× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2899cccc3e5f9bc08ceceaee4408f73d9b6257b591590698a33b331043a7ab3b
File name: 4516873
Detection ratio: 11 / 59
Analysis date: 2017-02-18 13:27:16 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[Ransom]/Win32.Shade 20170218
AVG FileCryptor.NXC 20170218
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb BackDoor.Siggen.60255 20170218
Endgame malicious (high confidence) 20170217
ESET-NOD32 a variant of Win32/GenKryptik.VDF 20170218
Fortinet W32/Injector.DLHI!tr 20170218
Sophos ML trojan.win32.skeeyah.a!rfn 20170203
Kaspersky UDS:DangerousObject.Multi.Generic 20170218
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20170218
Symantec ML.Attribute.HighConfidence 20170217
Ad-Aware 20170218
AegisLab 20170218
AhnLab-V3 20170218
Alibaba 20170217
ALYac 20170218
Arcabit 20170218
Avast 20170218
Avira (no cloud) 20170218
AVware 20170218
Baidu 20170217
BitDefender 20170218
Bkav 20170218
CAT-QuickHeal 20170217
ClamAV 20170218
CMC 20170218
Comodo 20170218
Cyren 20170218
Emsisoft 20170218
F-Prot 20170218
F-Secure 20170218
GData 20170218
Ikarus 20170218
Jiangmin 20170218
K7AntiVirus 20170218
K7GW 20170218
Kingsoft 20170218
Malwarebytes 20170218
McAfee 20170218
McAfee-GW-Edition 20170217
Microsoft 20170218
eScan 20170218
NANO-Antivirus 20170218
nProtect 20170218
Panda 20170218
Rising 20170218
Sophos AV 20170218
SUPERAntiSpyware 20170218
Tencent 20170218
TheHacker 20170217
TotalDefense 20170218
TrendMicro 20170218
TrendMicro-HouseCall 20170218
Trustlook 20170218
VBA32 20170217
VIPRE 20170218
ViRobot 20170218
Webroot 20170218
WhiteArmor 20170215
Yandex 20170217
Zillya 20170218
Zoner 20170218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-04 15:54:59
Entry Point 0x000071CF
Number of sections 4
PE sections
PE imports
RegEnumKeyA
RegOpenKeyA
SetBkMode
SetTextColor
CreateBitmap
SetStdHandle
GetSystemTimeAdjustment
GetStartupInfoA
TerminateProcess
GetModuleHandleA
CreateFileA
DeleteFileW
GetModuleFileNameA
GetStringTypeW
SetCurrentDirectoryA
GetCurrentThread
Ord(1775)
Ord(2438)
Ord(4080)
Ord(5252)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(1089)
Ord(6375)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4964)
Ord(6215)
Ord(4529)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(796)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(4696)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4220)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(1727)
Ord(823)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(3654)
Ord(3749)
Ord(4610)
Ord(4899)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(1726)
Ord(560)
Ord(6336)
Ord(2584)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(4961)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(2510)
Ord(4457)
Ord(1776)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(2512)
Ord(652)
Ord(4387)
Ord(4420)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4615)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4543)
Ord(4486)
Ord(2879)
Ord(4723)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(5731)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(4531)
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
EndPaint
UpdateWindow
EnableWindow
SetMenu
PostQuitMessage
SetCaretPos
FindWindowW
MessageBoxA
PeekMessageA
FlashWindow
ShowWindow
mciSendStringA
Number of PE resources by type
RT_STRING 13
RT_ICON 5
RT_GROUP_ICON 3
RT_MENU 2
RT_DIALOG 1
RMVB 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
Number of PE resources by language
CHINESE SIMPLIFIED 25
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
561152

EntryPoint
0x71cf

OriginalFileName
FullScreen.EXE

MIMEType
application/octet-stream

LegalCopyright
(C) 2003

FileVersion
1, 0, 0, 1

TimeStamp
2017:02:04 16:54:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FullScreen

ProductVersion
1, 0, 0, 1

FileDescription
FullScreen Microsoft

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
268464128

ProductName
FullScreen

ProductVersionNumber
1.0.0.1

Warning
Error processing PE data dictionary

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cfccc32ddec14304a8f476ad6ee13a1e
SHA1 5d262948b86a39f27e889db9cc9160649dc98e56
SHA256 2899cccc3e5f9bc08ceceaee4408f73d9b6257b591590698a33b331043a7ab3b
ssdeep
12288:9UZHS3qDQBBuTqhsI8+xcCBVaB+hOUsr2Gmy374YFSM7Fdi+Bzt:6s08VhHFYUBy3744F

authentihash d547900f21f62625c5606ea93d30d5962b3469f0f8ae328b86cc03f18b998730
imphash ce498f9bc2ce4ba434888c0406f7ac2b
File size 580.0 KB ( 593920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-18 13:27:16 UTC ( 1 year, 12 months ago )
Last submission 2017-02-18 13:27:16 UTC ( 1 year, 12 months ago )
File names 4516873
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications