× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 513946f92ace2ba7733a7d7d922a23c31c28ab60163ba91f63aede8aca271030
File name: Statement-pdf.scr
Detection ratio: 8 / 53
Analysis date: 2014-05-15 14:31:32 UTC ( 5 years ago ) View latest
Antivirus Result Update
AVG Zbot.B68 20140515
Baidu-International Trojan.Win32.Kryptik.bCBXB 20140515
ESET-NOD32 a variant of Win32/Kryptik.CBXB 20140515
McAfee Artemis!612139D8E139 20140515
McAfee-GW-Edition Artemis!612139D8E139 20140515
Qihoo-360 Win32/Trojan.d33 20140515
Sophos AV Mal/Zbot-QL 20140515
Tencent Win32.Trojan.Falsesign.Wkvh 20140515
Ad-Aware 20140515
AegisLab 20140515
Yandex 20140515
AhnLab-V3 20140515
AntiVir 20140515
Antiy-AVL 20140515
Avast 20140515
BitDefender 20140515
Bkav 20140515
ByteHero 20140515
CAT-QuickHeal 20140515
ClamAV 20140515
CMC 20140512
Commtouch 20140515
Comodo 20140515
DrWeb 20140515
Emsisoft 20140515
F-Prot 20140515
F-Secure 20140515
Fortinet 20140515
GData 20140515
Ikarus 20140515
Jiangmin 20140515
K7AntiVirus 20140515
K7GW 20140515
Kaspersky 20140515
Kingsoft 20140515
Malwarebytes 20140515
Microsoft 20140515
eScan 20140515
NANO-Antivirus 20140515
Norman 20140515
nProtect 20140515
Panda 20140515
Rising 20140507
SUPERAntiSpyware 20140515
Symantec 20140515
TheHacker 20140513
TotalDefense 20140515
TrendMicro 20140515
TrendMicro-HouseCall 20140515
VBA32 20140514
VIPRE 20140515
ViRobot 20140515
Zillya 20140514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 7:01 AM 5/8/2016
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1990-06-07 17:17:13
Entry Point 0x00002F05
Number of sections 4
PE sections
Overlays
MD5 cb57b78228a9481b69fdcae70509c2ff
File type data
Offset 20480
Size 5008
Entropy 7.28
PE imports
GetStartupInfoA
WriteFile
lstrcatA
GetModuleHandleA
HeapCreate
FindClose
FindFirstFileA
DeleteFileA
FindNextFileA
lstrcpyA
HeapDestroy
HeapAlloc
CloseHandle
CreateFileA
Sleep
LoadLibraryA
GetMessageA
CreateWindowExA
UpdateWindow
DispatchMessageA
TranslateMessage
SendMessageA
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1990:06:07 18:17:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8704

LinkerVersion
9.0

EntryPoint
0x2f05

InitializedDataSize
11264

SubsystemVersion
5.0

ImageVersion
4.3

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 612139d8e139b253aabe577b146e406b
SHA1 86716da1268f15f8113123d9ec5022978f1fa9fc
SHA256 513946f92ace2ba7733a7d7d922a23c31c28ab60163ba91f63aede8aca271030
ssdeep
192:1nHfTp5xvcswHzNM94mjeBQDltK0ljYMdq0yAIx3yFks1gGFwKdmPCp1rar1KHeM:9f3xvczMVeWDlXj/zAHG+Kgm8r1xeME

authentihash 921d7993fcf046feea18dfbf55e52652e3343c5c6895620ad3436e612d5875c5
imphash ddc96024643ac3ea9d013998137ac854
File size 24.9 KB ( 25488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-05-15 11:38:25 UTC ( 5 years ago )
Last submission 2015-09-18 21:58:51 UTC ( 3 years, 8 months ago )
File names Statement-pdf.exe
008492545
statement.php?r=jpzhxjv
file-6987394_scr
612139d8e139b253aabe577b146e406b.scr
Statement-pdf_scr
Statement-pdf.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.