× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f2b234b32d236f6114d87e511d7ecbd79ff6ae9b8254f461b48fcfeacf7628d9
File name: info_bank_pdf.exe
Detection ratio: 3 / 54
Analysis date: 2015-06-23 12:44:44 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Upatre.buu (v) 20150623
Tencent Win32.Trojan.Fakedoc.Auto 20150623
VIPRE Trojan.Win32.Upatre.buu (v) 20150623
Ad-Aware 20150623
AegisLab 20150623
Yandex 20150622
AhnLab-V3 20150623
Alibaba 20150623
ALYac 20150623
Antiy-AVL 20150623
Arcabit 20150623
Avast 20150623
AVG 20150623
Avira (no cloud) 20150623
Baidu-International 20150623
BitDefender 20150623
Bkav 20150623
ByteHero 20150623
CAT-QuickHeal 20150623
ClamAV 20150623
Comodo 20150623
Cyren 20150623
DrWeb 20150623
Emsisoft 20150623
ESET-NOD32 20150623
F-Prot 20150622
F-Secure 20150623
Fortinet 20150623
GData 20150623
Ikarus 20150623
Jiangmin 20150620
K7AntiVirus 20150623
K7GW 20150623
Kaspersky 20150623
Kingsoft 20150623
Malwarebytes 20150623
McAfee 20150623
McAfee-GW-Edition 20150623
Microsoft 20150623
NANO-Antivirus 20150623
nProtect 20150623
Panda 20150623
Qihoo-360 20150623
Rising 20150618
Sophos AV 20150623
SUPERAntiSpyware 20150623
Symantec 20150623
TheHacker 20150622
TrendMicro 20150623
TrendMicro-HouseCall 20150623
VBA32 20150622
ViRobot 20150623
Zillya 20150623
Zoner 20150623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-14 02:15:40
Entry Point 0x00005762
Number of sections 4
PE sections
PE imports
TextOutA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
lstrlenA
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
DecodePointer
GetCurrentProcessId
WriteProcessMemory
CreateDirectoryA
GetCommandLineW
CreateThread
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
RaiseException
WideCharToMultiByte
TlsFree
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
SetFocus
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
PostQuitMessage
LoadStringA
DispatchMessageA
EndPaint
UpdateWindow
PostMessageA
SendMessageA
BeginPaint
TranslateMessage
DefWindowProcA
ShowWindow
DestroyWindow
RegisterClassExA
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSLogoffSession
WTSQuerySessionInformationA
Number of PE resources by type
RT_BITMAP 7
RT_STRING 5
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NORWEGIAN BOKMAL 15
NEUTRAL 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
10.0

FileSubtype
0

FileVersionNumber
2.3.0.91

LanguageCode
Unknown (0529)

FileFlagsMask
0x0000

CharacterSet
Unknown (05E0)

InitializedDataSize
73216

EntryPoint
0x5762

MIMEType
application/octet-stream

FileVersion
2.3.0.91

TimeStamp
2013:05:14 03:15:40+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.91

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Safe-soft

CodeSize
48128

ProductName
SafeScan

ProductVersionNumber
2.3.0.91

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 67f05372a34534c5892defb29ba8ead7
SHA1 8c7e5d74a62591669586ea325b5eb9ae113aed0e
SHA256 f2b234b32d236f6114d87e511d7ecbd79ff6ae9b8254f461b48fcfeacf7628d9
ssdeep
1536:9hJxl/YXk/koFRhrz0Qu9xMb3whxbtKpFBhWNc63rVz1jysWjcdbUkxzhgY893s9:DJc8kgtz0QOxM8hxbk9Yc63xbUkdz9

authentihash 552be2a0dc41735a0df8a7a336f1c12618ba9b07456ea9e2f40d84759e64cbbc
imphash fb205081ca935568918c6c78c3c5e54a
File size 110.0 KB ( 112640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-23 12:30:58 UTC ( 2 years, 5 months ago )
Last submission 2015-06-23 12:44:44 UTC ( 2 years, 5 months ago )
File names info_bank_pdf.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections