× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 913f7b9eb7d94a3eb76c384c5efc9db3f87de131b0b4f7835d5122fbcaf426d2
Dateiname: google.com_copy_of_complaints.pdf.scr.php
Erkennungsrate: 42 / 55
Analyse-Datum: 2015-10-31 00:42:18 UTC ( vor 1 Jahr, 8 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Trojan.GenericKD.2832196 20151031
Yandex Trojan.DR.Injector!EmcY8CvtBKM 20151030
AhnLab-V3 Trojan/Win32.MDA 20151030
ALYac Trojan.GenericKD.2832196 20151031
Antiy-AVL Trojan/Win32.Yakes 20151031
Arcabit Trojan.Generic.D2B3744 20151031
Avast Win32:Malware-gen 20151031
AVG Inject3.MJE 20151031
Avira (no cloud) TR/Crypt.Xpack.308104 20151031
AVware Trojan.Win32.Generic!BT 20151030
Baidu-International Trojan.Win32.Ransom.aakb 20151030
BitDefender Trojan.GenericKD.2832196 20151031
Bkav W32.VariantRepexit.Trojan 20151029
CAT-QuickHeal TrojanRansom.Cryptodef.r4 20151030
Comodo TrojWare.Win32.Filecoder.~CO 20151030
DrWeb BackDoor.Siggen.60255 20151031
Emsisoft Trojan.Win32.FileCoder (A) 20151031
ESET-NOD32 Win32/Filecoder.CO 20151030
F-Secure Trojan.GenericKD.2832196 20151031
Fortinet W32/Ransom.BOA!tr 20151031
GData Trojan.GenericKD.2832196 20151031
Ikarus Trojan.Win32.Filecoder 20151030
K7AntiVirus Trojan-Downloader ( 004973061 ) 20151030
K7GW Trojan-Downloader ( 004973061 ) 20151030
Kaspersky Trojan-Ransom.Win32.Cryptodef.aakb 20151031
Malwarebytes Trojan.Tinba 20151030
McAfee PWSZbot-FAOK!BD92D1295097 20151031
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20151030
Microsoft Ransom:Win32/Crowti 20151031
eScan Trojan.GenericKD.2832196 20151030
NANO-Antivirus Trojan.Win32.Androm.dyglia 20151030
nProtect Trojan/W32.Cryptodef.224258 20151030
Panda Trj/Genetic.gen 20151030
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151031
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151030
Sophos AV Troj/Ransom-BOA 20151030
Symantec Trojan.Gen 20151030
Tencent Win32.Trojan.Cryptodef.Pitm 20151031
TrendMicro TROJ_CRYPTWALL.CP 20151030
TrendMicro-HouseCall TROJ_CRYPTWALL.CP 20151030
VIPRE Trojan.Win32.Generic!BT 20151030
ViRobot Trojan.Win32.CryptoWall.224258[h] 20151031
AegisLab 20151030
Alibaba 20151030
ByteHero 20151031
ClamAV 20151030
CMC 20151029
Cyren 20151031
F-Prot 20151031
Jiangmin 20151030
SUPERAntiSpyware 20151030
TheHacker 20151030
VBA32 20151030
Zillya 20151030
Zoner 20151030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-21 15:15:36
Entry Point 0x00002DE4
Number of sections 4
PE sections
Overlays
MD5 1b526c26963e902531190ef09d4b7b16
File type Lisp/Scheme program text
Offset 45056
Size 179202
Entropy 8.00
PE imports
GetDeviceCaps
GetModuleFileNameW
GetStartupInfoA
lstrlenA
CreateFileW
GetModuleHandleA
Ord(6197)
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(815)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(4303)
Ord(5577)
Ord(3350)
Ord(5575)
Ord(1949)
Ord(6375)
Ord(4273)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(4413)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(3402)
Ord(6215)
Ord(6625)
Ord(4953)
Ord(4529)
Ord(4531)
Ord(3811)
Ord(2723)
Ord(366)
Ord(922)
Ord(1099)
Ord(641)
Ord(2494)
Ord(796)
Ord(5277)
Ord(2514)
Ord(6379)
Ord(4425)
Ord(3454)
Ord(4353)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(5265)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2011)
Ord(2982)
Ord(617)
Ord(3172)
Ord(2688)
Ord(4526)
Ord(4234)
Ord(5290)
Ord(825)
Ord(2135)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(6209)
Ord(1746)
Ord(567)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(4464)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(3528)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(5981)
Ord(5472)
Ord(4376)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(4615)
Ord(1726)
Ord(4077)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(6052)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4299)
Ord(813)
Ord(2393)
Ord(3748)
Ord(5065)
Ord(2800)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(6877)
Ord(858)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(3346)
Ord(1269)
Ord(5252)
Ord(2626)
Ord(1776)
Ord(818)
Ord(6094)
Ord(6000)
Ord(4623)
Ord(324)
Ord(4341)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4278)
Ord(4349)
Ord(2878)
Ord(3619)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(520)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(5740)
Ord(2820)
Ord(4622)
Ord(561)
Ord(2390)
Ord(434)
Ord(4543)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(560)
Ord(2535)
Ord(529)
Ord(4698)
Ord(4696)
Ord(5163)
Ord(6055)
Ord(296)
Ord(5731)
Ord(4858)
Ord(4432)
Ord(6069)
Ord(5302)
Ord(1825)
Ord(4823)
_except_handler3
__p__fmode
strtol
_adjust_fdiv
__CxxFrameHandler
_acmdln
??1type_info@@UAE@XZ
__p__commode
_setmbcp
__dllonexit
_onexit
_exit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
SetTimer
UpdateWindow
EnableWindow
SendMessageA
ClientToScreen
GetDC
CLSIDFromProgID
Number of PE resources by type
Struct(241) 2
RT_ACCELERATOR 1
RT_ICON 1
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
SPANISH MEXICAN 2
FRENCH CANADIAN 1
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:10:21 16:15:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

EntryPoint
0x2de4

InitializedDataSize
28672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 bd92d129509701465c005bf3e531b606
SHA1 1ae2a3bfa6c94299937a7acfdd884a47abc3cd4c
SHA256 913f7b9eb7d94a3eb76c384c5efc9db3f87de131b0b4f7835d5122fbcaf426d2
ssdeep
6144:mpxjzueuQL9Ylhm/hTn8+dnuqZJRJRfDwl:+dYlQl3dnRRJRfY

authentihash 534cbe81d12dacebe65167235404ce18a38235836b7054917855ffb22f647088
imphash 0af42e409814c35e689f64146595d7d4
File size 219.0 KB ( 224258 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-27 17:16:11 UTC ( vor 1 Jahr, 8 Monate )
Last submission 2015-10-31 00:42:18 UTC ( vor 1 Jahr, 8 Monate )
Dateinamen HOMELINKCOMMUNITIES.COM_copy_of_complaints.pdf.scr
gerardpartnersllc.com_copy_of_complaints.pdf.scr
GANOTHERAPYUSA.COM_copy_of_complaints.pdf.scr
galvestonseawallrental.com_copy_of_complaints.pdf.scr
happy60thdad.com_copy_of_complaints.pdf.scr
gaperguide.com_copy_of_complaints.pdf.scr
AAADFSDAAAA.COM_copy_of_complaints.pdf.scr
DRYDENPHOTOGRAPHY.COM_copy_of_complaints.pdf.scr
GAMBL-NG.COM_copy_of_complaints.pdf.scr
katmezzengine.com_copy_of_complaints.pdf.scr
_copy_of_complaints.pdf.scr
HOMEAUCTIONNETWORK.COM_copy_of_complaints.pdf.scr
hanukahcardsdirect.com_copy_of_complaints.pdf.scr
globalconnet.com_copy_of_complaints.pdf.scr
EQUITYRELEASETOOLKIT.COM_copy_of_complaints.pdf.scr
happyblabla.com_copy_of_complaints.pdf.scr
GALAXYBUILDINGSERVICES.COM_copy_of_complaints.pdf.scr
elsbyproperties.com_copy_of_complaints.pdf.scr
harlistasfilm.com_copy_of_complaints.pdf.scr
globaldatadiscovery.com_copy_of_complaints.pdf.scr
DUIID.COM_copy_of_complaints.pdf.scr
homeartsclubauto.com_copy_of_complaints.pdf.scr
virus_copy_of_complaints.pdf.scr
jordangraetz.com_copy_of_complaints.pdf.scr
driver2-game.com_copy_of_complaints.pdf.scr
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1028.

Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs