× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f36195a54df67b8b8720bc38814c0b914e44d2a4c96ab8710f67a5ac842cc717
File name: 03bd4afa1625bec08bc6f9f3f6a90bcf44bf7597
Detection ratio: 36 / 56
Analysis date: 2016-10-15 13:17:26 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.100105 20161015
AhnLab-V3 Trojan/Win32.Agent.N2129073006 20161015
Arcabit Trojan.Razy.D18709 20161015
Avast Win32:Malware-gen 20161015
AVG Atros4.AECL 20161015
Avira (no cloud) TR/Crypt.ZPACK.ldydm 20161015
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161015
BitDefender Gen:Variant.Razy.100105 20161015
Bkav HW32.Packed.4315 20161015
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.OEWS-6042 20161015
DrWeb Trojan.PWS.Papras.2354 20161015
Emsisoft Gen:Variant.Razy.100105 (B) 20161015
ESET-NOD32 a variant of Win32/GenKryptik.GWU 20161015
F-Secure Gen:Variant.Razy.100105 20161015
Fortinet W32/Vawtrak.DC!tr.bdr 20161015
GData Gen:Variant.Razy.100105 20161015
Sophos ML backdoor.win32.vawtrak.o 20160928
K7AntiVirus Trojan ( 004fab101 ) 20161015
K7GW Trojan ( 004fab101 ) 20161015
Kaspersky Backdoor.Win32.Vawtrak.dc 20161015
Malwarebytes Spyware.Agent 20161015
McAfee Artemis!786C43DA9212 20161015
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20161015
Microsoft Backdoor:Win32/Vawtrak.E 20161015
eScan Gen:Variant.Razy.100105 20161015
NANO-Antivirus Trojan.Win32.Vawtrak.ehfmza 20161015
Panda Trj/GdSda.A 20161015
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161015
Rising Malware.Generic!4MP8ANsi66E@1 (thunder) 20161015
Sophos AV Mal/Generic-S 20161015
Symantec Heur.AdvML.C 20161015
Tencent Win32.Trojan.Inject.Auto 20161015
TrendMicro TROJ_GEN.R00JC0DJD16 20161015
TrendMicro-HouseCall TROJ_GEN.R00JC0DJD16 20161015
Yandex Backdoor.Vawtrak! 20161014
AegisLab 20161015
Alibaba 20161014
ALYac 20161015
Antiy-AVL 20161015
AVware 20161015
CAT-QuickHeal 20161014
ClamAV 20161015
CMC 20161015
Comodo 20161015
F-Prot 20161015
Ikarus 20161015
Jiangmin 20161015
Kingsoft 20161015
nProtect 20161015
SUPERAntiSpyware 20161015
TheHacker 20161014
VBA32 20161014
VIPRE 20161015
ViRobot 20161015
Zillya 20161013
Zoner 20161015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013-2015 Trend Micro Incorporated. All rights reserved.

Product Trend Micro Anti-Spam for Outlook
Original name TMAS_OLImp.EXE
Internal name TMAS_OLImp
File version 7.5.0.1031
Description Trend Micro Anti-Spam Importer for Outlook
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-19 04:44:12
Entry Point 0x00002B27
Number of sections 6
PE sections
PE imports
FeClientInitialize
GetStockObject
DitherTo8
SniffStream
CreateMIMEMap
IdentifyMIMEType
GetMaxMIMEIDBytes
CreateToolhelp32Snapshot
GetSystemTime
GetLastError
CreateIoCompletionPort
FreeLibrary
VirtualProtect
IsDebuggerPresent
DebugBreak
CreateTimerQueue
GetFileAttributesW
LoadLibraryA
FoldStringA
ConvertFiberToThread
SetProcessWorkingSetSize
GetCalendarInfoW
CommConfigDialogW
GetLocaleInfoA
GetCurrentProcessId
DebugActiveProcessStop
GetCommProperties
GetDateFormatW
GetLongPathNameA
GetProcAddress
RaiseException
WideCharToMultiByte
MoveFileExW
DebugSetProcessKillOnExit
GetExitCodeThread
InterlockedExchange
GetCurrentProcess
MulDiv
GetCommConfig
MoveFileExA
AddConsoleAliasW
GetFullPathNameA
GetFileAttributesExW
GetProfileIntW
TerminateProcess
LCMapStringA
GetConsoleWindow
RemoveLocalAlternateComputerNameW
GetFileType
CloseHandle
GetDefaultCommConfigA
LocalAlloc
SetLastError
GetTimeFormatA
GetMenuInfo
LoadMenuA
GetShellWindow
GetSystemMetrics
LoadMenuW
CharLowerA
AppendMenuA
RegisterClassExW
GetClassNameA
IsCharAlphaA
AdjustWindowRectEx
GetMenuDefaultItem
GetMenu
GetSubMenu
RegisterClassW
GetClipboardViewer
GetWindowLongA
CreateMenu
GetMenuItemCount
LoadCursorW
IsCharUpperW
GetTopWindow
PostADsPropSheet
ADsPropCheckIfWritable
ADsPropSetHwndWithTitle
IsSheetAlreadyUp
ADsPropSendErrorMessage
ADsPropSetHwnd
CheckTrustEx
GetICifFileFromFile
GetICifRWFileFromFile
CheckForVersionConflict
DownloadFile
TraceDeregisterExA
MprSetupProtocolEnum
TracePutsExW
RouterLogEventValistExW
TraceDeregisterExW
TracePutsExA
TracePrintfA
RouterLogEventExA
LogEventW
RouterLogRegisterW
TraceRegisterExW
TracePrintfW
TraceGetConsoleA
RouterLogEventDataA
RouterLogEventStringW
TraceDumpExW
TracePrintfExW
RouterGetErrorStringA
MprSetupProtocolFree
RouterLogEventStringA
RouterGetErrorStringW
RouterAssert
TraceDeregisterA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
1031

SubsystemVersion
5.0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.5.0.1031

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Trend Micro Anti-Spam Importer for Outlook

CharacterSet
Unicode

InitializedDataSize
114688

PrivateBuild
Build 1031 - 7/10/2015

EntryPoint
0x2b27

OriginalFileName
TMAS_OLImp.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013-2015 Trend Micro Incorporated. All rights reserved.

FileVersion
7.5.0.1031

TimeStamp
2014:02:19 05:44:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TMAS_OLImp

ProductVersion
7.5

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Trend Micro Inc.

CodeSize
90112

ProductName
Trend Micro Anti-Spam for Outlook

ProductVersionNumber
7.5.0.1031

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 786c43da9212a35dcd3364d9a09fe1b3
SHA1 03bd4afa1625bec08bc6f9f3f6a90bcf44bf7597
SHA256 f36195a54df67b8b8720bc38814c0b914e44d2a4c96ab8710f67a5ac842cc717
ssdeep
3072:WwE4zCKQUbaxIFxGtn/Jn8Mr2RLPULRUkUap7YAo4q9la3:5RgwaxIPIn84FUkD7u

authentihash 878be9d88ccc77dc157c1528a535ba851fc98686a91a6ad1cc1cb338702158f9
imphash db40a13557382696d9f82ef4f9173027
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-15 13:17:26 UTC ( 2 years, 4 months ago )
Last submission 2016-10-15 13:17:26 UTC ( 2 years, 4 months ago )
File names TMAS_OLImp.EXE
TMAS_OLImp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Code injections in the following processes
Created mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications