× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1b7e194848522c4bee4a870ef4f74c5b8cec030cb3f61ce60f55db8d67f14fb8
File name: bolletta_193587.exe
Detection ratio: 0 / 56
Analysis date: 2015-09-08 09:28:18 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150908
AegisLab 20150908
Yandex 20150907
AhnLab-V3 20150908
Alibaba 20150902
ALYac 20150908
Antiy-AVL 20150908
Arcabit 20150905
Avast 20150908
AVG 20150908
Avira (no cloud) 20150908
AVware 20150901
Baidu-International 20150908
BitDefender 20150908
Bkav 20150907
ByteHero 20150908
CAT-QuickHeal 20150908
ClamAV 20150908
CMC 20150908
Comodo 20150908
Cyren 20150908
DrWeb 20150908
Emsisoft 20150908
ESET-NOD32 20150908
F-Prot 20150908
F-Secure 20150908
Fortinet 20150908
GData 20150908
Ikarus 20150908
Jiangmin 20150907
K7AntiVirus 20150908
K7GW 20150908
Kaspersky 20150908
Kingsoft 20150908
Malwarebytes 20150908
McAfee 20150908
McAfee-GW-Edition 20150907
Microsoft 20150908
eScan 20150908
NANO-Antivirus 20150908
nProtect 20150907
Panda 20150907
Qihoo-360 20150908
Rising 20150906
Sophos AV 20150908
SUPERAntiSpyware 20150908
Symantec 20150907
Tencent 20150908
TheHacker 20150907
TrendMicro 20150908
TrendMicro-HouseCall 20150908
VBA32 20150907
VIPRE 20150908
ViRobot 20150908
Zillya 20150908
Zoner 20150908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-07-31 01:43:38
Entry Point 0x0000EEF6
Number of sections 4
PE sections
Overlays
MD5 fdd59e90d942dafd89b96509e73872d3
File type data
Offset 466944
Size 172276
Entropy 7.96
PE imports
BuildImpersonateTrusteeA
FlatSB_ShowScrollBar
PropertySheetA
InitCommonControlsEx
FlatSB_GetScrollProp
ImageList_ReplaceIcon
DestroyPropertySheetPage
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_Merge
ImageList_Remove
ImageList_GetBkColor
Ord(4)
Ord(5)
Ord(8)
ImageList_SetDragCursorImage
ImageList_EndDrag
Ord(13)
GetStartupInfoA
GlobalMemoryStatus
GetModuleHandleA
LoadLibraryW
GetProcessVersion
DeleteFileW
Ord(324)
Ord(3825)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(1775)
Ord(4425)
Ord(4627)
Ord(3597)
Ord(3738)
Ord(4853)
Ord(6375)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(4353)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(4079)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(3081)
Ord(2648)
Ord(5714)
Ord(2446)
Ord(3830)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(5300)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(4486)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(1089)
Ord(1168)
Ord(641)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(4673)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
_setmbcp
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
EnableWindow
Number of PE resources by type
RT_ICON 13
RT_ACCELERATOR 8
RT_GROUP_ICON 4
RT_DIALOG 3
RT_MENU 3
RT_VERSION 1
Number of PE resources by language
GREEK DEFAULT 15
ENGLISH UK 9
MACEDONIAN DEFAULT 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

FileOS
Win32

TimeStamp
2008:07:31 02:43:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
6.0

FileSubtype
0

ProductVersionNumber
0.202.148.32

FileTypeExtension
exe

InitializedDataSize
401408

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileVersionNumber
0.200.124.59

EntryPoint
0xeef6

UninitializedDataSize
0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ebacb76eb45d6800da6f4f074ae24e61
SHA1 fed384fab96133a2bcb0403ab60ba19d039cc9e2
SHA256 1b7e194848522c4bee4a870ef4f74c5b8cec030cb3f61ce60f55db8d67f14fb8
ssdeep
12288:bVZzCCFbWxf0GuGgUT8I0Z3MyTe+8HegPloRoOAlb:LCCFbM0GNgUJqT8+eBb

authentihash ee17af315e2c04c733968d9f3d4aba7f2027e39718e9792a99b1245394910c55
imphash 0ddb84a7944cc3a02c49d8dd93f1b812
File size 624.2 KB ( 639220 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-08 09:14:28 UTC ( 3 years, 6 months ago )
Last submission 2015-09-16 19:33:38 UTC ( 3 years, 6 months ago )
File names Adres_Degisikligi_Form.exe
Adres_Degisikligi_Form.exe
bolletta_193587.exe
bolletta_193587.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs