× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1fa7952beab93e9522021fa7ed2231605a573f3fa3f68f1d5e609673a4321138
File name: Cameshoulder.exe
Detection ratio: 51 / 64
Analysis date: 2018-05-16 05:43:22 UTC ( 4 days, 19 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6338367 20180516
AegisLab Troj.Spy.W32.Ursnif!c 20180516
AhnLab-V3 Spyware/Win32.Ursnif.C2329864 20180515
Antiy-AVL Trojan[Spy]/Win32.Ursnif 20180516
Arcabit Trojan.Generic.D60B73F 20180516
Avast Win32:Malware-gen 20180516
AVG Win32:Malware-gen 20180516
Avira (no cloud) TR/Crypt.ZPACK.jyjdc 20180516
AVware Trojan.Win32.Generic!BT 20180428
BitDefender Trojan.GenericKD.6338367 20180516
CAT-QuickHeal Trojan-Spy.Ursnif 20180515
Comodo .UnclassifiedMalware 20180516
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20180418
Cylance Unsafe 20180516
Cyren W32/Trojan.YZYB-7657 20180516
Emsisoft Trojan.GenericKD.6338367 (B) 20180516
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win32/Spy.Ursnif.AO 20180516
F-Prot W32/Ursnif.JE 20180516
F-Secure Trojan.GenericKD.6338367 20180516
Fortinet W32/Kryptik.GBED!tr 20180516
GData Win32.Trojan.Agent.TCN897 20180516
Ikarus Trojan.Crypt 20180515
Sophos ML heuristic 20180503
Jiangmin TrojanSpy.Ursnif.azi 20180516
K7AntiVirus Trojan ( 00521f3d1 ) 20180516
K7GW Trojan ( 00521f3d1 ) 20180516
Kaspersky Trojan-Spy.Win32.Ursnif.xsu 20180516
Malwarebytes Spyware.Ursnif 20180516
MAX malware (ai score=100) 20180516
McAfee Generic.ayb 20180516
McAfee-GW-Edition Generic.ayb 20180516
Microsoft TrojanSpy:Win32/Ursnif 20180516
eScan Trojan.GenericKD.6338367 20180516
NANO-Antivirus Trojan.Win32.Ursnif.ewoiix 20180516
nProtect Trojan-Spy/W32.Ursnif.1392128 20180516
Palo Alto Networks (Known Signatures) generic.ml 20180516
Panda Trj/WLT.D 20180515
Qihoo-360 Win32/Trojan.Multi.daf 20180516
Rising Spyware.Ursnif!8.1DEF (KTSE) 20180516
Sophos AV Mal/Generic-L 20180515
Symantec Trojan Horse 20180516
Tencent Win32.Trojan-spy.Ursnif.Efkr 20180516
TrendMicro TROJ_GEN.R004C0OA118 20180516
TrendMicro-HouseCall TROJ_GEN.R004C0OA118 20180516
VBA32 TrojanSpy.Ursnif 20180515
VIPRE Trojan.Win32.Generic!BT 20180516
ViRobot Trojan.Win32.S.Agent.1392128.G 20180515
Yandex TrojanSpy.Ursnif!3OpBmFo3pqc 20180513
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.xsu 20180516
Zoner Trojan.Ursnif 20180515
Alibaba 20180516
Avast-Mobile 20180516
Baidu 20180511
Bkav 20180515
ClamAV 20180516
CMC 20180515
Cybereason None
eGambit 20180516
Kingsoft 20180516
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180516
Symantec Mobile Insight 20180516
TheHacker 20180516
TotalDefense 20180516
Trustlook 20180516
Webroot 20180516
Zillya 20180514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2003. All rights reserved.

Product Special
Original name Cameshoulder.exe
Internal name Cameshoulder.exe
File version 5, 2, 1484, 4335
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-07-18 13:20:54
Entry Point 0x0003AFC3
Number of sections 5
PE sections
PE imports
EndPage
RestoreDC
StartDocA
SaveDC
CreateFontIndirectA
ExtTextOutA
Rectangle
GetStdHandle
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
InitializeCriticalSection
TlsGetValue
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
RemoveDirectoryA
HeapSetInformation
EnumSystemLocalesA
WritePrivateProfileSectionW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
GetDateFormatA
OpenProcess
CreateDirectoryA
GetWindowsDirectoryA
GetStartupInfoW
GetProcAddress
HeapValidate
ResetEvent
IsValidLocale
GetUserDefaultLCID
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
HeapCompact
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
OpenMutexA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
AccessibleObjectFromPoint
GetOleaccVersionInfo
AccessibleObjectFromWindow
GetRoleTextA
GetAsyncKeyState
SendDlgItemMessageA
IsClipboardFormatAvailable
UnhookWinEvent
CheckRadioButton
GetWindowTextA
SetClipboardData
UpdateWindow
EnumChildWindows
SendMessageA
SetForegroundWindow
GetClassNameA
FindWindowA
SetWinEventHook
GetMessagePos
GetDC
DestroyWindow
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoRegisterSurrogate
OleSetContainedObject
CoRegisterClassObject
Number of PE resources by type
RT_ICON 12
BIN 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 16
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.1484.4335

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
1128960

EntryPoint
0x3afc3

OriginalFileName
Cameshoulder.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003. All rights reserved.

FileVersion
5, 2, 1484, 4335

TimeStamp
2006:07:18 14:20:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cameshoulder.exe

ProductVersion
5, 2, 1484, 4335

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
308224

ProductName
Special

ProductVersionNumber
5.2.1484.4335

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f7c9892ef5d734c53492401d3dc9ee2e
SHA1 3e5c49c021f71ab4ca9bdc864e0ae2a0376716f1
SHA256 1fa7952beab93e9522021fa7ed2231605a573f3fa3f68f1d5e609673a4321138
ssdeep
12288:KFFgyXmkrdrSI+KHGRbXlA000ZctowYcaXTxjnv4s2eqpOryblI:KF5mkroRKm5lAPGwH2xjv4s8xq

authentihash 38db2b0f42cd6152290caf565b8e94eed2b42e4440be8d6ee38c99fac5298ec2
imphash c5e060b0295ab64d25d502e0eec93862
File size 1.3 MB ( 1392128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-29 14:00:50 UTC ( 4 months, 3 weeks ago )
Last submission 2018-05-16 05:43:22 UTC ( 4 days, 19 hours ago )
File names output.112651709.txt
Cameshoulder.exe
1010-3e5c49c021f71ab4ca9bdc864e0ae2a0376716f1
adprtext.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!