× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1dda68b78e84caf63bb32cae2dc1bd82111e49db85d127a36cb715e2e4ef3b16
File name: DenbighshireCC.scr
Detection ratio: 5 / 55
Analysis date: 2015-10-27 13:40:48 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Arcabit Trojan.A18224C47 20151027
ESET-NOD32 a variant of Win32/Kryptik.ECIE 20151027
Kaspersky UDS:DangerousObject.Multi.Generic 20151027
Panda Trj/Genetic.gen 20151027
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20151027
Ad-Aware 20151027
AegisLab 20151027
Yandex 20151026
AhnLab-V3 20151027
Alibaba 20151027
ALYac 20151027
Antiy-AVL 20151027
Avast 20151027
AVG 20151027
Avira (no cloud) 20151027
AVware 20151027
Baidu-International 20151027
BitDefender 20151027
Bkav 20151027
ByteHero 20151027
CAT-QuickHeal 20151027
ClamAV 20151027
CMC 20151026
Comodo 20151027
Cyren 20151027
DrWeb 20151027
Emsisoft 20151027
F-Prot 20151027
F-Secure 20151027
Fortinet 20151027
GData 20151027
Ikarus 20151027
Jiangmin 20151026
K7AntiVirus 20151027
K7GW 20151027
Malwarebytes 20151027
McAfee 20151027
McAfee-GW-Edition 20151027
Microsoft 20151027
eScan 20151027
NANO-Antivirus 20151027
nProtect 20151027
Rising 20151026
Sophos AV 20151027
SUPERAntiSpyware 20151027
Symantec 20151026
Tencent 20151027
TheHacker 20151026
TrendMicro 20151027
TrendMicro-HouseCall 20151027
VBA32 20151027
VIPRE 20151027
ViRobot 20151027
Zillya 20151027
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-02 12:40:47
Entry Point 0x00005216
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
SizeofResource
GetLocaleInfoA
GetCurrentProcessId
LockResource
GetCommandLineW
CreateThread
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
lstrcatW
TlsFree
GetProcessHeap
LeaveCriticalSection
RaiseException
GetCPInfo
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentProcess
GetTimeFormatA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
IsDebuggerPresent
TerminateProcess
GetEnvironmentStrings
QueryPerformanceCounter
WideCharToMultiByte
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
FindResourceA
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
CommandLineToArgvW
SetFocus
UpdateWindow
EndDialog
BeginPaint
DefWindowProcW
FindWindowW
GetMessageW
PostQuitMessage
ShowWindow
RegisterClassExW
DialogBoxParamW
TranslateMessage
PostMessageW
DispatchMessageW
SendMessageW
GetClientRect
IsIconic
LoadCursorW
LoadIconW
CreateWindowExW
EndPaint
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_ICON 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
RHAETO ROMANCE DEFAULT 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:02 13:40:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39424

LinkerVersion
5.0

EntryPoint
0x5216

InitializedDataSize
35840

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 93300bb1d93faf9944e9ba640e82cad6
SHA1 4c479cf979f7057e0fb1be3e7d7b72c23402e076
SHA256 1dda68b78e84caf63bb32cae2dc1bd82111e49db85d127a36cb715e2e4ef3b16
ssdeep
1536:RwCX6wnEKTI2Tk7Abk8C3D+E5q+hOaFOo2ODz3a:qCX6aEy8IM5q+hOm3a

authentihash 29e14b98e94890b265e823ae9dc3391d9b7d4d66ef4cc6bfef2cec890d8d30ed
imphash bf42c74b404498c1d4210a777a36e8d0
File size 71.0 KB ( 72704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-27 10:27:04 UTC ( 3 years, 6 months ago )
Last submission 2016-01-28 16:16:28 UTC ( 3 years, 3 months ago )
File names DenbighshireCC.scr
93300bb1d93faf9944e9ba640e82cad6
http___intouch.sage.scr
New_Cardholder_Application.scr
New_Cardholder_Application_scr
a.exe
93300bb1d93faf9944e9ba640e82cad6.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Runtime DLLs