× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: edcf615739453ebf0d9a3b509e8f04ea384c90bb28477155bb616dcedd51fd45
File name: 003742915
Detection ratio: 47 / 56
Analysis date: 2015-06-12 08:51:47 UTC ( 2 weeks, 4 days ago )
Antivirus Result Update
ALYac Trojan.Downloader.JOUA 20150612
AVG Generic26.HAB 20150612
AVware Trojan.Win32.Generic!BT 20150612
Ad-Aware Trojan.Downloader.JOUA 20150612
Agnitum Trojan.Inject!Y7JdPVsNWzo 20150611
AhnLab-V3 Win32/Phorpiex.worm.557056 20150612
Antiy-AVL Trojan[Dropper]/Win32.Injector 20150612
Arcabit Trojan.Downloader.JOUA 20150612
Avast Win32:VB-ZYR [Trj] 20150612
Avira TR/Dldr.JOUA 20150612
Baidu-International Trojan.Win32.Inject.byak 20150612
BitDefender Trojan.Downloader.JOUA 20150612
CAT-QuickHeal Trojan.Agen.rw3 20150612
Comodo UnclassifiedMalware 20150612
Cyren W32/Downloader.COME-0128 20150612
DrWeb Trojan.PWS.Spy.11887 20150612
ESET-NOD32 Win32/AutoRun.IRCBot.HO 20150612
F-Prot W32/Downldr2.IXPG 20150612
F-Secure Trojan.Downloader.JOUA 20150612
Fortinet W32/CRH!tr.dldr 20150612
GData Trojan.Downloader.JOUA 20150612
Ikarus Trojan.Win32.Inject 20150612
K7AntiVirus P2PWorm ( 0015da171 ) 20150612
K7GW P2PWorm ( 0015da171 ) 20150612
Kaspersky Trojan.Win32.Inject.byak 20150612
Kingsoft Win32.Troj.Inject.(kcloud) 20150612
McAfee W32/IRCbot.gen.a 20150612
McAfee-GW-Edition W32/IRCbot.gen.a 20150611
MicroWorld-eScan Trojan.Downloader.JOUA 20150612
Microsoft Worm:Win32/Phorpiex.B 20150612
NANO-Antivirus Trojan.Win32.JOUA.hfkrh 20150612
Panda Generic Malware 20150611
Qihoo-360 Malware.Radar01.Gen 20150612
SUPERAntiSpyware Heur.Agent/Gen-GalPic 20150612
Sophos Mal/VBCheMan-F 20150612
Symantec W32.IRCBot 20150612
Tencent Trojan.Win32.Qudamah.Gen.17 20150612
TheHacker Trojan/Inject.byak 20150611
TotalDefense Win32/Phorpiex.AF 20150611
TrendMicro TROJ_SPNR.14LM11 20150612
TrendMicro-HouseCall TROJ_SPNR.14LM11 20150612
VBA32 TrojanDropper.Injector 20150611
VIPRE Trojan.Win32.Generic!BT 20150612
ViRobot Trojan.Win32.A.Inject.557056.E[h] 20150612
Zillya Trojan.Inject.Win32.25009 20150611
Zoner I-Worm.AutoRun.IRCBot.HO 20150612
nProtect Trojan-Downloader/W32.Agent.557056.S 20150611
AegisLab 20150612
Alibaba 20150611
Bkav 20150611
ByteHero 20150612
CMC 20150610
ClamAV 20150611
Jiangmin 20150610
Malwarebytes 20150612
Rising 20150611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
genocide quieten seductre proactiv massif newsgrou rugger clansmen

Publisher pessary tailbacks
Product taxman enquiringly
Original name omxh.exe
Internal name omxh
File version 9.06.0007
Description ciao songbooks chirpiness knackered johnny sumptuousness payout trackballs bursary
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-27 14:02:10
Link date 3:02 PM 11/27/2011
Entry Point 0x00001074
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(534)
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
Ord(644)
ProcCallEngine
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(628)
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
NORWEGIAN BOKMAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
9.6

FileSubtype
0

FileVersionNumber
9.6.0.7

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
155648

EntryPoint
0x1074

OriginalFileName
omxh.exe

MIMEType
application/octet-stream

LegalCopyright
genocide quieten seductre proactiv massif newsgrou rugger clansmen

FileVersion
9.06.0007

TimeStamp
2011:11:27 15:02:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
omxh

ProductVersion
9.06.0007

FileDescription
ciao songbooks chirpiness knackered johnny sumptuousness payout trackballs bursary

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
pessary tailbacks

CodeSize
417792

ProductName
taxman enquiringly

ProductVersionNumber
9.6.0.7

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 115cbecadd88e356b205bc4e5ddcc360
SHA1 98f71bb0c2864fb4f7fd8fd68cd8e776274d4379
SHA256 edcf615739453ebf0d9a3b509e8f04ea384c90bb28477155bb616dcedd51fd45
ssdeep
6144:bogZrMan1vucmpGj7x0qJk+Zd/+CDJZUE2I9rHqq9tz:b9VMeljOoUER9rH19t

authentihash 5f2d4b29a1fdebcd90dcda255c48fc1536b32af471236bed020a96a5b8885632
imphash 3a5bde092ced0cd6b829513a72015975
File size 544.0 KB ( 557056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2011-11-27 14:30:29 UTC ( 3 years, 7 months ago )
Last submission 2015-06-12 08:51:47 UTC ( 2 weeks, 4 days ago )
File names winsvc.exe
omxh
003742915
omxh.exe
file-3182911_exe
Nowy folder.exe
b.exe
115cbecadd88e356b205bc4e5ddcc360
115CBECADD88E356B205BC4E5DDCC360
test.txt
b1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!