× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09ce8ef13352da070dfb23f10fde53fa8d5f0484b71a58a8a94b31cec017cbc9
File name: Reference.scr
Detection ratio: 2 / 50
Analysis date: 2014-02-06 11:27:28 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
Qihoo-360 Malware.QVM20.Gen 20140206
Sophos AV Mal/Generic-S 20140206
Ad-Aware 20140206
Yandex 20140204
AhnLab-V3 20140206
AntiVir 20140206
Antiy-AVL 20140205
Avast 20140206
AVG 20140206
Baidu-International 20140206
BitDefender 20140206
Bkav 20140125
ByteHero 20140206
CAT-QuickHeal 20140206
ClamAV 20140206
CMC 20140122
Commtouch 20140206
Comodo 20140206
DrWeb 20140206
Emsisoft 20140206
ESET-NOD32 20140206
F-Prot 20140206
F-Secure 20140206
Fortinet 20140206
GData 20140206
Ikarus 20140206
Jiangmin 20140206
K7AntiVirus 20140206
K7GW 20140206
Kaspersky 20140206
Kingsoft 20140206
Malwarebytes 20140206
McAfee 20140206
McAfee-GW-Edition 20140206
Microsoft 20140206
eScan 20140206
NANO-Antivirus 20140206
Norman 20140206
nProtect 20140206
Panda 20140206
Rising 20140206
SUPERAntiSpyware 20140206
Symantec 20140206
TheHacker 20140205
TotalDefense 20140205
TrendMicro 20140206
TrendMicro-HouseCall 20140206
VBA32 20140206
VIPRE 20140206
ViRobot 20140206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-05 03:55:00
Entry Point 0x00002400
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
TextOutA
GetStartupInfoA
TlsFree
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
CreateFileA
_except_handler3
_acmdln
__p__fmode
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
DragQueryFileA
GetMessageA
CreateWindowExA
PostQuitMessage
DispatchMessageA
EndPaint
BeginPaint
SendMessageA
TranslateMessage
DefWindowProcA
ShowWindow
RegisterClassA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:02:05 04:55:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6144

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
12800

SubsystemVersion
5.1

EntryPoint
0x2400

OSVersion
5.1

ImageVersion
2.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 91f07d47beca3cb314c89501879c30df
SHA1 e833cd4476f8da13e9ea6fc5f43ad98aabdc701f
SHA256 09ce8ef13352da070dfb23f10fde53fa8d5f0484b71a58a8a94b31cec017cbc9
ssdeep
384:ujOyzd2ajvJIuPJcTh1G4LJjBaECkeiJSUj7xsgNhaKDvdz:WBz/vjmTfG4LJjBaECkegSi7xsYhaKDV

authentihash 731942496bf709e0b05d31bdace2ca66d5da098e26d6916723951765b9665110
imphash 7772dfa3e3a72b92db47c13e7be36e20
File size 19.5 KB ( 19968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-06 10:18:04 UTC ( 5 years, 3 months ago )
Last submission 2015-06-12 11:49:42 UTC ( 3 years, 11 months ago )
File names 91f07d47beca3cb314c89501879c30df.exe
007643215
c-97eab-1769-1391681881
file-6581785_scr
91f07d47beca3cb314c89501879c30df
91f07d47beca3cb314c89501879c30df.scr
Reference.scr
Reference_scr
Reference.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections