× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fef606db754a8397d52fcb830934caace186e09a3dd80f865389d867c31e265f
File name: PP_details.exe
Detection ratio: 2 / 51
Analysis date: 2014-05-12 14:53:07 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Malwarebytes Spyware.Zbot.ED 20140512
Sophos Mal/Generic-S 20140512
AVG 20140512
Ad-Aware 20140512
AegisLab 20140512
Agnitum 20140511
AhnLab-V3 20140512
AntiVir 20140512
Antiy-AVL 20140512
Avast 20140512
Baidu-International 20140512
BitDefender 20140512
Bkav 20140512
ByteHero 20140512
CAT-QuickHeal 20140512
CMC 20140512
ClamAV 20140512
Commtouch 20140512
Comodo 20140512
DrWeb 20140512
ESET-NOD32 20140512
Emsisoft 20140512
F-Prot 20140512
F-Secure 20140512
Fortinet 20140512
GData 20140512
Ikarus 20140512
Jiangmin 20140512
K7AntiVirus 20140509
K7GW 20140509
Kaspersky 20140512
Kingsoft 20140512
McAfee 20140512
McAfee-GW-Edition 20140512
MicroWorld-eScan 20140512
Microsoft 20140512
NANO-Antivirus 20140512
Norman 20140512
Panda 20140512
Qihoo-360 20140512
Rising 20140507
SUPERAntiSpyware 20140512
Symantec 20140512
TheHacker 20140510
TotalDefense 20140512
TrendMicro 20140512
TrendMicro-HouseCall 20140512
VBA32 20140512
VIPRE 20140512
ViRobot 20140512
Zillya 20140511
nProtect 20140511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-01 12:24:35
Link date 1:24 PM 5/1/2014
Entry Point 0x00001DCB
Number of sections 5
PE sections
Overlays
MD5 d1dbaeaf70aa11fe914b95d7be14a822
File type data
Offset 495616
Size 512
Entropy 7.51
PE imports
CreateCompatibleDC
BitBlt
GetStartupInfoA
ReadFile
GetFileSize
GetModuleHandleA
CreateFileW
Sleep
CloseHandle
CreateFileA
GetModuleFileNameA
Ord(1775)
Ord(4080)
Ord(2362)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(554)
Ord(1842)
Ord(5237)
Ord(3350)
Ord(3719)
Ord(3626)
Ord(755)
Ord(3798)
Ord(1233)
Ord(3259)
Ord(1665)
Ord(2385)
Ord(2446)
Ord(807)
Ord(4163)
Ord(3402)
Ord(6215)
Ord(6625)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(796)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(4465)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4242)
Ord(567)
Ord(4424)
Ord(5241)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(5252)
Ord(6376)
Ord(5282)
Ord(2117)
Ord(2294)
Ord(1727)
Ord(823)
Ord(5785)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(5981)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(4467)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(6375)
Ord(4077)
Ord(3262)
Ord(674)
Ord(975)
Ord(1576)
Ord(2621)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4275)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4151)
Ord(2649)
Ord(4376)
Ord(1776)
Ord(818)
Ord(6000)
Ord(324)
Ord(3830)
Ord(5103)
Ord(3742)
Ord(2878)
Ord(3079)
Ord(4353)
Ord(2055)
Ord(4837)
Ord(3571)
Ord(289)
Ord(5012)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(3403)
Ord(4622)
Ord(561)
Ord(2390)
Ord(1640)
Ord(793)
Ord(2302)
Ord(2879)
Ord(4486)
Ord(529)
Ord(4698)
Ord(613)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
_adjust_fdiv
__CxxFrameHandler
_acmdln
_exit
__p__commode
memset
strcat
__dllonexit
_onexit
_setmbcp
_wfopen
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
fopen
_controlfp
__set_app_type
GetCursorPos
SetTimer
LoadCursorA
UpdateWindow
EnableWindow
SendMessageA
KillTimer
ScreenToClient
LoadBitmapA
InvalidateRect
Number of PE resources by type
RT_STRING 13
RT_DIALOG 2
RT_ICON 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 17
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:01 13:24:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
9.0

Warning
Invalid Version Info block

EntryPoint
0x1dcb

InitializedDataSize
479232

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 aa1762e9ba4b552421971ef2e4de9208
SHA1 06b776cf5fcae45ea7cf4b1e721a8a6561a886e7
SHA256 fef606db754a8397d52fcb830934caace186e09a3dd80f865389d867c31e265f
ssdeep
6144:mrLQ+ewmTp0a7+ZMa8X3e7JENWMGjKt6PNZ3Qy0b2Otb89Vs9WAPtF6t:YL5gH1e7MtGjKATOtp/6

authentihash 318ed73a9f135c312b3106b18d0122cd4be56c772d69b9e904633eb6ac5081c7
imphash 524957e68fdf55eb1f077e62000625ae
File size 484.5 KB ( 496128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-05-12 13:04:19 UTC ( 1 year, 3 months ago )
Last submission 2015-06-12 12:27:55 UTC ( 2 months, 2 weeks ago )
File names aa1762e9ba4b552421971ef2e4de9208.exe
PP_detalis_726716942049.pdf.exe
file-6970532_exe
PP_detalis_726716942049_pdf_exe
PP_details.exe
PP_detalis_726716942049.pdf.exe
008038963
aa1762e9ba4b552421971ef2e4de9208
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.