× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7b04220bc9c21161ba5f6aac8cd7bc2c7951aa80fc68b2d196cb9da7a78dc8d
File name: invoice_090914.scr
Detection ratio: 8 / 55
Analysis date: 2014-09-09 15:42:44 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.Xpack.90493 20140909
Bkav HW32.Inectrj.xmes 20140909
ESET-NOD32 a variant of Win32/Kryptik.CKTV 20140909
McAfee Packed-CA!A75CA176F4A8 20140909
McAfee-GW-Edition BehavesLike.Win32.BadFile.nm 20140909
Microsoft VirTool:Win32/Obfuscator.WT 20140909
Qihoo-360 HEUR/Malware.QVM20.Gen 20140909
Sophos AV Mal/Generic-S 20140909
Ad-Aware 20140909
AegisLab 20140909
Yandex 20140909
AhnLab-V3 20140909
Antiy-AVL 20140909
Avast 20140909
AVG 20140909
AVware 20140909
Baidu-International 20140909
BitDefender 20140909
ByteHero 20140909
CAT-QuickHeal 20140909
ClamAV 20140908
CMC 20140908
Comodo 20140909
Cyren 20140909
DrWeb 20140909
Emsisoft 20140909
F-Prot 20140909
F-Secure 20140909
Fortinet 20140909
GData 20140909
Ikarus 20140909
Jiangmin 20140908
K7AntiVirus 20140909
K7GW 20140909
Kaspersky 20140909
Kingsoft 20140909
Malwarebytes 20140909
eScan 20140909
NANO-Antivirus 20140909
Norman 20140909
nProtect 20140907
Panda 20140909
Rising 20140909
SUPERAntiSpyware 20140909
Symantec 20140909
Tencent 20140909
TheHacker 20140908
TotalDefense 20140909
TrendMicro 20140909
TrendMicro-HouseCall 20140909
VBA32 20140909
VIPRE 20140909
ViRobot 20140909
Zillya 20140909
Zoner 20140908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-30 14:22:00
Entry Point 0x00003584
Number of sections 4
PE sections
PE imports
CDLocateRng
MD5Final
MD5Init
MD5Update
DCICreateOverlay
DCIDestroy
DCICloseProvider
GetSystemTime
DeviceIoControl
CopyFileW
FileTimeToSystemTime
WaitForSingleObject
CreateHardLinkA
HeapAlloc
GetVolumePathNameA
FindNextVolumeW
GetShortPathNameA
GetCurrentDirectoryW
GetLogicalDriveStringsA
CreateDirectoryA
DeleteFileA
SetErrorMode
GetLocalTime
FoldStringW
GetProcAddress
GetProcessHeap
OpenMutexA
lstrcpynW
CompareStringW
SetEnvironmentVariableW
lstrcmpA
FindFirstFileA
CreateSemaphoreW
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
CreateEventW
IsValidCodePage
TlsGetValue
GetTickCount
GetLocaleInfoW
WriteConsoleW
DrawTextA
MessageBoxW
DispatchMessageA
GetMessageW
DrawIcon
EnumDesktopsA
LoadImageA
PeekMessageA
SetCursorPos
DialogBoxParamW
FindWindowA
LoadCursorA
GetCaretPos
PostMessageW
CreateDesktopW
CharToOemA
GetThemeFont
GetThemeSysSize
GetThemeColor
GetThemeEnumValue
IsThemeActive
OpenThemeData
GetThemeInt
DrawThemeBackground
GetWindowTheme
GetThemeTextMetrics
CloseThemeData
WTSVirtualChannelClose
WTSSetSessionInformationA
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSQueryUserToken
WTSTerminateProcess
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSSendMessageA
WTSLogoffSession
WTSUnRegisterSessionNotification
WTSWaitSystemEvent
WTSVirtualChannelOpen
WTSEnumerateServersA
Number of PE resources by type
RT_ICON 1
Struct(15) 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:07:30 15:22:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
16384

SubsystemVersion
4.0

EntryPoint
0x3584

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a75ca176f4a8ab869e53db06c53dae30
SHA1 722c32098528e9d53501ccf6ee6cefa0d7e9c136
SHA256 e7b04220bc9c21161ba5f6aac8cd7bc2c7951aa80fc68b2d196cb9da7a78dc8d
ssdeep
768:AjTySkJn2FwuwPLo84WsZdyQX3Z9fDQ3I:Av/elzZ4fXvDQ3I

authentihash 2ae15805b65485b026d3f9c88a13c80b516205a5ad1566140292a421fed1cd6b
imphash 74165a58ab32c4f4c4a44ca2b018b685
File size 33.0 KB ( 33792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-09 12:39:11 UTC ( 3 years, 2 months ago )
Last submission 2015-04-05 20:01:23 UTC ( 2 years, 7 months ago )
File names a75ca176f4a8ab869e53db06c53dae30.scr
invoice_090914.scr
e7b04220bc9c21161ba5f6aac8cd7bc2c7951aa80fc68b2d196cb9da7a78dc8d.exe
OGTYITyw61.pps
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications