× Cookies er deaktiveret! Denne side kræver cookies for at fungere korrekt
SHA256: b97063bcae4dd37c828ced247930f5b103a520ed70037ea0d468a7084522cd69
Filnavn: forsendelse.exe
Opdagelses forhold: 1 / 56
Undersøgelses dato: 2015-10-02 06:53:28 UTC ( 2 år, 1 månediden ) Se seneste
Antivirus Resultat Opdatere
Rising PE:Malware.FakePDF@CV!1.9E05[F1] 20151001
Ad-Aware 20151002
AegisLab 20151001
Yandex 20150930
AhnLab-V3 20151001
Alibaba 20150927
ALYac 20151002
Antiy-AVL 20151001
Arcabit 20151002
Avast 20151002
AVG 20151002
Avira (no cloud) 20151002
AVware 20151002
Baidu-International 20151001
BitDefender 20151002
Bkav 20150929
ByteHero 20151002
CAT-QuickHeal 20151002
ClamAV 20151002
CMC 20150930
Comodo 20151001
Cyren 20151002
DrWeb 20151002
Emsisoft 20151002
ESET-NOD32 20151002
F-Prot 20150929
F-Secure 20151002
Fortinet 20151002
GData 20151002
Ikarus 20151002
Jiangmin 20151001
K7AntiVirus 20151002
K7GW 20151002
Kaspersky 20151002
Kingsoft 20151002
Malwarebytes 20151002
McAfee 20151002
McAfee-GW-Edition 20151002
Microsoft 20151002
eScan 20151002
NANO-Antivirus 20151002
nProtect 20151001
Panda 20151001
Qihoo-360 20151002
Sophos AV 20151002
SUPERAntiSpyware 20151002
Symantec 20151001
Tencent 20151002
TheHacker 20151001
TrendMicro 20151002
TrendMicro-HouseCall 20151002
VBA32 20151001
VIPRE 20151002
ViRobot 20151002
Zillya 20151001
Zoner 20151002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-03-21 11:29:04
Entry Point 0x000117D6
Number of sections 4
PE sections
Overlays
MD5 41db029f78cc3d21d018c6456d83437b
File type data
Offset 487424
Size 175523
Entropy 7.94
PE imports
RegCreateKeyExW
StartServiceA
RegDeleteKeyW
QueryServiceObjectSecurity
RegCreateKeyW
ControlService
OpenEventLogA
RegNotifyChangeKeyValue
DecryptFileW
RegOpenKeyA
CreateServiceA
QueryServiceStatus
RegConnectRegistryW
LogonUserW
SetServiceObjectSecurity
RegisterEventSourceA
RegReplaceKeyW
RegOpenKeyW
RegEnumKeyA
EqualSid
RegConnectRegistryA
LsaEnumerateAccountsWithUserRight
RegOpenKeyExW
RegisterServiceCtrlHandlerA
EnumServicesStatusA
RegUnLoadKeyA
NotifyChangeEventLog
RegSetValueExW
OpenSCManagerW
ReportEventW
BackupEventLogA
LsaClose
QueryServiceLockStatusW
LogonUserA
ReadEventLogW
BackupEventLogW
ChangeServiceConfigW
GetServiceDisplayNameW
PlayEnhMetaFileRecord
GetCharABCWidthsW
GetTextMetricsW
GetNearestColor
SetMetaRgn
SetICMMode
GetCharABCWidthsA
CombineRgn
GetROP2
GetViewportOrgEx
GetMetaFileW
GdiGetBatchLimit
SetPixel
FixBrushOrgEx
SetPaletteEntries
CopyEnhMetaFileA
OffsetWindowOrgEx
GetMiterLimit
CreateEllipticRgn
GetTextFaceW
CreateDIBitmap
GetDIBits
ExtCreateRegion
SetPixelFormat
GetDCOrgEx
StretchBlt
GetTextFaceA
ScaleViewportExtEx
SetWindowExtEx
GetKerningPairsA
ExtCreatePen
GetBkColor
SetRectRgn
MoveToEx
GetDIBColorTable
DeleteEnhMetaFile
GetICMProfileA
CreateFontIndirectW
EnumFontsW
GetCurrentPositionEx
CreateFontIndirectA
EndPath
GetBitmapBits
PolyDraw
CloseMetaFile
TranslateCharsetInfo
OffsetViewportOrgEx
GetEnhMetaFileHeader
SetBkMode
GetCharacterPlacementW
FrameRgn
GetRegionData
GetICMProfileW
GetObjectA
FillRgn
SetAbortProc
GetArcDirection
SelectPalette
StrokePath
GetCharWidth32A
EndPage
GetNearestPaletteIndex
GetCharWidth32W
CreateScalableFontResourceA
CancelDC
SetPixelV
PolyPolygon
PolyTextOutW
CreatePenIndirect
SetGraphicsMode
GetWindowExtEx
CreatePen
GetDeviceCaps
CreateDCA
GetMetaFileBitsEx
DeleteDC
PolyBezierTo
StartPage
CreateDCW
GdiComment
GetEnhMetaFileDescriptionW
CreateHatchBrush
CreatePatternBrush
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
GetPath
GdiFlush
GetCharWidthFloatA
GetTextExtentPoint32A
CreateColorSpaceW
SetTextCharacterExtra
GetTextExtentPointW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetBkMode
SaveDC
SetDeviceGammaRamp
PlgBlt
EnumEnhMetaFile
GetTextExtentExPointA
RestoreDC
SetMapperFlags
CreateDIBPatternBrush
GetStretchBltMode
FillPath
SelectClipPath
SetTextColor
GetCurrentObject
CreateFontA
DrawEscape
CreateCompatibleDC
StrokeAndFillPath
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
RemoveFontResourceA
SelectObject
StartDocA
CopyMetaFileW
SetTextJustification
CreateSolidBrush
Polyline
DPtoLP
AbortDoc
CreateCompatibleBitmap
DeleteMetaFile
CreateProcessW
EnumSystemLocalesW
GetStartupInfoA
LoadLibraryW
GetModuleHandleA
Ord(324)
Ord(3825)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(5199)
Ord(3749)
Ord(4627)
Ord(3597)
Ord(1168)
Ord(4853)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(4353)
Ord(3079)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(4079)
Ord(1775)
Ord(6375)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(641)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(3081)
Ord(5065)
Ord(5714)
Ord(2446)
Ord(3830)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(5289)
Ord(2396)
Ord(5300)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(4486)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(1089)
Ord(2055)
Ord(3798)
Ord(3738)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(4425)
Ord(4673)
Ord(2512)
Ord(2648)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(5731)
_adjust_fdiv
__CxxFrameHandler
_except_handler3
__p__fmode
_lsearch
_acmdln
__p__commode
_setmbcp
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_exit
__set_app_type
GetDesktopWindow
EnableWindow
Number of PE resources by type
RT_ACCELERATOR 15
RT_ICON 12
RT_GROUP_ICON 7
RT_DIALOG 2
RT_MENU 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ROMANIAN 22
GAELIC SCOTTISH 9
NEUTRAL 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.100.184.123

UninitializedDataSize
0

LanguageCode
Unknown (SEMI)

FileFlagsMask
0x003f

CharacterSet
Unknown (COLON)

InitializedDataSize
413696

EntryPoint
0x117d6

MIMEType
application/octet-stream

LegalCopyright
2010 (C) 2015

FileVersion
Summa 0,37,135,76

TimeStamp
2004:03:21 12:29:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Radon

ProductVersion
0,241,89,123

FileDescription
Regressed Strong Scarecrow

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Capital Intellect, Inc.

CodeSize
69632

ProductName
Setswana Spottier

ProductVersionNumber
0.94.138.227

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b57086fc40d8a788eab060dcb2aaa4e8
SHA1 1a3ad0d88c5e0e13536939b06e699b6a8166b4a2
SHA256 b97063bcae4dd37c828ced247930f5b103a520ed70037ea0d468a7084522cd69
ssdeep
12288:Q2RwvLchnvPM5XvRjTH6NuLxTDsVIP7QAnxi+xiAV4:Q2+vLchv05XpjTa4Lx3s2zQAPxim4

authentihash 758a4bef57feb4eed934a9cd4ee6697c5642b6afc880235aa394de1d5a312f8d
imphash 90df69410adda59867d5907b764c014b
File size 647.4 KB ( 662947 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-02 06:53:28 UTC ( 2 år, 1 månediden )
Last submission 2016-02-19 11:00:15 UTC ( 1 år, 9 månederiden )
Filnavne Ekim_Fatura_Turkcell.exe
b97063bcae4dd37c828ced247930f5b103a520ed70037ea0d468a7084522cd69.exe
2015_1002_cryptolocker_b97063bcae4dd37c828ced247930f5b103a520ed70037ea0d468a7084522cd69-
irifiwuc.exe
forsendelse.exe
Advanced heuristic and reputation engines
Ingen kommentarer. Ingen af VirusTotal's medlemmer har kommenteret denne enhed, bliv den første til at gøre dette.

Efterlad din kommentar...

?
Send kommentar

Du er ikke logget ind. Kun registrerede brugere kan skrive kommentarer, log ind!

Ingen stemmer. Ingen har bedømt denne enhed endnu, bliv den første der gør det!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs