× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: edcf615739453ebf0d9a3b509e8f04ea384c90bb28477155bb616dcedd51fd45
File name: omxh
Detection ratio: 50 / 56
Analysis date: 2015-07-27 15:10:17 UTC ( 1 month ago )
Antivirus Result Update
ALYac Trojan.Downloader.JOUA 20150727
AVG Generic26.HAB 20150727
AVware Trojan.Win32.Generic!BT 20150727
Ad-Aware Trojan.Downloader.JOUA 20150727
Agnitum Trojan.Inject!Y7JdPVsNWzo 20150726
AhnLab-V3 Win32/Phorpiex.worm.557056 20150727
Antiy-AVL Trojan[Dropper]/Win32.Injector 20150727
Arcabit Trojan.Downloader.JOUA 20150727
Avast Win32:VB-ZYR [Trj] 20150727
Avira TR/Dldr.JOUA 20150727
Baidu-International Trojan.Win32.Inject.byak 20150727
BitDefender Trojan.Downloader.JOUA 20150727
Bkav W32.Clodd79.Trojan.b09b 20150727
CAT-QuickHeal Trojan.Agen.rw3 20150727
Comodo UnclassifiedMalware 20150727
Cyren W32/Downloader.COME-0128 20150727
DrWeb Trojan.PWS.Spy.11887 20150727
ESET-NOD32 Win32/AutoRun.IRCBot.HO 20150727
Emsisoft Trojan.Downloader.JOUA (B) 20150727
F-Prot W32/Downldr2.IXPG 20150727
F-Secure Trojan.Downloader.JOUA 20150727
Fortinet W32/CRH!tr.dldr 20150727
GData Trojan.Downloader.JOUA 20150727
Ikarus Trojan.Win32.Inject 20150727
K7AntiVirus P2PWorm ( 0015da171 ) 20150727
K7GW P2PWorm ( 0015da171 ) 20150727
Kaspersky Trojan.Win32.Inject.byak 20150727
Kingsoft Win32.Troj.Inject.(kcloud) 20150727
McAfee W32/IRCbot.gen.a 20150727
McAfee-GW-Edition W32/IRCbot.gen.a 20150726
MicroWorld-eScan Trojan.Downloader.JOUA 20150727
Microsoft Worm:Win32/Phorpiex.B 20150727
NANO-Antivirus Trojan.Win32.JOUA.hfkrh 20150727
Panda Generic Malware 20150727
Qihoo-360 Malware.Radar01.Gen 20150727
Rising PE:Trojan.Win32.Generic.12ABF8E7!313260263 20150722
SUPERAntiSpyware Heur.Agent/Gen-GalPic 20150727
Sophos Mal/VBCheMan-F 20150727
Symantec W32.IRCBot 20150727
Tencent Win32.Trojan.Inject.Dvge 20150727
TheHacker Trojan/Inject.byak 20150723
TotalDefense Win32/Phorpiex.AF 20150727
TrendMicro TROJ_SPNR.14LM11 20150727
TrendMicro-HouseCall TROJ_SPNR.14LM11 20150727
VBA32 TrojanDropper.Injector 20150727
VIPRE Trojan.Win32.Generic!BT 20150727
ViRobot Trojan.Win32.A.Inject.557056.E[h] 20150727
Zillya Trojan.Inject.Win32.25009 20150727
Zoner I-Worm.AutoRun.IRCBot.HO 20150727
nProtect Trojan-Downloader/W32.Agent.557056.S 20150727
AegisLab 20150727
Alibaba 20150727
ByteHero 20150727
ClamAV 20150727
Jiangmin 20150726
Malwarebytes 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
genocide quieten seductre proactiv massif newsgrou rugger clansmen

Publisher pessary tailbacks
Product taxman enquiringly
Original name omxh.exe
Internal name omxh
File version 9.06.0007
Description ciao songbooks chirpiness knackered johnny sumptuousness payout trackballs bursary
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-27 14:02:10
Link date 3:02 PM 11/27/2011
Entry Point 0x00001074
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(534)
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
Ord(644)
ProcCallEngine
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(628)
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
NORWEGIAN BOKMAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
9.6

FileSubtype
0

FileVersionNumber
9.6.0.7

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
155648

EntryPoint
0x1074

OriginalFileName
omxh.exe

MIMEType
application/octet-stream

LegalCopyright
genocide quieten seductre proactiv massif newsgrou rugger clansmen

FileVersion
9.06.0007

TimeStamp
2011:11:27 15:02:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
omxh

ProductVersion
9.06.0007

FileDescription
ciao songbooks chirpiness knackered johnny sumptuousness payout trackballs bursary

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
pessary tailbacks

CodeSize
417792

ProductName
taxman enquiringly

ProductVersionNumber
9.6.0.7

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 115cbecadd88e356b205bc4e5ddcc360
SHA1 98f71bb0c2864fb4f7fd8fd68cd8e776274d4379
SHA256 edcf615739453ebf0d9a3b509e8f04ea384c90bb28477155bb616dcedd51fd45
ssdeep
6144:bogZrMan1vucmpGj7x0qJk+Zd/+CDJZUE2I9rHqq9tz:b9VMeljOoUER9rH19t

authentihash 5f2d4b29a1fdebcd90dcda255c48fc1536b32af471236bed020a96a5b8885632
imphash 3a5bde092ced0cd6b829513a72015975
File size 544.0 KB ( 557056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2011-11-27 14:30:29 UTC ( 3 years, 9 months ago )
Last submission 2015-06-12 08:51:47 UTC ( 2 months, 2 weeks ago )
File names winsvc.exe
omxh
003742915
Nowy folder.exe
file-3182911_exe
omxh.exe
b.exe
115cbecadd88e356b205bc4e5ddcc360
115CBECADD88E356B205BC4E5DDCC360
test.txt
b1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!