× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e27d1c5587206b31d7f639ef7eb890ae694e20c5bee1b3ff30a99503624c0af6
File name: SecureMessage.scr
Detection ratio: 11 / 51
Analysis date: 2014-02-05 16:03:08 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Downloader.JQKB 20140205
Avast Win32:Malware-gen 20140205
BitDefender Trojan.Downloader.JQKB 20140205
Commtouch W32/Trojan.CWLL-1333 20140205
Emsisoft Trojan.Downloader.JQKB (B) 20140205
ESET-NOD32 a variant of Win32/Kryptik.BUJZ 20140205
Ikarus Trojan-Spy.Zbot 20140205
Norman Upatre.BD 20140205
Qihoo-360 HEUR/Malware.QVM20.Gen 20140205
Sophos Troj/Upatre-Q 20140205
TrendMicro-HouseCall TROJ_GEN.F0D1H00B514 20140205
AegisLab 20140205
Yandex 20140204
AhnLab-V3 20140205
AntiVir 20140205
Antiy-AVL 20140205
AVG 20140205
Baidu-International 20140205
Bkav 20140125
ByteHero 20140205
CAT-QuickHeal 20140205
ClamAV 20140205
CMC 20140122
Comodo 20140205
DrWeb 20140205
F-Prot 20140205
F-Secure 20140205
Fortinet 20140205
GData 20140205
Jiangmin 20140205
K7AntiVirus 20140205
K7GW 20140205
Kaspersky 20140205
Kingsoft 20140205
Malwarebytes 20140205
McAfee 20140205
McAfee-GW-Edition 20140205
Microsoft 20140205
eScan 20140205
NANO-Antivirus 20140205
nProtect 20140205
Panda 20140205
Rising 20140205
SUPERAntiSpyware 20140205
Symantec 20140205
TheHacker 20140204
TotalDefense 20140205
TrendMicro 20140205
VBA32 20140205
VIPRE 20140205
ViRobot 20140205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-04 05:55:30
Entry Point 0x00002500
Number of sections 5
PE sections
PE imports
LineTo
MoveToEx
CreateFileA
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
DragFinish
DragQueryPoint
DragQueryFileA
GetMessageA
CreateWindowExA
DispatchMessageA
EndPaint
BeginPaint
TranslateMessage
SendMessageA
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:02:04 06:55:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
10.0

EntryPoint
0x2500

InitializedDataSize
12288

SubsystemVersion
5.1

ImageVersion
2.1

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a11a76ac4879020a7769fe6f28f7ce8a
SHA1 84b2c45965a60e510f4a3344700f6c872660c891
SHA256 e27d1c5587206b31d7f639ef7eb890ae694e20c5bee1b3ff30a99503624c0af6
ssdeep
192:uOOLCPoOjkEhL8+mfRKB6X6uziXk0akSvu/oWC0qGtLZUvRE6v5aCpm38eHCRkl:uhLCP1R8XnzvuwT0pZwBeH7l

authentihash 5143432a2aa5bd62f518f50a980af31de6086fcc9b0922a12fb1d9f73b405192
imphash 0472c674d7267dab79104d29a2a3058b
File size 18.5 KB ( 18944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-05 11:11:28 UTC ( 3 years, 4 months ago )
Last submission 2015-06-11 13:46:50 UTC ( 2 years ago )
File names 007649146
a11a76ac4879020a7769fe6f28f7ce8a.exe
a11a76ac4879020a7769fe6f28f7ce8a.scr
a11a76ac4879020a7769fe6f28f7ce8a
file-6561675_exe
SecureMessage.scr
a11a76ac4879020a7769fe6f28f7ce8a.malware
SecureMessage_scr
vti-rescan
c-5cc91-1749-1391598782
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections