× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 687c7d8030b9f15bd2ef857116ef8c0c6fe83aa998ff32dab406beb0d4e759c2
File name: Documents.scr
Detection ratio: 2 / 55
Analysis date: 2014-09-11 20:39:20 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Generic.pak!cobra 20140911
DrWeb Trojan.Dyre.25 20140911
Ad-Aware 20140911
AegisLab 20140911
Yandex 20140911
AhnLab-V3 20140911
Antiy-AVL 20140911
Avast 20140911
AVG 20140911
Avira (no cloud) 20140911
Baidu-International 20140911
BitDefender 20140911
Bkav 20140911
ByteHero 20140911
CAT-QuickHeal 20140911
ClamAV 20140910
CMC 20140908
Comodo 20140911
Cyren 20140911
Emsisoft 20140911
ESET-NOD32 20140911
F-Prot 20140911
F-Secure 20140911
Fortinet 20140911
GData 20140911
Ikarus 20140911
Jiangmin 20140911
K7AntiVirus 20140911
K7GW 20140911
Kaspersky 20140911
Kingsoft 20140911
Malwarebytes 20140911
McAfee 20140911
McAfee-GW-Edition 20140911
Microsoft 20140911
eScan 20140911
NANO-Antivirus 20140911
Norman 20140911
nProtect 20140911
Panda 20140911
Qihoo-360 20140911
Rising 20140911
Sophos AV 20140911
SUPERAntiSpyware 20140911
Symantec 20140911
Tencent 20140911
TheHacker 20140911
TotalDefense 20140911
TrendMicro 20140911
TrendMicro-HouseCall 20140911
VBA32 20140911
VIPRE 20140911
ViRobot 20140911
Zillya 20140910
Zoner 20140910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1973-02-27 17:40:04
Entry Point 0x00001430
Number of sections 4
PE sections
PE imports
lstrcpynW
DeleteCriticalSection
GetModuleHandleA
EnterCriticalSection
GetStartupInfoA
InitializeCriticalSection
InterlockedExchange
InterlockedDecrement
Sleep
LoadLibraryA
LeaveCriticalSection
InterlockedIncrement
_except_handler3
__p__fmode
_adjust_fdiv
_acmdln
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_exit
__set_app_type
SendMessageW
UpdateWindow
RegisterClassExW
GetMessageW
TranslateMessage
DefWindowProcW
LoadStringW
LoadIconW
CreateWindowExW
PostQuitMessage
ShowWindow
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ARABIC SAUDI ARABIA 4
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
7.0

ImageVersion
0.0

FileVersionNumber
0.2.5.11

UninitializedDataSize
0

LanguageCode
Unknown (6B4C)

FileFlagsMask
0x0000

CharacterSet
Unknown (32B1)

InitializedDataSize
16896

EntryPoint
0x1430

OriginalFileName
BOLTY

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
Version 2.1.1

TimeStamp
1973:02:27 18:40:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BOLTY

FileDescription
BOLTY progect

OSVersion
4.0

FileOS
Windows 32-bit

LegalCopyright
Copyright by Negro

MachineType
Intel 386 or later, and compatibles

CompanyName
BOLTY

CodeSize
6144

FileSubtype
0

ProductVersionNumber
0.2.5.11

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 79b1f47c0dfd99f974d2920a381ad91f
SHA1 c440b90511dcbe337e04dd56ce582f8c7441e891
SHA256 687c7d8030b9f15bd2ef857116ef8c0c6fe83aa998ff32dab406beb0d4e759c2
ssdeep
192:tbJVvBjraenIHX9+f1qulZjYpjorHq1oynIJguqv4E5rMdPqaDdDWLkqUN:tbTpjG7X9ehZjYp4K11p5rMhXh6UN

authentihash 616280d3013ea9e50a825a4b674af6fd398e492429935a50d2a4e9063e8919fa
imphash 33e2107d589315886e239f043e91b418
File size 22.0 KB ( 22528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-09-11 17:30:57 UTC ( 4 years, 8 months ago )
Last submission 2014-09-12 14:16:33 UTC ( 4 years, 8 months ago )
File names Documents.scr
79b1f47c0dfd99f974d2920a381ad91f.scr
79b1f47c0dfd99f974d2920a381ad91f
qDVHKK8vSU.chm
file-7447253_scr
687c7d8030b9f15bd2ef857116ef8c0c6fe83aa998ff32dab406beb0d4e759c2.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications