× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b0a7f2a03b6718ed522dc3bc63ee43e31823132ba69ea5e7b62740c7d38d0242
File name: Label_101513_USPS.exe
Detection ratio: 4 / 46
Analysis date: 2013-10-15 15:15:32 UTC ( 5 years, 7 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen3 20131015
ESET-NOD32 a variant of Win32/Kryptik.BMQP 20131015
Fortinet W32/Injector.DET!tr 20131015
Kaspersky UDS:DangerousObject.Multi.Generic 20131015
Yandex 20131015
AhnLab-V3 20131015
Antiy-AVL 20131015
Avast 20131015
AVG 20131015
Baidu-International 20131015
BitDefender 20131012
ByteHero 20131011
CAT-QuickHeal 20131015
ClamAV 20131015
Commtouch 20131015
Comodo 20131015
DrWeb 20131015
Emsisoft 20131015
F-Prot 20131015
F-Secure 20131015
GData 20131015
Ikarus 20131015
Jiangmin 20131014
K7AntiVirus 20131015
K7GW 20131014
Kingsoft 20130829
Malwarebytes 20131015
McAfee 20131015
McAfee-GW-Edition 20131015
Microsoft 20131015
eScan 20131015
NANO-Antivirus 20131015
Norman 20131015
nProtect 20131015
Panda 20131015
PCTools 20131002
Rising 20131015
Sophos AV 20131015
SUPERAntiSpyware 20131015
Symantec 20131015
TheHacker 20131015
TotalDefense 20131011
TrendMicro 20131015
TrendMicro-HouseCall 20131015
VBA32 20131015
VIPRE 20131015
ViRobot 20131015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-15 12:40:31
Entry Point 0x00001683
Number of sections 4
PE sections
PE imports
TextOutA
GetCommandLineA
GetLastError
GetModuleHandleA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
PostQuitMessage
UpdateWindow
DispatchMessageA
FillRect
BeginPaint
TranslateMessage
SendMessageA
KillTimer
GetWindowRect
SetWindowPos
EndPaint
DefWindowProcA
ShowWindow
SetTimer
LoadBitmapA
GetDC
RegisterClassExA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:10:15 13:40:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
10752

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1683

InitializedDataSize
14848

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 263acd9fbcfdb78448ff6b11c9b506b4
SHA1 746b55042fe9950bbdbf73ac93ab648d98d18b4e
SHA256 b0a7f2a03b6718ed522dc3bc63ee43e31823132ba69ea5e7b62740c7d38d0242
ssdeep
384:MDkiMR4wa5+uufZY9tfDtO91N0Y/0NEDT9utdgI2MyzNORCFtOflIwo59NV2XBF5:MDkiTwaU29t7tO91q108tdgI2MyzNORH

authentihash 5aa0b42c71f1c6ea43f41369647aa921e1067c2a6f586e122762421a37d6cd2f
imphash 5cdbf67e6579af610fcd31f176bbd81c
File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-15 14:10:29 UTC ( 5 years, 7 months ago )
Last submission 2018-10-08 02:45:39 UTC ( 7 months, 2 weeks ago )
File names malekal_263acd9fbcfdb78448ff6b11c9b506b4
Label_101513_USPS.exe
263acd9fbcfdb78448ff6b11c9b506b4.exe
FORM_101513.exe
b0a7f2a03b6718ed522dc3bc63ee43e31823132ba69ea5e7b62740c7d38d0242
007041277
521fbf1849f74d31e29d5f73943a1492b46424c6
c-54e93-362-1381846203
FORM_101513.ex_
file-6081953_exe
MALWARE Label_101513_USPS.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!