× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6e67b7965d0fd2f154567923b31c6052b6c9ffd3d161d9b362dd6e1172f6fb7
File name: doc.google.com
Detection ratio: 10 / 56
Analysis date: 2016-12-29 12:51:04 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Heur.Advml.Gen!c 20161229
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9947 20161207
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Invincea trojan.win32.dorv.b!rfn 20161216
K7GW Trojan ( 700001211 ) 20161229
McAfee Trojan-FKRL!978474C72703 20161229
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20161229
Rising Backdoor.Win32.Androm.acx (classic) 20161229
Symantec Heur.AdvML.B 20161229
Zoner Trojan.Agent 20161229
Ad-Aware 20161229
AhnLab-V3 20161229
Alibaba 20161223
ALYac 20161229
Antiy-AVL 20161229
Arcabit 20161229
Avast 20161229
AVG 20161229
Avira (no cloud) 20161229
AVware 20161229
BitDefender 20161229
Bkav 20161229
CAT-QuickHeal 20161229
ClamAV 20161229
CMC 20161229
Comodo 20161229
Cyren 20161229
DrWeb 20161229
Emsisoft 20161229
ESET-NOD32 20161229
F-Prot 20161229
F-Secure 20161229
Fortinet 20161229
GData 20161229
Ikarus 20161229
Jiangmin 20161229
K7AntiVirus 20161229
Kaspersky 20161229
Kingsoft 20161229
Malwarebytes 20161229
McAfee-GW-Edition 20161229
Microsoft 20161229
eScan 20161229
NANO-Antivirus 20161229
nProtect 20161229
Panda 20161228
Sophos 20161229
SUPERAntiSpyware 20161229
Tencent 20161229
TheHacker 20161226
TrendMicro 20161229
TrendMicro-HouseCall 20161229
Trustlook 20161229
VBA32 20161228
VIPRE 20161229
ViRobot 20161229
WhiteArmor 20161221
Yandex 20161228
Zillya 20161229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-02 20:38:03
Entry Point 0x00005724
Number of sections 4
PE sections
Overlays
MD5 01e7360ff44fd89c67e5d7c321263240
File type data
Offset 45056
Size 40249
Entropy 7.99
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:01:02 21:38:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
4.0

EntryPoint
0x5724

InitializedDataSize
0

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 978474c72703406bd605e4c7233dc33e
SHA1 e19ba0a2db7157d27d2ff756ef98d86029480192
SHA256 e6e67b7965d0fd2f154567923b31c6052b6c9ffd3d161d9b362dd6e1172f6fb7
ssdeep
1536:wUn5qN7KRPrnOuZJ0EMua286iRvdfLKP40Q:wUn587KRrrZJ0ENiRvdfTT

authentihash 74b9663e7a88569df28ae29a8daeeca3aee6070a3fbe39a1d6ce318682f5b7bb
File size 83.3 KB ( 85305 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-12-29 12:45:39 UTC ( 2 months, 3 weeks ago )
Last submission 2017-01-25 19:10:28 UTC ( 1 month, 3 weeks ago )
File names Chrome_Font(3).exe
doc.google.com
Chrome_Font.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications