× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: ca4a300590221876edc0821898affdf39590ea4565ff96d4fbbfa0892295e3da
Bestandsnaam: PDFVerkleinern.exe
Detectieverhouding: 0 / 53
Datum van analyse: 2014-08-19 02:45:04 UTC (3 jaren, 3 maanden geleden) Laatste weergeven
Virusscanner Resultaat Versie
Ad-Aware 20140819
AegisLab 20140819
Yandex 20140818
AhnLab-V3 20140818
AntiVir 20140818
Antiy-AVL 20140819
Avast 20140819
AVG 20140819
AVware 20140819
Baidu-International 20140818
BitDefender 20140819
Bkav 20140818
ByteHero 20140819
CAT-QuickHeal 20140818
ClamAV 20140819
CMC 20140818
Commtouch 20140819
Comodo 20140819
DrWeb 20140819
Emsisoft 20140819
ESET-NOD32 20140818
F-Prot 20140819
F-Secure 20140819
Fortinet 20140819
GData 20140819
Ikarus 20140819
Jiangmin 20140815
K7AntiVirus 20140818
K7GW 20140818
Kaspersky 20140819
Kingsoft 20140819
Malwarebytes 20140819
McAfee 20140819
McAfee-GW-Edition 20140818
Microsoft 20140818
eScan 20140819
NANO-Antivirus 20140819
Norman 20140818
nProtect 20140818
Panda 20140818
Qihoo-360 20140819
Rising 20140818
Sophos AV 20140819
SUPERAntiSpyware 20140819
Symantec 20140819
Tencent 20140819
TheHacker 20140817
TotalDefense 20140819
TrendMicro 20140819
TrendMicro-HouseCall 20140819
VBA32 20140818
VIPRE 20140819
ViRobot 20140819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
PDF Verkleinern

Publisher PDFVerkleinern.com
Product PDF Verkleinern
Original name PDFVerkleinern.exe
Internal name PDFVerkleinern
File version 3.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-19 01:46:27
Entry Point 0x00003088
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
Ord(518)
__vbaGenerateBoundsError
__vbaStrFixstr
__vbaInputFile
Ord(616)
__vbaRedimPreserveVar
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaObjVar
Ord(580)
__vbaStopExe
__vbaUI1Var
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
__vbaRefVarAry
__vbaRecDestruct
__vbaCyVar
_adj_fdiv_r
_allmul
__vbaUI1I2
__vbaRecAnsiToUni
Ord(320)
__vbaChkstk
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
__vbaVarMul
__vbaRecAssign
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaDerefAry
__vbaI4Var
__vbaFPInt
__vbaRecUniToAnsi
Ord(608)
__vbaFreeStr
Ord(670)
__vbaLateIdCallLd
Ord(631)
__vbaVarNot
__vbaStrI2
__vbaStrR8
Ord(588)
__vbaFPFix
Ord(709)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
Ord(655)
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(516)
__vbaStrVarCopy
__vbaR8Cy
Ord(531)
__vbaVarInt
Ord(607)
__vbaLenBstr
Ord(525)
Ord(617)
Ord(561)
Ord(681)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Zombie_GetTypeInfoCount
__vbaUbound
__vbaVarTstLt
__vbaDerefAry1
__vbaFreeVar
__vbaBoolVarNull
Ord(556)
__vbaStrI4
__vbaLbound
__vbaFileOpen
Ord(571)
__vbaI2Str
Ord(321)
_CIsin
__vbaStrR4
Ord(606)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
__vbaStrMove
__vbaVarDiv
Ord(711)
__vbaOnError
_adj_fdivr_m32i
Ord(579)
__vbaInStrVar
__vbaStrCat
__vbaVarDup
_adj_fdiv_m32
__vbaVarNeg
__vbaPrintFile
EVENT_SINK_Release
__vbaStrCmp
__vbaErase
__vbaBoolVar
__vbaVarLateMemSt
__vbaAryVarVarg
__vbaFreeObjList
Ord(650)
Ord(592)
__vbaVarIndexLoad
EVENT_SINK_GetIDsOfNames
Ord(319)
Ord(666)
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
Ord(657)
__vbaStrVarMove
Ord(618)
__vbaExitProc
__vbaRaiseEvent
__vbaVarOr
__vbaVarTstNe
EVENT_SINK_Invoke
__vbaCastObj
__vbaLateMemCallLd
Ord(529)
__vbaVarTstGe
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
Ord(532)
_CIcos
Zombie_GetTypeInfo
Ord(651)
Ord(528)
__vbaStrErrVarCopy
__vbaVarCmpNe
__vbaVarMove
Ord(646)
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaLateIdSt
__vbaR8IntI2
__vbaAryUnlock
__vbaVarCmpEq
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
Ord(619)
Ord(537)
Ord(563)
__vbaWriteFile
Ord(712)
__vbaLenVar
__vbaEnd
Ord(644)
__vbaI4Abs
Ord(685)
__vbaLateMemSt
__vbaVarIndexStore
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaObjIs
__vbaVarVargNofree
__vbaCyMulI2
Ord(591)
__vbaI4ErrVar
Ord(632)
Ord(645)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
Ord(100)
__vbaRecDestructAnsi
__vbaCastObjVar
Ord(519)
__vbaNextEachCollObj
__vbaUI1I4
Ord(526)
_CIsqrt
__vbaVarCopy
__vbaLenBstrB
__vbaStrCopy
_CIatan
__vbaI2Abs
__vbaLateMemCall
_CItan
__vbaR8Var
__vbaLateMemStAd
__vbaObjSet
__vbaRedimVar
__vbaVarCat
_CIexp
__vbaStrToAnsi
__vbaFpR4
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
135168

ImageVersion
3.0

ProductName
PDF Verkleinern

FileVersionNumber
3.0.0.0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
PDFVerkleinern.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0

TimeStamp
2014:08:19 02:46:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PDFVerkleinern

FileAccessDate
2014:08:19 03:45:40+01:00

ProductVersion
3.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:08:19 03:45:40+01:00

FileOS
Win32

LegalCopyright
PDF Verkleinern

MachineType
Intel 386 or later, and compatibles

CompanyName
PDFVerkleinern.com

CodeSize
1130496

FileSubtype
0

ProductVersionNumber
3.0.0.0

EntryPoint
0x3088

ObjectFileType
Executable application

File identification
MD5 550c9186f345686b361fa1b303a6964d
SHA1 b37fec9d1e0c5ab3163e87f6eaf711868de9f319
SHA256 ca4a300590221876edc0821898affdf39590ea4565ff96d4fbbfa0892295e3da
ssdeep
12288:6ofqx76GR+sTxwX5tSkxKVxmQ35XMl5R+k+:6cqlWYxQSsKVxmQ3Vj1

authentihash 2a872d02f7832a08963de7659a21b1faa60a518c61d2da30acdca159c555c74d
imphash 3d4069298f9cc5c87c14212f0da05a2c
Bestandsgrootte 1.2 MB ( 1257472 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (63.9%)
Win32 Executable MS Visual C++ (generic) (24.3%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Generic Win/DOS Executable (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-19 02:45:04 UTC (3 jaren, 3 maanden geleden)
Last submission 2014-08-19 02:45:04 UTC (3 jaren, 3 maanden geleden)
Bestandsnamen PDFVerkleinern.exe
PDFVerkleinern
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications