× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 228c3c9ad93203a49058e165ab41a152c1b4ca3ddbf459f7433a0ef12759f003
Nom du fichier : 1_.txt.exe
Ratio de détection : 11 / 49
Date d'analyse : 2013-12-18 00:28:52 UTC (il y a 4 mois)
Antivirus Résultat Mise à jour
AhnLab-V3 Trojan/Win32.Tofsee 20131217
AntiVir TR/Dropper.VB.7977 20131217
Avast Win32:Malware-gen 20131218
Baidu-International Trojan.Win32.Andromeda.AS 20131213
ESET-NOD32 a variant of Win32/Injector.ATTA 20131218
Fortinet W32/Dorkbot.BAA!tr 20131217
Kaspersky Trojan-Downloader.Win32.Andromeda.agkn 20131218
Kingsoft Win32.TrojDownloader.Andromeda.ag.(kcloud) 20130829
Malwarebytes Trojan.Dorkbot.ED 20131217
Rising PE:Trojan.VBInject!1.6546 20131217
Sophos Mal/Generic-S 20131218
AVG 20131218
Ad-Aware 20131211
Agnitum 20131217
Antiy-AVL 20131217
BitDefender 20131211
Bkav 20131217
ByteHero 20130613
CAT-QuickHeal 20131217
CMC 20131217
ClamAV 20131218
Commtouch 20131217
Comodo 20131217
DrWeb 20131218
Emsisoft 20131218
F-Prot 20131217
F-Secure 20131217
GData 20131218
Ikarus 20131217
Jiangmin 20131217
K7AntiVirus 20131217
K7GW 20131217
McAfee 20131218
McAfee-GW-Edition 20131217
MicroWorld-eScan 20131217
Microsoft 20131217
NANO-Antivirus 20131217
Norman 20131217
Panda 20131217
SUPERAntiSpyware 20131217
Symantec 20131217
TheHacker 20131217
TotalDefense 20131217
TrendMicro 20131218
TrendMicro-HouseCall 20131218
VBA32 20131217
VIPRE 20131218
ViRobot 20131217
nProtect 20131217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Föhne

Publisher Hewlett-Packard
Product Gedankenexperiments
Original name Liebesliaisons ausgangsseitiger.exe
Internal name Liebesliaisons ausgangsseitiger
File version 4.05.0008
Description Automatenhersteller6
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-16 17:51:28
Entry Point 0x000021E0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(554)
EVENT_SINK_Release
__vbaGenerateBoundsError
Ord(687)
_CIsin
_adj_fdivr_m64
_adj_fprem
Ord(710)
_adj_fpatan
EVENT_SINK_AddRef
__vbaHresultCheck
__vbaDateVar
Ord(674)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
_adj_fdiv_r
Ord(564)
__vbaFreeVar
Ord(544)
Ord(100)
Ord(619)
_CItan
_adj_fdiv_m64
Ord(574)
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
Ord(696)
_CIlog
_allmul
Ord(513)
_CIcos
EVENT_SINK_QueryInterface
Ord(706)
_adj_fptan
__vbaI2Var
Ord(593)
Ord(581)
Ord(705)
Ord(646)
_CIatan
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrI2
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaVarDup
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
ExifTool file metadata
CodeSize
180224

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
4.5

FileSubtype
0

FileVersionNumber
4.5.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Automatenhersteller6

CharacterSet
Unicode

InitializedDataSize
20480

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
F hne

FileVersion
4.05.0008

TimeStamp
2013:12:16 18:51:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Liebesliaisons ausgangsseitiger

FileAccessDate
2013:12:18 01:28:57+01:00

ProductVersion
4.05.0008

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2013:12:18 01:28:57+01:00

OriginalFilename
Liebesliaisons ausgangsseitiger.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hewlett-Packard

LegalTrademarks
L schtriebe5

ProductName
Gedankenexperiments

ProductVersionNumber
4.5.0.8

EntryPoint
0x21e0

ObjectFileType
Executable application

File identification
MD5 88928f5dbb05290cb43a531986ae66a0
SHA1 ab70bb9e94d9930a50ee425ead34f32956b33930
SHA256 228c3c9ad93203a49058e165ab41a152c1b4ca3ddbf459f7433a0ef12759f003
ssdeep
3072:H0iHvVQxhYRVCKorM3ScDmQCn8Pl7TOt2C1FqaoztGkkbXoOpVSI6hO2q26JZyL:U+vCxhkVCKoM3SSmQe8Pl7T0V1Yaozt

File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-18 00:28:52 UTC (il y a 4 mois)
Last submission 2013-12-18 00:28:52 UTC (il y a 4 mois)
Noms du fichier Liebesliaisons ausgangsseitiger.exe
Liebesliaisons ausgangsseitiger
1_.txt.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !