× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f933d533bb84725662e676b7d6fb616ab68959488454bc015675da9c1b4f38e
File name: office.exe
Detection ratio: 25 / 57
Analysis date: 2015-01-29 19:33:26 UTC ( 4 ani, 3 luni ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.22722 20150129
AhnLab-V3 Worm/Win32.Autorun 20150129
ALYac Gen:Variant.Symmi.22722 20150129
AVG Win32/Cryptor 20150129
Avira (no cloud) BDS/Zegost.Gen4 20150129
AVware Trojan-Downloader.Tibs.gen (v) 20150129
BitDefender Gen:Variant.Symmi.22722 20150129
CAT-QuickHeal Trojan.Dynamer.AC3 20150129
Emsisoft Gen:Variant.Symmi.22722 (B) 20150129
ESET-NOD32 a variant of Win32/Agent.VNC 20150129
F-Prot W32/Wonton.B2.gen!Eldorado 20150129
F-Secure Gen:Variant.Symmi.22722 20150129
Fortinet W32/Agent.VNC!tr 20150129
GData Gen:Variant.Symmi.22722 20150129
Ikarus Trojan.FBAccountLock 20150129
Kaspersky HEUR:Trojan.Win32.Generic 20150129
Malwarebytes Trojan.Zbot.WHE 20150129
McAfee Trojan-FEMT!18EB16E3A0BB 20150129
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gh 20150129
eScan Gen:Variant.Symmi.22722 20150129
Norman Agent.BELJE 20150129
Sophos AV Troj/Wonton-FE 20150129
TrendMicro TSPY_NIVDORT.SMB 20150129
TrendMicro-HouseCall TSPY_NIVDORT.SMB 20150129
VIPRE Trojan-Downloader.Tibs.gen (v) 20150129
AegisLab 20150129
Yandex 20150129
Alibaba 20150129
Antiy-AVL 20150129
Avast 20150129
Baidu-International 20150129
Bkav 20150129
ByteHero 20150129
ClamAV 20150129
CMC 20150129
Comodo 20150129
Cyren 20150129
DrWeb 20150129
Jiangmin 20150128
K7AntiVirus 20150129
K7GW 20150129
Kingsoft 20150129
Microsoft 20150129
NANO-Antivirus 20150129
nProtect 20150129
Panda 20150129
Qihoo-360 20150129
Rising 20150129
SUPERAntiSpyware 20150129
Symantec 20150129
Tencent 20150129
TheHacker 20150129
TotalDefense 20150128
VBA32 20150129
ViRobot 20150129
Zillya 20150129
Zoner 20150127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-30 10:12:30
Entry Point 0x00037CB3
Number of sections 3
PE sections
PE imports
SetSecurityDescriptorDacl
GetSidSubAuthority
GetSecurityDescriptorDacl
MakeAbsoluteSD
AddAccessDeniedObjectAce
InitializeSecurityDescriptor
MakeAbsoluteSD2
GetSecurityDescriptorOwner
GetFileSecurityA
AccessCheckByTypeResultList
SetSecurityDescriptorSacl
EqualPrefixSid
GetStdHandle
GetConsoleOutputCP
GetPrivateProfileStructA
InterlockedPopEntrySList
DeactivateActCtx
GetDriveTypeA
GetHandleInformation
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetTimeZoneInformation
FreeEnvironmentStringsW
FileTimeToSystemTime
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
GetEnvironmentVariableA
FindClose
TlsGetValue
SetLastError
GetSystemTime
GetWriteWatch
Beep
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
RaiseException
CancelDeviceWakeupRequest
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointer
TlsSetValue
CreateDirectoryExA
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
SetUnhandledExceptionFilter
AllocateUserPhysicalPages
DebugActiveProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
SetEvent
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
MoveFileWithProgressA
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetProcessIoCounters
CreateDirectoryA
BackupWrite
FindActCtxSectionGuid
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileA
CompareStringA
DuplicateHandle
GetBinaryTypeA
GetTimeZoneInformation
WriteConsoleA
IsDebuggerPresent
GetFileType
GetPrivateProfileSectionA
CreateFileA
HeapAlloc
PrepareTape
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetDevicePowerState
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
MapUserPhysicalPages
WideCharToMultiByte
HeapSize
GetCommandLineA
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
ReadFile
PulseEvent
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
OpenSemaphoreA
VirtualFree
Sleep
ReadFileEx
VirtualAlloc
SetWindowRgn
GetScrollRange
SetLayeredWindowAttributes
DestroyWindow
CallMsgFilterA
GetMouseMovePointsEx
CheckRadioButton
DestroyCaret
SetMenuContextHelpId
GetClassInfoA
DrawFrameControl
SetWindowWord
RegisterDeviceNotificationA
IsWindow
SetMessageQueue
EndPaint
GetMessageExtraInfo
ScrollDC
LookupIconIdFromDirectoryEx
GetSysColor
SwapMouseButton
SwitchDesktop
RemovePropA
SetWindowTextA
GetListBoxInfo
CreateWindowExA
DrawMenuBar
AllowSetForegroundWindow
CopyIcon
GetWindowLongA
IsClipboardFormatAvailable
CreateMenu
EnumDisplaySettingsA
GetTopWindow
AdjustWindowRect
CreateIcon
GetDesktopWindow
GetClassNameA
ModifyMenuA
GetAncestor
WindowFromDC
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:10:30 11:12:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
295936

LinkerVersion
9.0

EntryPoint
0x37cb3

InitializedDataSize
144896

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 18eb16e3a0bbe158b6fb97a37ddbdce6
SHA1 b0eff6e8caba7295f0cbd7165125ef7f4c152b76
SHA256 8f933d533bb84725662e676b7d6fb616ab68959488454bc015675da9c1b4f38e
ssdeep
12288:MGSUerlYkmD0p6ihs1rCHaBikvgBVgs12o:vperlYkmD0p6ieZC6BiIgB

authentihash 5a95338bebc2390394ea3224d9571b608ef824d35c265265216b1f9fb12c89b7
imphash bf33c1c864493084eb68283113eccc04
File size 423.5 KO ( 433664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Clipper DOS Executable (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-29 19:33:26 UTC ( 4 ani, 3 luni ago )
Last submission 2015-01-29 19:33:26 UTC ( 4 ani, 3 luni ago )
File names office.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections