bkav 20140731
CAT-QuickHeal 20140731
ClamAV 20140731
CMC 20140731
DrWeb 20140731
Jiangmin 20140725
K7AntiVirus 20140731
K7GW 20140731
Kaspersky 20140731
Kingsoft 20140731
Malwarebytes 20140731
Microsoft 20140731
NANO-Antivirus 20140731
Norman 20140731
SUPERAntiSpyware 20140731
Tencent 20140731
TheHacker 20140728
TotalDefense 20140731
VBA32 20140731
ViRobot 20140731
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-31 04:22:30
Entry Point 0x00005065
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryA
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
HeapDestroy
GetTickCount
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
lstrlenW
FreeLibrary
GetCPInfo
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
UnhandledExceptionFilter
GetCommandLineW
LCMapStringA
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
CreateDirectoryW
GetCommandLineA
GetProcAddress
TlsFree
GetCurrentThread
LeaveCriticalSection
RaiseException
CreateThread
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CompareStringA
ResetEvent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEvent
LocalFree
FormatMessageW
TerminateProcess
CreateEventW
GetVersion
InitializeCriticalSection
HeapCreate
CreateFileW
VirtualFree
FatalAppExitA
FindClose
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
InterlockedIncrement
SHFileOperationW
GetForegroundWindow
EndDialog
OffsetRect
GetCapture
KillTimer
GetMessageW
ShowWindow
GetSysColorBrush
GetSystemMetrics
EnableWindow
SetCapture
SetParent
SendMessageW
GetSubMenu
GetMenuItemRect
SetClipboardData
DrawIconEx
LoadStringW
TrackPopupMenuEx
wsprintfA
GetMenuStringA
GetMenuState
LoadIconW
GetWindowTextA
ExitWindowsEx
PtInRect
Ord(134)
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:07:31 05:22:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
7.1

EntryPoint
0x5065

InitializedDataSize
73728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 529e7348bca26b22d0b42a7fe6c63e8d
SHA1 2982a8f41da4d796c2e31667eb29c4ed6424345a
SHA256 ecc45bedd8ea48ae85c3ce9c1a77aa2ab39efa0de9d3c4fc3f5a5be2adf2e5df
ssdeep
1536:d+3L3tOdZBCDQKnTv6keqrCZoKUQGd98PmRsnzWMUwszDmGhnJ:g3L3YdZcDQQvCZo64PRszAHh

authentihash 54f304a7b46bf75597fced27591c0cdaebf99f9efc5e00f5dcd26009618f7235
imphash 8ffba7a5a3766a72082fcc951f9669aa
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-30 20:05:06 UTC ( 2 years, 10 months ago )
Last submission 2014-08-16 10:31:04 UTC ( 2 years, 9 months ago )
File names Copy_of_document_July-30-2014.exe
529e7348bca26b22d0b42a7fe6c63e8d
529e7348bca26b22d0b42a7fe6c63e8d.malware
529e7348bca26b22d0b42a7fe6c63e8d.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs