× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f03b734ba8396868d416538ff4725b346096e11512518bf21c7b1cc095939796
File name: Case_06112013.exe
Detection ratio: 15 / 47
Analysis date: 2013-11-06 17:00:05 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Worm/Win32.Palevo 20131106
AntiVir TR/Crypt.Xpack.3685 20131106
AVG Generic_r.DDF 20131106
Commtouch W32/Trojan.UOSL-1532 20131106
DrWeb Trojan.DownLoad3.30241 20131106
ESET-NOD32 Win32/TrojanDownloader.Small.AAB 20131106
F-Prot W32/Trojan3.GKB 20131106
Ikarus Trojan-Spy.Zbot 20131106
Kaspersky UDS:DangerousObject.Multi.Generic 20131106
Malwarebytes Trojan.Email.FA 20131106
McAfee Downloader-FVM!DCA1C11AA0C5 20131106
McAfee-GW-Edition Artemis!DCA1C11AA0C5 20131105
Norman Small.LT 20131106
Sophos AV Troj/Zbot-GVA 20131106
TrendMicro-HouseCall TROJ_GEN.F0D1H00K613 20131106
Yandex 20131105
Antiy-AVL 20131101
Avast 20131106
Baidu-International 20131106
BitDefender 20131106
Bkav 20131106
ByteHero 20131104
CAT-QuickHeal 20131106
ClamAV 20131106
Comodo 20131106
Emsisoft 20131106
F-Secure 20131106
Fortinet 20131106
GData 20131106
Jiangmin 20131106
K7AntiVirus 20131106
K7GW 20131106
Kingsoft 20130829
Microsoft 20131106
eScan 20131106
NANO-Antivirus 20131106
nProtect 20131106
Panda 20131106
Rising 20131106
SUPERAntiSpyware 20131106
Symantec 20131106
TheHacker 20131106
TotalDefense 20131105
TrendMicro 20131106
VBA32 20131106
VIPRE 20131106
ViRobot 20131106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-06 07:23:35
Entry Point 0x00001560
Number of sections 4
PE sections
PE imports
CreateFontIndirectA
CreatePen
GetSystemTime
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetModuleHandleA
FindFirstFileA
DeleteFileA
FindClose
GetEnvironmentStringsA
FindNextFileA
GetCommandLineA
GetCurrentThreadId
SetFocus
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
FillRect
TranslateMessage
PostMessageA
SendMessageA
PostQuitMessage
DefWindowProcA
ShowWindow
GetDC
RegisterClassExA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:11:06 08:23:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
10240

LinkerVersion
9.0

EntryPoint
0x1560

InitializedDataSize
16384

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 dca1c11aa0c557d5c18120d8d7176f80
SHA1 7e2bfbbb2afdb39016f955f4f5e54fdbaf207327
SHA256 f03b734ba8396868d416538ff4725b346096e11512518bf21c7b1cc095939796
ssdeep
768:LszBK+UX1h5PXQqpuDfp9WREZtdEI2MyzNORQtOflIwoHNM2XBFV7WBglC7+sBmW:QFDUX1PvQ8MtdEI2MyzNORQtOflIwoH8

authentihash 30827df15e3cc69fc7ae384248ecf2f3442b77b6b48dd8ab5588015dd450f450
imphash a7531eaafa5c30cb185fb4d0b7949cd6
File size 27.0 KB ( 27648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-06 09:25:28 UTC ( 5 years, 2 months ago )
Last submission 2015-06-12 11:32:21 UTC ( 3 years, 7 months ago )
File names 4c07e423d0432c4949e499e109adcd37bc07b518
Payment_06112013.exe
dca1c11aa0c557d5c18120d8d7176f80.exe
HSBC_Payment_06112013.exe
dca1c11aa0c557d5c18120d8d7176f80
file-6174106_exe
Case_06112013_exe
vti-rescan
f03b734ba8396868d416538ff4725b346096e11512518bf21c7b1cc095939796
c-98a9b-576-1383729903
Payment_06112013.exe_
Case_06112013.exe
007085169
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!