× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fcee667cb6900ddf55029f1f806995f73cd5be75912f1c94c905a6d177353e1f
File name: Persona de contacto Ausente (NUEVOS DATOS).docx.exe
Detection ratio: 18 / 56
Analysis date: 2016-12-01 12:09:38 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20161201
Arcabit Trojan.A 20161201
Avast Win32:Malware-gen 20161201
Avira (no cloud) TR/Kryptik.xgqql 20161201
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9842 20161201
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
ESET-NOD32 a variant of Win32/GenKryptik.MPC 20161201
Fortinet W32/GenKryptik.MPC!tr 20161201
Sophos ML trojandownloader.win32.recslurp.b 20161128
Kaspersky UDS:DangerousObject.Multi.Generic 20161201
McAfee Trojan-FKKL!D7669DD58639 20161201
McAfee-GW-Edition BehavesLike.Win32.Downloader.lm 20161201
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161201
Rising Malware.Generic!ZCZQCRP7GsO@2 (thunder) 20161201
Sophos AV Mal/Generic-S 20161201
Tencent Win32.Trojan.Inject.Auto 20161201
TrendMicro Mal_Dalexis 20161201
TrendMicro-HouseCall TROJ_GEN.F0D1H00L116 20161201
Ad-Aware 20161201
AhnLab-V3 20161201
Alibaba 20161201
ALYac 20161201
Antiy-AVL 20161201
AVG 20161201
AVware 20161201
BitDefender 20161201
Bkav 20161130
CAT-QuickHeal 20161201
ClamAV 20161201
CMC 20161201
Comodo 20161201
Cyren 20161201
DrWeb 20161201
Emsisoft 20161201
F-Prot 20161201
F-Secure 20161201
GData 20161201
Ikarus 20161201
Jiangmin 20161201
K7AntiVirus 20161201
K7GW 20161201
Kingsoft 20161201
Malwarebytes 20161201
Microsoft 20161201
eScan 20161201
NANO-Antivirus 20161201
nProtect 20161201
Panda 20161130
SUPERAntiSpyware 20161201
Symantec 20161201
TheHacker 20161130
Trustlook 20161201
VBA32 20161201
VIPRE 20161201
ViRobot 20161201
WhiteArmor 20161125
Yandex 20161201
Zillya 20161130
Zoner 20161201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-27 16:09:49
Entry Point 0x00007FE9
Number of sections 3
PE sections
PE imports
IsValidAcl
RegUnLoadKeyA
RegDeleteValueW
RegSaveKeyA
RegRestoreKeyW
RegEnumKeyW
RegReplaceKeyA
OpenEventLogA
RegOpenKeyW
RegCreateKeyExA
CryptSignHashA
CmFree
CmMoveMemory
CmRealloc
CmAtolA
ReleaseMutex
WaitForSingleObject
GetModuleFileNameA
GetAtomNameA
LoadLibraryExA
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetTapePosition
InterlockedCompareExchange
CreateWaitableTimerW
FindResourceExA
GlobalAddAtomW
GetModuleHandleA
ReadFile
FindFirstFileA
GetProcAddress
SetPriorityClass
GetNumberFormatA
OpenEventW
CreateEventA
AllocConsole
GetFileType
GetFullPathNameW
GetProcessVersion
lstrcpyn
ResetEvent
GetThemeSysColor
GetWindowTheme
DrawThemeIcon
GetCurrentThemeName
GetThemeIntList
SetThemeAppProperties
GetThemeBool
GetThemeTextExtent
CloseThemeData
DrawThemeBackground
GetThemePartSize
Number of PE resources by type
IRIS 1
RT_FONT 1
RT_GROUP_CURSOR 1
RT_MESSAGETABLE 1
UNA 1
JATE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:06:27 17:09:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
64000

LinkerVersion
7.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
12800

SubsystemVersion
4.0

EntryPoint
0x7fe9

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d7669dd586396502b25c9ebf37b10db4
SHA1 11ed83c66bd226a52915327bebc3cb073d579505
SHA256 fcee667cb6900ddf55029f1f806995f73cd5be75912f1c94c905a6d177353e1f
ssdeep
768:OsLtc6JNyZX5UTsq0zr40BBycLTkGafSp7BnDgiMsOJzunsWeoE0:O+xhoqqkyy5MfDgDskzunsWT

authentihash c1d9331582bfb93a93d46a40f13800dfd635fbeff093ba551a64f48115f97934
imphash c8996a73a38e76d0e7ac62b2688da2f9
File size 76.0 KB ( 77824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-01 09:29:58 UTC ( 2 years, 2 months ago )
Last submission 2017-05-05 11:45:57 UTC ( 1 year, 9 months ago )
File names d7669dd586396502b25c9ebf37b10db4.exe
Persona de contacto Ausente (NUEVOS DATOS).docx.exe-2016-12-01.18-30-01.txt
fcee667cb6900ddf55029f1f806995f73cd5be75912f1c94c905a6d177353e1f
Persona de contacto Ausente (NUEVOS DATOS).docx.exe
20df592a7b62d66f91607b0cfb66acfc497cbdf9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications