× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6ee7f359c06e51c0855a0c2bd0f7d5617c1e18f328f1b442797defc8f22d742
File name: 3eba24880db35f26fec4bc2a7e4ac508.exe
Detection ratio: 11 / 56
Analysis date: 2016-11-23 22:36:12 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AegisLab Heur.Advml.Gen!c 20161123
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9673 20161123
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
ESET-NOD32 a variant of MSIL/Injector.QRF 20161123
Fortinet MSIL/Injector.QRF!tr 20161123
Sophos ML trojan.win32.skeeyah.a!rfn 20161018
Jiangmin Trojan.PSW.Chisburg.aaz 20161123
Kaspersky UDS:DangerousObject.Multi.Generic 20161123
McAfee Artemis!3EBA24880DB3 20161123
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc 20161123
Symantec Heur.AdvML.B 20161123
Ad-Aware 20161123
AhnLab-V3 20161123
Alibaba 20161123
ALYac 20161123
Antiy-AVL 20161123
Arcabit 20161123
Avast 20161123
AVG 20161123
Avira (no cloud) 20161123
AVware 20161123
BitDefender 20161123
Bkav 20161123
CAT-QuickHeal 20161123
ClamAV 20161123
CMC 20161123
Comodo 20161123
Cyren 20161123
DrWeb 20161123
Emsisoft 20161123
F-Prot 20161123
F-Secure 20161123
GData 20161123
Ikarus 20161123
K7AntiVirus 20161123
K7GW 20161123
Kingsoft 20161123
Malwarebytes 20161123
Microsoft 20161123
eScan 20161123
NANO-Antivirus 20161123
nProtect 20161123
Panda 20161123
Qihoo-360 20161123
Rising 20161123
Sophos AV 20161123
SUPERAntiSpyware 20161123
Tencent 20161123
TheHacker 20161122
TotalDefense 20161123
TrendMicro 20161123
TrendMicro-HouseCall 20161123
Trustlook 20161123
VBA32 20161123
VIPRE 20161123
ViRobot 20161123
WhiteArmor 20161018
Yandex 20161123
Zillya 20161123
Zoner 20161123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2013

Product microsoft corporation
Original name office.exe
Internal name office.exe
File version 0.0.0.0
Description microsoft corporation
Comments microsoft corporation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-21 23:29:31
Entry Point 0x00035FEE
Number of sections 3
.NET details
Module Version ID 472a86f8-2e0f-441e-93a0-a50a20b2a836
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
microsoft corporation

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
microsoft corporation

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
101888

EntryPoint
0x35fee

OriginalFileName
office.exe

MIMEType
application/octet-stream

LegalCopyright
2013

FileVersion
0.0.0.0

TimeStamp
2016:11:22 00:29:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
office.exe

ProductVersion
0.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
microsoft corporation

CodeSize
212992

ProductName
microsoft corporation

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Compressed bundles
File identification
MD5 3eba24880db35f26fec4bc2a7e4ac508
SHA1 6c3e5d837152de513d1767b2b71caf475fada22d
SHA256 f6ee7f359c06e51c0855a0c2bd0f7d5617c1e18f328f1b442797defc8f22d742
ssdeep
6144:+PQJ/NQJ8MObqTs9BBelqP7Tn2gNFUKo0o0JhPc6gLUS57IMaDEAXv:KLsBelqP7CgFUGo0Jhk6gLUS57IM4EA/

authentihash 38787b01aeed80e2db294d5cabc3ca3a488fefe59ae3756820566c11d00fcc0a
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 308.0 KB ( 315392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-11-23 21:04:16 UTC ( 2 years, 5 months ago )
Last submission 2017-08-04 05:09:00 UTC ( 1 year, 9 months ago )
File names 3eba24880db35f26fec4bc2a7e4ac508.exe
office.exe
f6ee7f359c06e51c0855a0c2bd0f7d5617c1e18f328f1b442797defc8f22d742.x32.exe
office.exe
233_11_07_2016_15_34_41_office.exe.malware.MRG
VirusShare_3eba24880db35f26fec4bc2a7e4ac508
6c3e5d837152de513d1767b2b71caf475fada22d.exe
output.104312474.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!