× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0dfa3e50cd2af6581251b11a50ab2bf7e8a956cb4689f885ec929e9fbfe88237
File name: ocadiwer.exe
Detection ratio: 9 / 53
Analysis date: 2016-02-04 08:11:45 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cryptolocker 20160203
Avast Win32:Malware-gen 20160204
AVG FileCryptor.GPZ 20160203
Avira (no cloud) TR/Crypt.Xpack.441507 20160203
ESET-NOD32 Win32/Filecoder.DI 20160203
Fortinet W32/Injector.CRDH!tr 20160203
Kaspersky UDS:DangerousObject.Multi.Generic 20160203
Malwarebytes Ransom.TorrentLocker.Generic 20160204
Microsoft Ransom:Win32/Teerac 20160204
Ad-Aware 20160203
AegisLab 20160203
Yandex 20160203
Alibaba 20160203
ALYac 20160204
Antiy-AVL 20160204
Arcabit 20160203
Baidu-International 20160203
BitDefender 20160203
Bkav 20160203
ByteHero 20160204
CAT-QuickHeal 20160203
ClamAV 20160203
Comodo 20160203
Cyren 20160203
DrWeb 20160204
Emsisoft 20160203
F-Prot 20160129
F-Secure 20160203
GData 20160203
Ikarus 20160204
Jiangmin 20160203
K7AntiVirus 20160203
K7GW 20160203
McAfee 20160203
McAfee-GW-Edition 20160204
eScan 20160203
NANO-Antivirus 20160203
nProtect 20160201
Panda 20160202
Qihoo-360 20160204
Rising 20160204
Sophos AV 20160203
SUPERAntiSpyware 20160203
Symantec 20160202
Tencent 20160204
TheHacker 20160202
TrendMicro 20160204
TrendMicro-HouseCall 20160204
VBA32 20160203
VIPRE 20160203
ViRobot 20160203
Zillya 20160203
Zoner 20160203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-05 15:37:49
Entry Point 0x0000F9D6
Number of sections 4
PE sections
PE imports
GetTokenInformation
OpenProcessToken
SetPrivateObjectSecurity
GetSecurityDescriptorDacl
IsTokenRestricted
ClearEventLogW
InitializeAcl
BuildSecurityDescriptorW
LPtoDP
GetTextCharsetInfo
SetMetaRgn
CreatePolygonRgn
CreateICA
Polygon
GetSystemPaletteEntries
GetWindowOrgEx
GetBkMode
SetColorSpace
GetCurrentPositionEx
TextOutA
CreateICW
FillRgn
AnimatePalette
EndPath
PathToRegion
DeleteEnhMetaFile
GetMapMode
GetPixel
GetGlyphOutlineA
GetBrushOrgEx
CreateDCA
PlayEnhMetaFile
LineTo
SetColorAdjustment
CancelDC
SetBkMode
CopyEnhMetaFileW
GetICMProfileA
SetMetaFileBitsEx
Arc
StartPage
OffsetClipRgn
GetWindowExtEx
GetCharWidthA
GetCharacterPlacementA
CreateHatchBrush
GetRegionData
GetDeviceCaps
CreateEnhMetaFileW
ExtTextOutW
GetOutlineTextMetricsA
SetAbortProc
CreateBitmap
IntersectClipRect
PolyBezierTo
DrawEscape
GetPolyFillMode
ScaleWindowExtEx
GetOutlineTextMetricsW
GetDIBits
ExtCreateRegion
GdiFlush
SelectClipRgn
CreateCompatibleDC
StrokeAndFillPath
StretchBlt
EqualRgn
GetMetaRgn
BeginPath
SetBrushOrgEx
ExtEscape
CreatePen
GetBkColor
GetTextExtentPoint32A
SetPolyFillMode
Pie
GetEnhMetaFileHeader
GetTextColor
SetWindowOrgEx
EnumICMProfilesW
GetStockObject
Escape
ResetDCW
GetCharABCWidthsFloatW
PolyPolygon
GetTextExtentPoint32W
SetMapperFlags
CreatePenIndirect
MaskBlt
GetStartupInfoA
FindResourceExA
GetModuleHandleA
GetFileInformationByHandle
Ord(324)
Ord(3825)
Ord(3147)
Ord(1019)
Ord(2124)
Ord(5199)
Ord(3749)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(4353)
Ord(3136)
Ord(1002)
Ord(2982)
Ord(3079)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(1055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(1049)
Ord(3259)
Ord(3081)
Ord(5065)
Ord(5280)
Ord(1004)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(1070)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(3597)
Ord(2976)
Ord(2985)
Ord(1045)
Ord(2385)
Ord(815)
Ord(1018)
Ord(4486)
Ord(5300)
Ord(4698)
Ord(4998)
Ord(5163)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(4425)
Ord(2512)
Ord(2648)
Ord(4441)
Ord(1032)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(5731)
__CxxFrameHandler
_acmdln
_rotr
__p__fmode
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
wcsncmp
sinh
__getmainargs
__p__winminor
_initterm
_controlfp
__p___argv
_adjust_fdiv
__set_app_type
PeekMessageA
Number of PE resources by type
RT_DIALOG 10
RT_RCDATA 6
RT_ICON 3
RT_GROUP_ICON 3
o76g5I 1
QQ61m 1
EP7362IF4S 1
RT_MENU 1
tP8581222 1
c5VUH2 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 29
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.148.30.214

UninitializedDataSize
0

LanguageCode
Unknown (DISC)

FileFlagsMask
0x003f

CharacterSet
Unknown (RIMINANT)

InitializedDataSize
114688

EntryPoint
0xf9d6

MIMEType
application/octet-stream

LegalCopyright
2016 (C) 2015

FileVersion
Courtesans 0,252,6,135

TimeStamp
2007:01:05 16:37:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Brokered

ProductVersion
0,23,85,235

FileDescription
Counteracting Cosines Contraband

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NTWind Software

CodeSize
61440

ProductName
Convex Features

ProductVersionNumber
0.21.14.118

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a5d5480919a796f440dc3fd57782af30
SHA1 5d813b6425193b26e3a96c03541b6b925b2eabad
SHA256 0dfa3e50cd2af6581251b11a50ab2bf7e8a956cb4689f885ec929e9fbfe88237
ssdeep
3072:vSOLT+CjX7nBy2VyTTfViz+V6yKLXTyKnK2SgtC23e96OrVO:vPv+Cj7nLyTTfS+opuKLStCarV

authentihash efa4fdcb65b0efbed5527c8b647984a0772025439e5b77e33e901ac478a93f4a
imphash 72346e434cdb8fd34b23c53deded82f7
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-04 08:11:45 UTC ( 3 years, 2 months ago )
Last submission 2016-02-04 08:11:45 UTC ( 3 years, 2 months ago )
File names ocadiwer.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!