× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d8ec411516159ec752aef930991d3c981c9d64ac8be7fe9121339df52fbda83
File name: 67482_wk38_2015.scr
Detection ratio: 2 / 56
Analysis date: 2015-09-17 11:31:43 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150917
Rising PE:Malware.RDM.46!5.34[F1] 20150916
Ad-Aware 20150917
AegisLab 20150917
Yandex 20150916
AhnLab-V3 20150916
Alibaba 20150917
ALYac 20150917
Antiy-AVL 20150917
Arcabit 20150917
Avast 20150917
AVG 20150917
Avira (no cloud) 20150917
AVware 20150917
Baidu-International 20150917
BitDefender 20150917
Bkav 20150917
ByteHero 20150917
CAT-QuickHeal 20150916
ClamAV 20150917
CMC 20150916
Comodo 20150917
Cyren 20150917
DrWeb 20150917
Emsisoft 20150917
ESET-NOD32 20150917
F-Prot 20150917
F-Secure 20150917
Fortinet 20150917
GData 20150917
Ikarus 20150917
Jiangmin 20150916
K7AntiVirus 20150917
K7GW 20150917
Kaspersky 20150917
Kingsoft 20150917
Malwarebytes 20150917
McAfee 20150917
McAfee-GW-Edition 20150916
Microsoft 20150917
eScan 20150917
NANO-Antivirus 20150917
nProtect 20150917
Panda 20150916
Sophos AV 20150917
SUPERAntiSpyware 20150917
Symantec 20150916
Tencent 20150917
TheHacker 20150916
TrendMicro 20150917
TrendMicro-HouseCall 20150917
VBA32 20150916
VIPRE 20150917
ViRobot 20150917
Zillya 20150916
Zoner 20150917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-11 09:08:11
Entry Point 0x00003291
Number of sections 3
PE sections
PE imports
GetStartupInfoA
HeapFree
CreateThread
lstrlenA
LoadResource
LockResource
GetCommandLineW
ExitProcess
HeapAlloc
GetLocalTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
FindResourceA
GetModuleHandleA
GetProcessHeap
CommandLineToArgvW
GetMessageA
CreateWindowExA
LoadIconA
DrawTextA
LoadStringA
DispatchMessageA
EndPaint
BeginPaint
PostMessageA
SendMessageA
DefWindowProcA
GetClientRect
TranslateMessage
PostQuitMessage
ShowWindow
DestroyWindow
UpdateWindow
RegisterClassExA
WTSRegisterSessionNotification
WTSVirtualChannelRead
WTSWaitSystemEvent
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DUTCH 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
25600

ImageVersion
0.0

ProductName
PrimeTime Inc. watcher

FileVersionNumber
1.0.2.5

LanguageCode
Manipuri

FileFlagsMask
0x0000

FileDescription
Components PrimeTime Inc.

CharacterSet
Unknown (1690)

LinkerVersion
1.7

FileTypeExtension
exe

OriginalFileName
watcher.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.2.5

TimeStamp
2014:02:11 10:08:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PrimeTime Inc. Components

ProductVersion
1.0.2.5

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Components patcher all 2014-2015 PrimeTime Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
PrimeTime Inc.

CodeSize
10752

FileSubtype
0

ProductVersionNumber
1.0.2.5

EntryPoint
0x3291

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0d9c66ffedce257ea346d2c7567310ac
SHA1 8fc10bdee572e28254cf7c9ca641e729a45fd389
SHA256 1d8ec411516159ec752aef930991d3c981c9d64ac8be7fe9121339df52fbda83
ssdeep
768:r//e4AYcSHECkQrBgfhvp5YpiP0qHEjtEZInPiMXTIq6EzUEG3cElDEnrAEEd97k:r//exSpZNWvHYw5HEjtEZInPiMXTIq6+

authentihash 07f3eaaed5ef3dc6755d08e3393ff1fd5f32a704e6ba325c451f6d10b213e3d7
imphash e57b96a4193f6a60977e9b656038ba81
File size 36.5 KB ( 37376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-17 10:47:47 UTC ( 3 years, 8 months ago )
Last submission 2016-04-05 14:09:22 UTC ( 3 years, 1 month ago )
File names 0d9c66ffedce257ea346d2c7567310ac
CpeCTQP5O.sys
0d9c66ffedce257ea346d2c7567310ac
0d9c66ffedce257ea346d2c7567310ac.exe
0d9c66ffedce257ea346d2c7567310ac.scr
67482_wk38_2015.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs