× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df79f123c6d0edbbcc0333eb3972b2277a59e012d6138da4bece9cdf89e8efeb
File name: NatWest_Financial_Statement.scr
Detection ratio: 3 / 52
Analysis date: 2014-05-23 12:05:56 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Downloader 20140523
McAfee Downloader-FSH!FA4EF3BBE7B6 20140523
Sophos AV Mal/Zbot-QL 20140523
Ad-Aware 20140523
AegisLab 20140523
Yandex 20140522
AntiVir 20140523
Antiy-AVL 20140523
Avast 20140523
AVG 20140523
Baidu-International 20140523
BitDefender 20140523
Bkav 20140523
ByteHero 20140523
CAT-QuickHeal 20140523
ClamAV 20140523
CMC 20140523
Commtouch 20140523
Comodo 20140523
DrWeb 20140523
Emsisoft 20140523
ESET-NOD32 20140523
F-Prot 20140523
F-Secure 20140523
Fortinet 20140523
GData 20140523
Ikarus 20140523
Jiangmin 20140523
K7AntiVirus 20140522
K7GW 20140522
Kaspersky 20140523
Kingsoft 20140523
Malwarebytes 20140523
McAfee-GW-Edition 20140523
Microsoft 20140523
eScan 20140523
NANO-Antivirus 20140523
Norman 20140523
nProtect 20140523
Panda 20140523
Qihoo-360 20140523
Rising 20140522
SUPERAntiSpyware 20140523
Symantec 20140523
Tencent 20140515
TheHacker 20140522
TotalDefense 20140523
TrendMicro 20140523
TrendMicro-HouseCall 20140523
VBA32 20140523
VIPRE 20140523
ViRobot 20140523
Zillya 20140523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2033-01-31 07:09:55
Entry Point 0x000011F4
Number of sections 4
PE sections
PE imports
GetStartupInfoA
HeapCreate
GetModuleHandleA
LoadLibraryW
HeapAlloc
CloseHandle
ExitProcess
GetProcessHeap
GetMessageA
ShowScrollBar
CreateWindowExA
SetWindowTextA
ShowCaret
UpdateWindow
DispatchMessageA
PostQuitMessage
HideCaret
SetCaretPos
SendMessageA
TranslateMessage
DefWindowProcA
ShowWindow
InvalidateRect
SetScrollRange
RegisterClassExA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.1

ImageVersion
0.0

FileVersionNumber
0.0.2.4

UninitializedDataSize
0

LanguageCode
Farsi

FileFlagsMask
0x0000

CharacterSet
Unknown (15A3)

InitializedDataSize
12800

EntryPoint
0x11f4

OriginalFileName
Repose

MIMEType
application/octet-stream

LegalCopyright
Copyright Repose

FileVersion
Version 2.4

TimeStamp
2033:01:31 08:09:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ReposeTool

FileDescription
No description

OSVersion
4.0

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Repose

CodeSize
5632

FileSubtype
0

ProductVersionNumber
0.0.2.4

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fa4ef3bbe7b62c2ba0ac62528870dd7a
SHA1 852d3ad3d8c7fc50cfc895d440f5a5f4943501b9
SHA256 df79f123c6d0edbbcc0333eb3972b2277a59e012d6138da4bece9cdf89e8efeb
ssdeep
192:6E+SXX8lnqvzQdWVZFlptE1uLb4VebSY2FRANJpoSliMl/TcccccbcWccccccczE:6EzXhZz1lJPliMVE

authentihash 51fc09e98557ed2e95e68692b4e8b55a2b4af386e70e0ebff816e732786925f3
imphash cd17e4d52e31ff2ada936dd9e4105655
File size 18.0 KB ( 18432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-23 09:36:07 UTC ( 4 years, 9 months ago )
Last submission 2015-09-18 22:11:29 UTC ( 3 years, 5 months ago )
File names NatWest_Financial_Statement.scr_
NatWest_Financial_Statement.scr
fa4ef3bbe7b62c2ba0ac62528870dd7a.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications