× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2969c4b0d30f1696620e1e94f21e27a6952b43b80370759224dbbcc9659090f2
File name: Adres_Degisikligi_Form.exe
Detection ratio: 1 / 57
Analysis date: 2015-09-08 14:15:21 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Rising PE:Malware.FakePDF@CV!1.9E05[F1] 20150906
Ad-Aware 20150908
AegisLab 20150908
Yandex 20150908
AhnLab-V3 20150908
Alibaba 20150902
ALYac 20150908
Antiy-AVL 20150908
Arcabit 20150905
Avast 20150908
AVG 20150908
Avira (no cloud) 20150908
AVware 20150901
Baidu-International 20150908
BitDefender 20150908
Bkav 20150908
ByteHero 20150908
CAT-QuickHeal 20150908
ClamAV 20150908
CMC 20150908
Comodo 20150908
Cyren 20150908
DrWeb 20150908
Emsisoft 20150908
ESET-NOD32 20150908
F-Prot 20150908
F-Secure 20150908
Fortinet 20150908
GData 20150908
Ikarus 20150908
Jiangmin 20150907
K7AntiVirus 20150908
K7GW 20150908
Kaspersky 20150908
Kingsoft 20150908
Malwarebytes 20150908
McAfee 20150908
McAfee-GW-Edition 20150907
Microsoft 20150908
eScan 20150908
NANO-Antivirus 20150908
nProtect 20150908
Panda 20150908
Qihoo-360 20150908
Sophos AV 20150908
SUPERAntiSpyware 20150908
Symantec 20150907
Tencent 20150908
TheHacker 20150907
TotalDefense 20150908
TrendMicro 20150908
TrendMicro-HouseCall 20150908
VBA32 20150907
VIPRE 20150908
ViRobot 20150908
Zillya 20150908
Zoner 20150908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-09 11:02:58
Entry Point 0x0000D9B6
Number of sections 4
PE sections
Overlays
MD5 ff4f79e2de815847c747569ac6028dfb
File type data
Offset 458752
Size 173002
Entropy 7.95
PE imports
LsaFreeMemory
Ord(3)
PropertySheetA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
FlatSB_SetScrollInfo
FlatSB_GetScrollProp
PropertySheetW
Ord(6)
Ord(17)
Ord(5)
UninitializeFlatSB
FlatSB_GetScrollInfo
ImageList_GetDragImage
ImageList_ReplaceIcon
FlatSB_SetScrollProp
ImageList_DrawIndirect
ImageList_Merge
ImageList_DrawEx
ImageList_SetIconSize
Ord(13)
FlatSB_ShowScrollBar
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_Draw
DestroyPropertySheetPage
ImageList_DragLeave
Ord(4)
FlatSB_SetScrollPos
ImageList_GetImageInfo
ImageList_DragEnter
InitCommonControlsEx
ImageList_DragMove
ImageList_LoadImageW
ImageList_LoadImageA
CreatePropertySheetPageW
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Remove
CreatePropertySheetPageA
ImageList_Copy
Ord(8)
ImageList_EndDrag
DeviceIoControl
GetStartupInfoA
GetModuleHandleA
LoadLibraryW
EnumResourceNamesW
GetVolumeInformationW
GetProfileStringA
HeapSize
DefineDosDeviceA
AddAtomW
Ord(324)
Ord(3825)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(1775)
Ord(4425)
Ord(4627)
Ord(3597)
Ord(1168)
Ord(4853)
Ord(6375)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(5199)
Ord(1576)
Ord(1089)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(3081)
Ord(2648)
Ord(4407)
Ord(5289)
Ord(3922)
Ord(4079)
Ord(5714)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(2446)
Ord(2396)
Ord(5300)
Ord(6376)
Ord(561)
Ord(3831)
Ord(3346)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(2385)
Ord(2976)
Ord(2985)
Ord(4234)
Ord(815)
Ord(4486)
Ord(641)
Ord(3830)
Ord(3738)
Ord(4698)
Ord(4998)
Ord(5163)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(4673)
Ord(2554)
Ord(4353)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(5731)
WNetGetLastErrorA
MultinetGetConnectionPerformanceW
WNetEnumResourceA
WNetGetNetworkInformationA
WNetAddConnection3W
WNetDisconnectDialog
WNetAddConnectionW
WNetConnectionDialog1W
WNetEnumResourceW
WNetGetLastErrorW
WNetGetConnectionA
WNetAddConnection3A
WNetCloseEnum
_except_handler3
_acmdln
__p__fmode
__CxxFrameHandler
_adjust_fdiv
__setusermatherr
__p__commode
_setmbcp
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
_exit
__set_app_type
EnableWindow
Number of PE resources by type
RT_ACCELERATOR 13
RT_ICON 10
RT_DIALOG 9
RT_GROUP_ICON 4
RT_MENU 3
RT_VERSION 1
Number of PE resources by language
BULGARIAN DEFAULT 15
NEUTRAL 13
ENGLISH ARABIC QATAR 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

FileOS
Win32

TimeStamp
2008:12:09 12:02:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
6.0

FileSubtype
0

ProductVersionNumber
0.126.11.215

FileTypeExtension
exe

InitializedDataSize
401408

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileVersionNumber
0.117.126.162

EntryPoint
0xd9b6

UninitializedDataSize
0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 20d98e159096aabe3e2ccb0f774fb1fa
SHA1 2055d66b0f8dd425c83b4cff67e55ffe32ba6d90
SHA256 2969c4b0d30f1696620e1e94f21e27a6952b43b80370759224dbbcc9659090f2
ssdeep
12288:m7XCv3YV0SYQAFpERpOBhYBo/P2wDufaIw9XCc+8/:mjCvsnYQAFqRgBhYi/PnmVw9yg/

authentihash a3a85cbd7651427132a1bf692b3f72f0ae2ba779af8a662f3617eb4c7cc163a0
imphash f6adb49864545c1fcab25419daf7dc8d
File size 616.9 KB ( 631754 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-08 14:15:21 UTC ( 3 years, 6 months ago )
Last submission 2015-09-16 19:33:48 UTC ( 3 years, 6 months ago )
File names Adres_Degisikligi_Form.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs