× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02300906d2995f0ca2a02d927b957e04f95bdf28d7bb914ffb4019fcfb578d61
File name: easykur.exe
Detection ratio: 1 / 55
Analysis date: 2016-07-12 11:10:13 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20160712
Ad-Aware 20160712
AegisLab 20160712
AhnLab-V3 20160711
Alibaba 20160712
ALYac 20160712
Antiy-AVL 20160712
Arcabit 20160712
Avast 20160712
AVG 20160712
Avira (no cloud) 20160712
AVware 20160712
Baidu 20160712
BitDefender 20160712
Bkav 20160712
CAT-QuickHeal 20160712
ClamAV 20160712
CMC 20160711
Comodo 20160712
Cyren 20160712
DrWeb 20160712
Emsisoft 20160712
ESET-NOD32 20160712
F-Prot 20160712
F-Secure 20160712
Fortinet 20160712
GData 20160712
Ikarus 20160712
Jiangmin 20160712
K7AntiVirus 20160712
K7GW 20160712
Kingsoft 20160712
Malwarebytes 20160712
McAfee 20160712
McAfee-GW-Edition 20160712
Microsoft 20160712
eScan 20160712
NANO-Antivirus 20160712
nProtect 20160712
Panda 20160711
Qihoo-360 20160712
Sophos AV 20160712
SUPERAntiSpyware 20160712
Symantec 20160712
Tencent 20160712
TheHacker 20160712
TotalDefense 20160712
TrendMicro 20160712
TrendMicro-HouseCall 20160712
VBA32 20160711
VIPRE 20160712
ViRobot 20160712
Yandex 20160711
Zillya 20160711
Zoner 20160712
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Tina Yaz?l?m ve Int. Tek. Ltd. ?ti.

File version 2.2.1
Description EasyCafe Software Ste
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-04-25 14:37:12
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 fd6d129e53420ad4b2c1c57b57b913f0
File type data
Offset 14848
Size 11153618
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
5632

ImageVersion
4.0

FileVersionNumber
2.2.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.2.1

TimeStamp
2000:04:25 15:37:12+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
EasyCafe Software Ste

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Tina Yaz l m ve Int. Tek. Ltd. ti.

MachineType
Intel 386 or later, and compatibles

CompanyName
Tina Yaz l m ve Int. Tek. Ltd. ti.

CodeSize
8704

FileSubtype
0

ProductVersionNumber
2.2.1.0

EntryPoint
0x21af

ObjectFileType
Executable application

File identification
MD5 0e4b7719248e8ecf28d79493aa60e2ad
SHA1 ab180d59965580a663f3c1fe627a5c057c4fa2a2
SHA256 02300906d2995f0ca2a02d927b957e04f95bdf28d7bb914ffb4019fcfb578d61
ssdeep
196608:1KYPgk2223BL29lTKdtb4V1YVi+4JJi1nV8BnQ47++jgKyJHra:1Kd5xLdk4Vi8nVcQ47+JKyM

authentihash ebfc3214b97f0ce9cda8947505194b5eec6fbdac6f560643faced94dd9d31a77
imphash 5318cd03ef5b5da86800f1483484cfd0
File size 10.7 MB ( 11168466 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (96.9%)
Win32 Dynamic Link Library (generic) (1.3%)
Win32 Executable (generic) (0.9%)
Generic Win/DOS Executable (0.4%)
DOS Executable Generic (0.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2009-10-03 21:05:25 UTC ( 8 years, 7 months ago )
Last submission 2015-04-01 09:57:50 UTC ( 3 years, 1 month ago )
File names easykur.exe
easykur.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs