× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1c3a24492f53fa16107f2ec01294bf188c32dc6c7a407a814b76685e4176a71a
File name: CH_Case_21032014.scr
Detection ratio: 3 / 49
Analysis date: 2014-03-21 10:11:43 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
McAfee Downloader-FSH!56EFCC1A40D0 20140321
McAfee-GW-Edition Downloader-FSH!56EFCC1A40D0 20140321
Qihoo-360 HEUR/Malware.QVM20.Gen 20140321
Ad-Aware 20140321
AegisLab 20140321
Yandex 20140320
AhnLab-V3 20140320
AntiVir 20140321
Antiy-AVL 20140320
Avast 20140321
AVG 20140321
Baidu-International 20140321
BitDefender 20140321
Bkav 20140321
ByteHero 20140321
CAT-QuickHeal 20140320
ClamAV 20140321
CMC 20140319
Commtouch 20140321
Comodo 20140321
DrWeb 20140321
Emsisoft 20140321
ESET-NOD32 20140321
F-Prot 20140321
F-Secure 20140321
Fortinet 20140321
GData 20140321
Ikarus 20140321
Jiangmin 20140321
K7AntiVirus 20140320
K7GW 20140320
Kaspersky 20140321
Kingsoft 20130829
Malwarebytes 20140321
Microsoft 20140321
eScan 20140321
NANO-Antivirus 20140321
Norman 20140321
nProtect 20140321
Panda 20140320
Rising 20140320
Sophos AV 20140321
SUPERAntiSpyware 20140321
Symantec 20140321
TheHacker 20140320
TotalDefense 20140321
TrendMicro 20140321
TrendMicro-HouseCall 20140321
VBA32 20140320
VIPRE 20140321
ViRobot 20140321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-08-03 14:49:31
Entry Point 0x00001CD5
Number of sections 4
PE sections
PE imports
GetTextExtentPoint32A
GetModuleHandleA
GetStartupInfoA
GetTickCount
CloseHandle
CreateDirectoryA
GetMessageA
CharLowerA
SetWindowTextA
DispatchMessageA
EndDialog
ShowCursor
PostMessageA
TranslateMessage
SendMessageA
MessageBoxA
GetDlgItem
DestroyCursor
ScrollWindow
DialogBoxParamA
DestroyMenu
SetScrollInfo
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:08:03 16:49:31+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
5.12

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

EntryPoint
0x1cd5

InitializedDataSize
13312

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 56efcc1a40d009650897aa9a05eea965
SHA1 a040cb660f53672812b522b51cf3a1759ab16ae6
SHA256 1c3a24492f53fa16107f2ec01294bf188c32dc6c7a407a814b76685e4176a71a
ssdeep
192:0KRkIYzBtHHr5ns/U/hydSfNCMAOVKXzfm/++e1j+QkC4duC8ffg0WYm:0KRkN9H9ncmClvD+mPkChLW

authentihash 384c50dd7b26f3c2ede95f39b89b240bdd15615967dde3f037196cdfc857282b
imphash ca493c3ccf68b676fe34cfa87494e1a8
File size 19.0 KB ( 19456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-21 08:30:57 UTC ( 5 years, 2 months ago )
Last submission 2018-10-09 14:24:32 UTC ( 7 months, 2 weeks ago )
File names gmo1
56efcc1a40d009650897aa9a05eea965.scr
56efcc1a40d009650897aa9a05eea965.malware
56efcc1a40d009650897aa9a05eea965
CH_Case_21032014.exe
file-6749056_scr
CH_Case_21032014.scr
c-fb14b-2555-1395390781
CH_Case_21032014_scr
6.exe
56efcc1a40d009650897aa9a05eea965.exe
56efcc1a40d009650897aa9a05eea965.malwarezip
56efcc1a40d009650897aa9a05eea965
007919335
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications