× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d24e4a360d580fd1db51a4f4d91b317a39dfc5e228eeea463b44357fa8bc148
File name: AUPOST_info_29287.exe
Detection ratio: 13 / 53
Analysis date: 2016-02-04 10:37:16 UTC ( 3 years ago )
Antivirus Result Update
Antiy-AVL Trojan/Generic.ASMalwS.16FA9DB 20160205
Avast Win32:Malware-gen 20160205
AVG Inject3.ZUY 20160205
Avira (no cloud) TR/Crypt.ZPACK.193504 20160204
DrWeb Trojan.Encoder.3720 20160205
ESET-NOD32 a variant of Win32/Injector.CRIZ 20160205
Kaspersky Trojan.Win32.Waldek.cfc 20160205
Malwarebytes Ransom.TorrentLocker.Generic 20160205
Microsoft Ransom:Win32/Teerac 20160205
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160204
Sophos AV Mal/Generic-S 20160205
TrendMicro Ransom_CRILOCK.NDI 20160205
TrendMicro-HouseCall Ransom_CRILOCK.NDI 20160205
Ad-Aware 20160205
AegisLab 20160205
Yandex 20160204
AhnLab-V3 20160204
Alibaba 20160204
Arcabit 20160205
Baidu-International 20160204
BitDefender 20160205
Bkav 20160204
ByteHero 20160205
CAT-QuickHeal 20160204
ClamAV 20160204
Comodo 20160204
Cyren 20160205
Emsisoft 20160205
F-Prot 20160129
F-Secure 20160205
Fortinet 20160204
GData 20160205
Ikarus 20160204
Jiangmin 20160205
K7AntiVirus 20160204
K7GW 20160205
McAfee 20160205
McAfee-GW-Edition 20160205
eScan 20160205
NANO-Antivirus 20160205
nProtect 20160204
Panda 20160204
Qihoo-360 20160205
SUPERAntiSpyware 20160205
Symantec 20160204
Tencent 20160205
TheHacker 20160203
TotalDefense 20160204
VBA32 20160204
VIPRE 20160205
ViRobot 20160204
Zillya 20160204
Zoner 20160205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-17 09:02:12
Entry Point 0x00011AD6
Number of sections 4
PE sections
PE imports
PolyPolyline
GetCharABCWidthsW
GetTextMetricsW
GetWindowOrgEx
ResizePalette
GetCharABCWidthsA
PathToRegion
GetROP2
GetViewportOrgEx
GetObjectType
CreateMetaFileW
SetColorAdjustment
SetPixel
SetWorldTransform
DeleteObject
GetFontLanguageInfo
OffsetWindowOrgEx
CreateEllipticRgn
SetColorSpace
EqualRgn
GetPolyFillMode
GetDIBits
ExtCreateRegion
SetPixelFormat
GetDCOrgEx
StretchBlt
GetTextFaceA
SwapBuffers
EnumICMProfilesA
ScaleViewportExtEx
CloseFigure
Pie
SetWindowExtEx
Arc
GetKerningPairsA
ExtCreatePen
GetFontData
SetWinMetaFileBits
GetBkColor
MoveToEx
CombineRgn
GetSystemPaletteEntries
OffsetRgn
EnumFontsW
GetCurrentPositionEx
EndPath
EnumFontsA
GetPixel
GetBrushOrgEx
OffsetViewportOrgEx
SetBkMode
RectInRegion
GetRegionData
EnumFontFamiliesA
GetICMProfileW
GetLogColorSpaceA
CreateEnhMetaFileW
SetAbortProc
ScaleWindowExtEx
GetOutlineTextMetricsW
ExtSelectClipRgn
StartDocW
SelectPalette
CloseEnhMetaFile
ExtEscape
LineTo
EnumEnhMetaFile
CancelDC
GetTextColor
StrokePath
SetPixelV
PolyPolygon
SetViewportExtEx
CreatePenIndirect
SetGraphicsMode
PlayMetaFileRecord
GetWindowExtEx
SetBitmapBits
PatBlt
CreatePen
AnimatePalette
GetMetaRgn
Rectangle
GetObjectA
CreateDCA
GetMetaFileBitsEx
DeleteDC
CreateFontIndirectW
GetWorldTransform
GetCharWidthW
StartPage
GetObjectW
CreateDCW
GetCharWidthA
GetEnhMetaFileDescriptionW
CreateBitmap
RectVisible
DeleteColorSpace
GetStockObject
PlayEnhMetaFile
ExtTextOutA
GdiFlush
SelectClipRgn
RoundRect
GetTextAlign
EndPage
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWindowOrgEx
SelectObject
CreatePolygonRgn
GetCharABCWidthsFloatW
Polygon
CreateHalftonePalette
GetBkMode
SaveDC
CreateICW
SetDeviceGammaRamp
MaskBlt
GetRgnBox
GetEnhMetaFilePaletteEntries
ModifyWorldTransform
GetGlyphOutlineA
GetDeviceGammaRamp
RestoreDC
GetBitmapBits
SetMapperFlags
GetTextExtentExPointW
FillPath
CreateDIBSection
SetTextColor
ExtFloodFill
PolyDraw
GetCurrentObject
Escape
DrawEscape
AbortPath
SetArcDirection
CreateCompatibleDC
PolyBezierTo
PolyBezier
BeginPath
SetBrushOrgEx
CreateRectRgn
GetClipRgn
RemoveFontResourceW
CreateSolidBrush
Polyline
CombineTransform
AbortDoc
GetExitCodeProcess
GetCompressedFileSizeA
GetModuleHandleA
GetStartupInfoA
Ord(324)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(1049)
Ord(4425)
Ord(4627)
Ord(3597)
Ord(1096)
Ord(3738)
Ord(4853)
Ord(1009)
Ord(3136)
Ord(2982)
Ord(4353)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(3259)
Ord(1000)
Ord(3081)
Ord(2648)
Ord(4407)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(1020)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1028)
Ord(1727)
Ord(1168)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(1087)
Ord(2385)
Ord(815)
Ord(4486)
Ord(4078)
Ord(5300)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(1046)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(1034)
Ord(5731)
__p__fmode
cos
__CxxFrameHandler
_acmdln
iswprint
log10
_adjust_fdiv
__setusermatherr
_setmbcp
__dllonexit
sin
__getmainargs
_initterm
_controlfp
_onexit
_wperror
__p__commode
__set_app_type
LoadIconA
Number of PE resources by type
RT_DIALOG 10
RT_ICON 9
RT_RCDATA 6
RT_GROUP_ICON 4
ch52na4858 1
TtRn3 1
RT_MENU 1
C6lb06B 1
i780667o 1
RT_VERSION 1
is63u1x 1
Number of PE resources by language
NEUTRAL 36
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.94.152.224

UninitializedDataSize
0

LanguageCode
Unknown (GEOM)

FileFlagsMask
0x003f

CharacterSet
Unknown (ETRICALLY)

InitializedDataSize
491520

EntryPoint
0x11ad6

MIMEType
application/octet-stream

LegalCopyright
2015 (C) 2010

FileVersion
Extinction 0,37,37,96

TimeStamp
2005:05:17 10:02:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Interdependent

ProductVersion
0,66,131,238

FileDescription
Lenient Monument Heave

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SecureWORK, Inc.

CodeSize
69632

ProductName
Granulated Locomotive

ProductVersionNumber
0.41.41.24

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c5f5569310aba4ff72e1fbd6af8950a4
SHA1 a40c8e292a54cc1b070a113f85f7b5c1f8aa5a7e
SHA256 0d24e4a360d580fd1db51a4f4d91b317a39dfc5e228eeea463b44357fa8bc148
ssdeep
12288:6rm2ZDPis21g5XWzHlOEtdXFUFLkTqsOZh06ryrsiOQp:mDnUg5XWzH8EtFauqB0iwsi1

authentihash 0a55481fc9e6f988ba8fd798d31da260658d121aa192b4f7eeb41ac13d85e413
imphash 5cd4b35e7429d23059354857b25bd820
File size 552.0 KB ( 565248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-04 00:36:10 UTC ( 3 years ago )
Last submission 2016-02-04 10:37:16 UTC ( 3 years ago )
File names ahavuken.exe
AUPOST_info_29287.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!