× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 81189230b1d4c230132321bc05472b8050c81ccaae719975f84813fd83b68209
Bestandsnaam: NF-eletronica-987812165162.Docx.ex
Detectieverhouding: 45 / 55
Datum van analyse: 2014-10-10 07:55:14 UTC (9 maanden, 3 weken geleden)
Virusscanner Resultaat Versie
AVG Downloader.Banload.CLIK 20141010
AVware Trojan.Win32.Generic!BT 20141010
Ad-Aware Trojan.Generic.KDV.927323 20141010
AegisLab W32.Virut 20141010
Agnitum Trojan.DL.Banload!Xj1Iq92jn1c 20141010
AhnLab-V3 Win-Trojan/Banker.531968.AC 20141009
Avast Win32:Banker-KEY [Trj] 20141010
Avira TR/ATRAPS.Gen2 20141010
Baidu-International Trojan.Win32.Banload.AX 20141009
BitDefender Trojan.Generic.KDV.927323 20141010
Bkav HW32.Paked.DED1 20141009
CAT-QuickHeal TrojanDownloader.Banload.r2 20141010
CMC Packed.Win32.Obfuscated.10!O 20141009
Comodo TrojWare.Win32.TrojanDownloader.Banload.~ASD 20141010
Cyren W32/Trojan.IPXZ-7302 20141010
DrWeb Trojan.DownLoader8.33920 20141010
ESET-NOD32 Win32/TrojanDownloader.Banload.RYQ 20141010
Emsisoft Trojan.Generic.KDV.927323 (B) 20141010
F-Secure Trojan.Generic.KDV.927323 20141010
GData Trojan.Generic.KDV.927323 20141010
Ikarus Trojan-PWS.Banker6 20141010
Jiangmin TrojanDownloader.Banload.bkms 20141009
K7AntiVirus Riskware ( 0015e4f01 ) 20141009
K7GW Riskware ( 0015e4f01 ) 20141009
Kaspersky Trojan-Downloader.Win32.Banload.cfox 20141010
Kingsoft Win32.Troj.Agent.k.(kcloud) 20141010
Malwarebytes Trojan.Banker.PEC 20141010
McAfee Generic.dx!65BA9FF22E4E 20141010
McAfee-GW-Edition Generic.dx!65BA9FF22E4E 20141009
MicroWorld-eScan Trojan.Generic.KDV.927323 20141010
NANO-Antivirus Trojan.Win32.Banload.cqkwdo 20141010
Norman Suspicious_Gen4.DIUPO 20141010
Panda Trj/Dtcontx.C 20141009
Qihoo-360 Win32/Trojan.Downloader.7e0 20141010
Sophos Mal/Emogen-T 20141010
Symantec Trojan.Gen 20141010
Tencent Win32.Trojan-downloader.Banload.Wptq 20141010
TheHacker Trojan/Downloader.Banload.ryq 20141008
TrendMicro TROJ_BANLOAD.HKI 20141010
TrendMicro-HouseCall TROJ_BANLOAD.HKI 20141010
VBA32 TrojanDownloader.Banload 20141009
VIPRE Trojan.Win32.Generic!BT 20141010
ViRobot Trojan.Win32.A.Downloader.531968.R 20141010
Zillya Downloader.Banload.Win32.53912 20141009
nProtect Trojan.Generic.KDV.927323 20141008
Antiy-AVL 20141010
ByteHero 20141010
ClamAV 20141010
F-Prot 20141009
Fortinet 20141010
Microsoft 20141010
Rising 20141009
SUPERAntiSpyware 20141010
TotalDefense 20141009
Zoner 20141007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-31 23:46:22
Link date 12:46 AM 4/1/2013
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
RegQueryValueExW
InitializeFlatSB
UnrealizeObject
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
OleUninitialize
SysFreeString
LoadStringW
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 27
RT_BITMAP 21
RT_ICON 10
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 36
NEUTRAL 29
PORTUGUESE BRAZILIAN 12
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:04:01 00:46:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1426432

LinkerVersion
2.25

FileAccessDate
2014:10:10 08:56:21+01:00

EntryPoint
0x1000

InitializedDataSize
299520

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:10:10 08:56:21+01:00

UninitializedDataSize
0

File identification
MD5 65ba9ff22e4e9073dda5ecae0fd056a7
SHA1 0dd46f3e46ace98eb09a41a4d33757d40d686fb2
SHA256 81189230b1d4c230132321bc05472b8050c81ccaae719975f84813fd83b68209
ssdeep
12288:Rk6cyZj1xESeg2hiF1A7n9co7ibSIptlx/xxRXeN/JxDS:2JyZBxTegADW4ibSIxzxRuN/XD

authentihash 0babf7cc44ae1bb3d6d4c0ca193bc6ca8309aa779a72ac0b3b1a86a7bd0c6f63
imphash bf06d5320ebc0a7b538be87cdc925cb1
Bestandsgrootte 519.5 KB ( 531968 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (50.1%)
Win32 EXE PECompact compressed (generic) (35.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Win16/32 Executable Delphi generic (1.7%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2013-04-02 05:13:57 UTC (2 jaren, 3 maanden geleden)
Last submission 2013-04-11 14:57:18 UTC (2 jaren, 3 maanden geleden)
Bestandsnamen Fatura.vencida.exe
65BA9FF22E4E9073DDA5ECAE0FD056A7
NF-eletronica-987812165162.Docx.exe
NF-eletronica-987812165162.Docx.ex
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Set keys
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications