× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b63849f3a01b730e17fcfea526df5c235eae897a561b9dce4ecc1b762aba3ff
File name: AUSPOST_parcel_19785.exe
Detection ratio: 2 / 57
Analysis date: 2016-04-13 03:43:57 UTC ( 3 years ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Backdoor.hc 20160413
Qihoo-360 QVM07.1.Malware.Gen 20160413
Ad-Aware 20160413
AegisLab 20160413
AhnLab-V3 20160412
Alibaba 20160413
ALYac 20160413
Antiy-AVL 20160413
Arcabit 20160413
Avast 20160413
AVG 20160412
Avira (no cloud) 20160412
AVware 20160413
Baidu 20160412
Baidu-International 20160412
BitDefender 20160413
Bkav 20160412
CAT-QuickHeal 20160413
ClamAV 20160412
CMC 20160412
Comodo 20160413
Cyren 20160413
DrWeb 20160413
Emsisoft 20160413
ESET-NOD32 20160413
F-Prot 20160413
F-Secure 20160413
Fortinet 20160404
GData 20160413
Ikarus 20160412
Jiangmin 20160413
K7AntiVirus 20160412
K7GW 20160404
Kaspersky 20160412
Kingsoft 20160413
Malwarebytes 20160412
McAfee 20160413
Microsoft 20160413
eScan 20160413
NANO-Antivirus 20160413
nProtect 20160412
Panda 20160412
Rising 20160413
Sophos AV 20160413
SUPERAntiSpyware 20160413
Symantec 20160413
Tencent 20160413
TheHacker 20160412
TotalDefense 20160412
TrendMicro 20160413
TrendMicro-HouseCall 20160413
VBA32 20160412
VIPRE 20160413
ViRobot 20160413
Yandex 20160412
Zillya 20160412
Zoner 20160413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-26 17:50:48
Entry Point 0x000166E0
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
InitiateSystemShutdownA
StartServiceW
OpenSCManagerW
RegisterEventSourceA
RegisterServiceCtrlHandlerA
GetTextCharsetInfo
GetDIBColorTable
GetRgnBox
SetDeviceGammaRamp
SetStretchBltMode
GetBrushOrgEx
TranslateCharsetInfo
DeleteDC
GetTextExtentPointA
StretchBlt
SetPixel
SetPaletteEntries
GetBkMode
CreateDIBSection
GdiSetBatchLimit
SetTextColor
GetObjectA
CreateFontA
ExtTextOutW
DescribePixelFormat
CreateBitmap
MoveToEx
GetStockObject
EnumFontFamiliesExW
SelectPalette
ExtTextOutA
GetDIBits
SetTextAlign
CreateFontW
GetFontLanguageInfo
SetROP2
CreateRectRgn
SetWindowExtEx
GetTextColor
Polyline
CreateHatchBrush
SetBkColor
GetBkColor
GetSystemTime
GetLastError
FreeConsole
GlobalFindAtomW
BuildCommDCBA
GetPrivateProfileStructA
FindFirstChangeNotificationA
FileTimeToSystemTime
GetProcessTimes
CreateMailslotA
DuplicateHandle
GetLocalTime
GetCPInfo
DisconnectNamedPipe
GetStartupInfoA
GetPriorityClass
BuildCommDCBAndTimeoutsW
GetConsoleTitleA
GetUserDefaultLCID
FindNextChangeNotification
CompareStringW
GlobalAddAtomW
GlobalReAlloc
GetModuleHandleA
CreatePipe
GlobalFix
GlobalFlags
GetTempPathW
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
GetProcessWorkingSetSize
Thread32First
FormatMessageW
GetProcessShutdownParameters
GlobalAlloc
CreateProcessW
FindAtomA
GetFileType
GetTimeFormatA
DrawEdge
GetForegroundWindow
GetClassInfoExW
PostMessageA
SetMenuItemBitmaps
BeginPaint
CreateCaret
PostQuitMessage
SetMenuContextHelpId
GetDialogBaseUnits
GetPropA
GetClipboardData
SetWindowWord
IsCharAlphaW
TranslateMDISysAccel
SetWindowPlacement
DdeSetUserHandle
SetMenuItemInfoA
SetActiveWindow
DispatchMessageW
ShowWindow
SetClipboardData
LoadStringW
CharLowerBuffA
CloseWindowStation
TrackPopupMenuEx
GetSubMenu
SendMessageTimeoutA
CountClipboardFormats
DlgDirListA
FillRect
RegisterHotKey
CheckDlgButton
CloseDesktop
IsRectEmpty
CreateCursor
CharNextW
PostThreadMessageA
Number of PE resources by type
RT_ICON 13
RT_DIALOG 5
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 14
FRENCH BELGIAN 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
4022272

ImageVersion
0.0

ProductName
Euro Plus d.o.o. Apologia

FileVersionNumber
0.50.203.164

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Darkish

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Averaged.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2016

TimeStamp
2016:05:26 18:50:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bestowed

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Appends Dear 2012

MachineType
Intel 386 or later, and compatibles

CompanyName
Euro Plus d.o.o.

CodeSize
90112

FileSubtype
0

ProductVersionNumber
0.156.115.72

EntryPoint
0x166e0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fd626696d8d7100a30c113dd2e2301ca
SHA1 4cc692e39f4be309728200591b77bf0cb12b10a7
SHA256 0b63849f3a01b730e17fcfea526df5c235eae897a561b9dce4ecc1b762aba3ff
ssdeep
12288:aSazTHtR44kXz33J9AK3qk8j/PSVrjAjbQHlAZI8OPxRNl:4zTNeXb3x3sOV/AoFAqLJHl

authentihash 462d276d1e32a57247906d6212aac2aa6bf902ff0f567faf96b0cf2d2832119d
imphash 46e2e3eed4d114a42752b1e87b82c786
File size 524.0 KB ( 536576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-13 03:43:57 UTC ( 3 years ago )
Last submission 2016-04-15 11:25:04 UTC ( 3 years ago )
File names tkucutag.exe
AUSPOST_parcel_19785.exe
AUSPOST_parcel_19785.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!