× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fedb7b404754cf85737fb7e50f33324b84eb4c0b98024c7d3302039a901b04b7
File name: PDF_Document21_025542010_pdf.scr
Detection ratio: 17 / 43
Analysis date: 2010-09-09 21:29:55 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Malware/Win32.Trojan Horse 20100909
Authentium W32/VBTrojan.17E!Maximus 20100909
BitDefender Gen:Trojan.Heur.rm0@fnBStPoi 20100909
DrWeb WIN.WORM.Virus 20100909
Emsisoft Gen.Trojan!IK 20100909
F-Prot W32/VBTrojan.17E!Maximus 20100901
F-Secure Gen:Trojan.Heur.rm0@fnBStPoi 20100909
GData Gen:Trojan.Heur.rm0@fnBStPoi 20100909
Ikarus Gen.Trojan 20100909
McAfee Generic.dx!tsp 20100909
McAfee-GW-Edition Artemis!2BDE56D8FB2D 20100909
NOD32 probably unknown NewHeur_PE 20100909
PCTools Email-Worm.Imsolk 20100909
Panda Suspicious file 20100909
Prevx High Risk Cloaked Malware 20100909
Sophos W32/Autorun-BHO 20100909
Symantec Trojan Horse 20100909
AVG 20100909
AntiVir 20100909
Antiy-AVL 20100909
Avast 20100909
Avast5 20100909
CAT-QuickHeal 20100909
ClamAV 20100909
Comodo 20100909
Fortinet 20100909
Jiangmin 20100909
K7AntiVirus 20100909
Kaspersky 20100909
Microsoft 20100909
Norman 20100909
Rising 20100909
SUPERAntiSpyware 20100909
Sunbelt 20100909
TheHacker 20100909
TrendMicro 20100909
TrendMicro-HouseCall 20100909
VBA32 20100908
ViRobot 20100909
VirusBuster 20100909
eSafe 20100907
eTrust-Vet 20100909
nProtect 20100909
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Adobe Acrobat Reader
Product show
Original name Zainb_CV_Document_PDF.scr
Internal name Zainb_CV_Document_PDF
File version 10.05.0001
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-09-03 03:44:54
Link date 4:44 AM 9/3/2010
Entry Point 0x00001F98
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
_allmul
_adj_fprem
Ord(709)
__vbaObjVar
__vbaForEachVar
Ord(693)
Ord(580)
__vbaLenVarB
_adj_fdiv_r
__vbaObjSetAddref
__vbaFixstrConstruct
__vbaI4Var
Ord(100)
__vbaHresultCheckObj
__vbaR8Str
_CIlog
Ord(616)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaLineInputStr
Ord(608)
__vbaFreeStr
__vbaLateIdCallLd
__vbaStrR8
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
__vbaNextEachVar
__vbaLenBstr
__vbaNextEachCollAd
Ord(617)
Ord(576)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
Ord(571)
Ord(711)
EVENT_SINK_Release
__vbaVarTstEq
Ord(610)
Ord(716)
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaLsetFixstr
__vbaStrCmp
__vbaAryUnlock
__vbaVarLateMemSt
Ord(710)
__vbaStrVarCopy
__vbaFreeObjList
Ord(629)
__vbaVarIndexLoad
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(626)
__vbaVarTstNe
__vbaLateMemCallLd
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
__vbaVarTstGt
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
__vbaVarZero
__vbaLateMemSt
__vbaOnError
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
__vbaVargVar
_CIsin
_CIsqrt
__vbaVarCopy
Ord(612)
_CIatan
__vbaLateMemCall
Ord(529)
__vbaObjSet
__vbaVarCat
__vbaForEachCollAd
_CIexp
__vbaStrToAnsi
_CItan
Ord(598)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
10.5

FileSubtype
0

FileVersionNumber
10.5.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
12288

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
10.05.0001

TimeStamp
2010:09:03 04:44:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Zainb_CV_Document_PDF

FileAccessDate
2014:06:07 04:55:45+01:00

ProductVersion
10.05.0001

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:06:07 04:55:45+01:00

OriginalFilename
Zainb_CV_Document_PDF.scr

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Acrobat Reader

CodeSize
274432

ProductName
show

ProductVersionNumber
10.5.0.1

EntryPoint
0x1f98

ObjectFileType
Executable application

File identification
MD5 2bde56d8fb2df4438192fb46cd0cc9c9
SHA1 0ba8387faaf158379712f453a16596d2d1c9cfdc
SHA256 fedb7b404754cf85737fb7e50f33324b84eb4c0b98024c7d3302039a901b04b7
ssdeep
3072:VwQbYQmUkhMCV44UyX6MBqvg3DTCyiM2AAiiCgvTTOwEcKYzCm3SJVXv+13prJB:OQbRmbgvFMUDx

imphash 14342f4d4c5d9652677bd98a18c585c3
File size 284.0 KB ( 290816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-09-09 15:32:14 UTC ( 3 years, 10 months ago )
Last submission 2014-06-01 03:19:03 UTC ( 1 month, 1 week ago )
File names malware.exe
csrss.exe
Zainb_CV_Document_PDF
nbkvr4e CV 2010.exe
Zainb_CV_Document_PDF.scr
smona_fedb7b404754cf85737fb7e50f33324b84eb4c0b98024c7d3302039a901b04b7.bin
owYW8Lfd
File_0.bin
vti-rescan
2BDE56D8FB2DF4438192FB46CD0CC9C9
2bde56d8fb2df4438192fb46cd0cc9c9.scr
open.exe
0BA8387FAAF158379712F453A16596D2D1C9CFDC.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!