× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ed3c094d49e3e9e3fa500bb937cb2543bf08d4efc8a915615545dcf1ba9d0a8
File name: FAX-1400166434-707348006719-154.scr
Detection ratio: 4 / 55
Analysis date: 2015-07-17 11:39:38 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Upatre.buu (v) 20150717
Kaspersky UDS:DangerousObject.Multi.Generic 20150717
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20150717
VIPRE Trojan.Win32.Upatre.buu (v) 20150717
Ad-Aware 20150717
AegisLab 20150717
Yandex 20150717
AhnLab-V3 20150717
Alibaba 20150717
ALYac 20150717
Antiy-AVL 20150717
Arcabit 20150717
Avast 20150717
AVG 20150717
Avira (no cloud) 20150717
Baidu-International 20150717
BitDefender 20150717
Bkav 20150717
ByteHero 20150717
CAT-QuickHeal 20150717
ClamAV 20150716
Comodo 20150717
Cyren 20150717
DrWeb 20150717
Emsisoft 20150717
ESET-NOD32 20150717
F-Prot 20150717
F-Secure 20150716
Fortinet 20150717
GData 20150717
Ikarus 20150717
Jiangmin 20150716
K7AntiVirus 20150717
K7GW 20150717
Kingsoft 20150717
Malwarebytes 20150717
McAfee 20150717
McAfee-GW-Edition 20150716
Microsoft 20150717
eScan 20150717
NANO-Antivirus 20150717
nProtect 20150717
Panda 20150717
Rising 20150713
Sophos AV 20150717
SUPERAntiSpyware 20150717
Symantec 20150717
Tencent 20150717
TheHacker 20150713
TrendMicro 20150717
TrendMicro-HouseCall 20150717
VBA32 20150717
ViRobot 20150717
Zillya 20150717
Zoner 20150717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-28 12:07:09
Entry Point 0x00006AB4
Number of sections 3
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitCommonControlsEx
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
SizeofResource
GetLocaleInfoA
GetCurrentProcessId
LockResource
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
LeaveCriticalSection
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
GetTimeFormatA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
IsDebuggerPresent
TerminateProcess
GetEnvironmentStrings
QueryPerformanceCounter
InitializeCriticalSection
LoadResource
WriteFile
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
FindResourceA
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
GetMessageA
CreateWindowExA
SetWindowTextA
LoadIconA
LoadStringA
DispatchMessageA
PostQuitMessage
PostMessageA
SendMessageA
TranslateMessage
DefWindowProcA
ShowWindow
UpdateWindow
RegisterClassExA
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_BITMAP 2
RT_CURSOR 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
BELARUSIAN DEFAULT 10
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
41472

ImageVersion
6.9

ProductName
MissFuture

FileVersionNumber
1.1.3.32

UninitializedDataSize
0

LanguageCode
Unknown (02A9)

FileFlagsMask
0x0000

CharacterSet
Unknown (5810)

LinkerVersion
7.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.1.3.32

TimeStamp
2014:03:28 13:07:09+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.32

FileDescription
MissFuture

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MissFuture

CodeSize
36352

FileSubtype
0

ProductVersionNumber
1.1.3.32

EntryPoint
0x6ab4

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2cb619f59c10a9877b672d66ab17edf9
SHA1 42b1fb6ed57308b6873d8ac0fc9b958854ac9a38
SHA256 0ed3c094d49e3e9e3fa500bb937cb2543bf08d4efc8a915615545dcf1ba9d0a8
ssdeep
1536:Fyquf4wXGlvu/4ScG2hksUHfk+FlN2NoNvRYX+yRf:0ow21u/emfk+p2WNvRYX+yp

authentihash aad0fb2eb407ae989e0c446d8fde76361fdf1ea7f2cac25ff2966a15de0f75cb
imphash e0db9493366ea7231ec184554e4ce365
File size 77.0 KB ( 78848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-17 09:41:05 UTC ( 3 years, 10 months ago )
Last submission 2016-02-24 21:42:29 UTC ( 3 years, 2 months ago )
File names FAX-1400166434-707348006719-154.scr
2cb619f59c10a9877b672d66ab17edf9.scr
FAX-14001664.bin
0ed3c094d49e3e9e3fa500bb937cb2543bf08d4efc8a915615545dcf1ba9d0a8.exe
O9qHEEK.tar.bz2
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections