× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 81189230b1d4c230132321bc05472b8050c81ccaae719975f84813fd83b68209
Bestandsnaam: NF-eletronica-987812165162.Docx.ex
Detectieverhouding: 44 / 57
Datum van analyse: 2016-05-21 07:54:23 UTC (3 maanden geleden)
Virusscanner Resultaat Versie
ALYac Trojan.Generic.KDV.927323 20160521
AVG Downloader.Banload.CLIK 20160521
AVware Trojan.Win32.Generic!BT 20160520
Ad-Aware Trojan.Generic.KDV.927323 20160521
AegisLab Troj.Downloader.W32.Banload.cfox!c 20160520
AhnLab-V3 Win-Trojan/Banker.531968.AC 20160520
Arcabit Trojan.Generic.KDV.DE265B 20160521
Avast Win32:Banker-KEY [Trj] 20160521
Avira (no cloud) TR/ATRAPS.Gen2 20160521
Baidu-International Trojan.Win32.Banload.RYQ 20160520
BitDefender Trojan.Generic.KDV.927323 20160521
Bkav W32.AtenitG.Trojan 20160520
CAT-QuickHeal TrojanDownloader.Banload.r2 20160518
Comodo TrojWare.Win32.TrojanDownloader.Banload.~ASD 20160521
DrWeb Trojan.DownLoader8.33920 20160521
ESET-NOD32 Win32/TrojanDownloader.Banload.RYQ 20160520
Emsisoft Trojan.Generic.KDV.927323 (B) 20160521
F-Secure Trojan.Generic.KDV.927323 20160521
GData Trojan.Generic.KDV.927323 20160521
Ikarus Gen.Malware.Heur 20160521
Jiangmin TrojanDownloader.Banload.bfok 20160521
K7AntiVirus Riskware ( 0015e4f01 ) 20160521
K7GW Riskware ( 0015e4f01 ) 20160521
Kaspersky Trojan-Downloader.Win32.Banload.cfox 20160521
Kingsoft Win32.Troj.Agent.k.(kcloud) 20160521
Malwarebytes Trojan.Banker.PEC 20160521
McAfee Generic.dx!65BA9FF22E4E 20160521
McAfee-GW-Edition BehavesLike.Win32.Ramnit.hc 20160521
eScan Trojan.Generic.KDV.927323 20160521
NANO-Antivirus Trojan.Win32.Banload.cqkwdo 20160521
Panda Trj/Dtcontx.C 20160520
Qihoo-360 Win32/Trojan.Downloader.7e0 20160521
Rising Trjoan.Generic-luFbqPyHcWI (Cloud) 20160521
Sophos Mal/Emogen-T 20160521
Symantec Suspicious.Cloud.9 20160521
Tencent Win32.Trojan-downloader.Banload.Wptq 20160521
TheHacker Trojan/Downloader.Banload.ryq 20160520
TrendMicro TROJ_BANLOAD.HKI 20160521
TrendMicro-HouseCall TROJ_BANLOAD.HKI 20160521
VBA32 TrojanDownloader.Banload 20160520
VIPRE Trojan.Win32.Generic!BT 20160521
Yandex Trojan.DL.Banload!Xj1Iq92jn1c 20160520
Zillya Downloader.Banload.Win32.53912 20160521
nProtect Trojan.Generic.KDV.927323 20160520
Alibaba 20160520
Antiy-AVL 20160521
Baidu 20160520
CMC 20160520
ClamAV 20160521
Cyren 20160521
F-Prot 20160521
Fortinet 20160521
Microsoft 20160520
SUPERAntiSpyware 20160521
TotalDefense 20160521
ViRobot 20160521
Zoner 20160521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-31 23:46:22
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
RegQueryValueExW
InitializeFlatSB
UnrealizeObject
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
OleUninitialize
SysFreeString
LoadStringW
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 27
RT_BITMAP 21
RT_ICON 10
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 36
NEUTRAL 29
PORTUGUESE BRAZILIAN 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:04:01 00:46:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1426432

LinkerVersion
2.25

EntryPoint
0x1000

InitializedDataSize
299520

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 65ba9ff22e4e9073dda5ecae0fd056a7
SHA1 0dd46f3e46ace98eb09a41a4d33757d40d686fb2
SHA256 81189230b1d4c230132321bc05472b8050c81ccaae719975f84813fd83b68209
ssdeep
12288:Rk6cyZj1xESeg2hiF1A7n9co7ibSIptlx/xxRXeN/JxDS:2JyZBxTegADW4ibSIxzxRuN/XD

authentihash 0babf7cc44ae1bb3d6d4c0ca193bc6ca8309aa779a72ac0b3b1a86a7bd0c6f63
imphash bf06d5320ebc0a7b538be87cdc925cb1
Bestandsgrootte 519.5 KB ( 531968 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (50.1%)
Win32 EXE PECompact compressed (generic) (35.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Win16/32 Executable Delphi generic (1.7%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2013-04-02 05:13:57 UTC (3 jaren, 4 maanden geleden)
Last submission 2016-05-21 07:54:23 UTC (3 maanden geleden)
Bestandsnamen Fatura.vencida.exe
65BA9FF22E4E9073DDA5ECAE0FD056A7
NF-eletronica-987812165162.Docx.exe
NF-eletronica-987812165162.Docx.ex
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Set keys
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications