× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 81189230b1d4c230132321bc05472b8050c81ccaae719975f84813fd83b68209
Bestandsnaam: NF-eletronica-987812165162.Docx.ex
Detectieverhouding: 33 / 45
Datum van analyse: 2013-04-23 10:33:43 UTC (11 maanden, 3 weken geleden)
Virusscanner Resultaat Versie
AVG Downloader.Banload.CLIK 20130423
Agnitum Trojan.DL.Banload!Xj1Iq92jn1c 20130422
AhnLab-V3 Win-Trojan/Banker.531968.AC 20130422
AntiVir TR/Drop.Small.AN 20130423
Avast Win32:Banker-KEY [Trj] 20130423
BitDefender Trojan.Generic.KDV.927323 20130423
Commtouch W32/Trojan.IPXZ-7302 20130423
Comodo TrojWare.Win32.TrojanDownloader.Banload.~ASD 20130423
DrWeb Trojan.DownLoader8.33920 20130423
ESET-NOD32 Win32/TrojanDownloader.Banload.RYQ 20130423
Emsisoft Trojan.Win32.Agent.AMN (A) 20130423
F-Secure Trojan.Generic.KDV.927323 20130423
GData Trojan.Generic.KDV.927323 20130423
Ikarus Trojan-PWS.Banker6 20130423
K7AntiVirus Riskware 20130422
K7GW Riskware 20130422
Kaspersky Trojan-Downloader.Win32.Banload.cfox 20130423
Malwarebytes Trojan.Banker.PEC 20130423
McAfee RDN/PWS-Banker!bi 20130423
McAfee-GW-Edition RDN/PWS-Banker!bi 20130423
MicroWorld-eScan Trojan.Generic.KDV.927323 20130423
Norman Suspicious_Gen4.DIUPO 20130423
PCTools Trojan.Gen 20130423
Panda Trj/Dtcontx.C 20130423
Symantec Trojan.Gen 20130423
TheHacker Trojan/Downloader.Banload.ryq 20130422
TrendMicro TROJ_BANLOAD.HKI 20130423
TrendMicro-HouseCall TROJ_BANLOAD.HKI 20130423
VBA32 TrojanDownloader.Banload 20130422
VIPRE Trojan.Win32.Generic!BT 20130423
ViRobot Trojan.Win32.A.Downloader.531968.R 20130423
eSafe Suspicious File 20130423
nProtect Trojan.Generic.KDV.927323 20130423
Antiy-AVL 20130423
ByteHero 20130418
CAT-QuickHeal 20130423
ClamAV 20130423
F-Prot 20130423
Fortinet 20130423
Jiangmin 20130423
Kingsoft 20130422
Microsoft 20130423
NANO-Antivirus 20130423
SUPERAntiSpyware 20130423
TotalDefense 20130423
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-31 23:46:22
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
RegQueryValueExW
InitializeFlatSB
UnrealizeObject
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
OleUninitialize
SysFreeString
LoadStringW
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 27
RT_BITMAP 21
RT_ICON 10
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 36
NEUTRAL 29
PORTUGUESE BRAZILIAN 12
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:04:01 00:46:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1426432

LinkerVersion
2.25

FileAccessDate
2013:04:23 11:35:15+01:00

EntryPoint
0x1000

InitializedDataSize
299520

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2013:04:23 11:35:15+01:00

UninitializedDataSize
0

File identification
MD5 65ba9ff22e4e9073dda5ecae0fd056a7
SHA1 0dd46f3e46ace98eb09a41a4d33757d40d686fb2
SHA256 81189230b1d4c230132321bc05472b8050c81ccaae719975f84813fd83b68209
ssdeep
12288:Rk6cyZj1xESeg2hiF1A7n9co7ibSIptlx/xxRXeN/JxDS:2JyZBxTegADW4ibSIxzxRuN/XD

Bestandsgrootte 519.5 KB ( 531968 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (49.3%)
Win32 EXE PECompact compressed (generic) (34.6%)
Win32 Dynamic Link Library (generic) (5.4%)
Win32 Executable (generic) (5.4%)
Win16/32 Executable Delphi generic (1.7%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2013-04-02 05:13:57 UTC (1 jaar geleden)
Last submission 2013-04-11 14:57:18 UTC (1 jaar geleden)
Bestandsnamen Fatura.vencida.exe
65BA9FF22E4E9073DDA5ECAE0FD056A7
NF-eletronica-987812165162.Docx.exe
NF-eletronica-987812165162.Docx.ex
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Set keys
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications