× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 29fc65f7ff2427124d68c6b003adb8dade3321110fcddabb17636124c1c9e4b5
File name: PostalReceipt.exe
Detection ratio: 32 / 46
Analysis date: 2013-01-31 20:21:46 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Downloader/Win32.Kuluoz 20130131
AntiVir TR/Dldr.Kuluoz.amg.1 20130131
Avast Win32:Malware-gen 20130131
AVG Generic31.SOL 20130131
BitDefender Trojan.Agent.AYBC 20130131
CAT-QuickHeal TrojanDownloader.Kuluoz.b 20130131
Comodo TrojWare.Win32.Trojan.Agent.Gen 20130131
DrWeb BackDoor.Kuluoz.3 20130131
Emsisoft Trojan-Downloader.Win32.Kuluoz (A) 20130131
ESET-NOD32 Win32/TrojanDownloader.Zortob.B 20130131
F-Secure Trojan.Agent.AYBC 20130131
Fortinet W32/KULUOZ.SM1!tr 20130131
GData Trojan.Agent.AYBC 20130131
Ikarus Trojan.Win32.Weelsof 20130131
Kaspersky Trojan-Downloader.Win32.Kuluoz.amg 20130131
Kingsoft Win32.TrojDownloader.Kuluoz.a.(kcloud) 20130131
Malwarebytes Email.FakeMS 20130131
McAfee Downloader-FGP 20130131
McAfee-GW-Edition Downloader-FGP 20130131
Microsoft TrojanDownloader:Win32/Kuluoz.B 20130131
eScan Trojan.Agent.AYBC 20130131
NANO-Antivirus Trojan.Win32.Kuluoz.bffcoa 20130131
Norman Suspicious_Gen4.CDWJA 20130131
nProtect Trojan/W32.Agent.51712.AKO 20130131
Panda Trj/OCJ.C 20130131
PCTools Trojan.Smoaler 20130131
Sophos AV Mal/Weelsof-A 20130131
Symantec Trojan.Smoaler!gen4 20130131
TheHacker Posible_Worm32 20130131
TrendMicro TROJ_KULUOZ.SM1 20130131
TrendMicro-HouseCall TROJ_GEN.F47V0122 20130131
VIPRE Trojan.Win32.Generic!BT 20130131
Yandex 20130131
Antiy-AVL 20130131
ByteHero 20130131
ClamAV 20130131
Commtouch 20130131
eSafe 20130131
F-Prot 20130131
Jiangmin 20121221
K7AntiVirus 20130131
Rising 20130131
SUPERAntiSpyware 20130131
TotalDefense 20130131
VBA32 20130131
ViRobot 20130131
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-22 21:11:37
Entry Point 0x00021290
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
PtInRect
Ord(192)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:01:22 22:11:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
7.1

EntryPoint
0x21290

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
86016

Compressed bundles
File identification
MD5 980ffe6cee6ad5a197fbebdeeac9df57
SHA1 b792f92682d4f07dc71fdca4d997c93bc7470a9d
SHA256 29fc65f7ff2427124d68c6b003adb8dade3321110fcddabb17636124c1c9e4b5
ssdeep
1536:9weH8Z4crfYlV2Y2SKmFq+GWfdykxNTaPNKaWRR:SeH8Z4cZY73q+GYwkxRaJE

authentihash a988c3684608d8eb3ff70aa4d4ecedebffce36d024f2d2ff10e738b6b43a7ebd
imphash 9160e45dd5c217d77c35a37bca698322
File size 50.5 KB ( 51712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (36.5%)
UPX compressed Win32 Executable (26.8%)
Win32 EXE Yoda's Crypter (23.3%)
Win32 Dynamic Link Library (generic) (5.7%)
Win32 Executable (generic) (3.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-01-22 12:28:26 UTC ( 6 years, 4 months ago )
Last submission 2015-06-12 10:14:50 UTC ( 3 years, 11 months ago )
File names PostalReceipt(6).zip
sqtkumxu.exe
PostalReceipt.exe.vir
xiwfdjxs.exe
smona_29fc65f7ff2427124d68c6b003adb8dade3321110fcddabb17636124c1c9e4b5.bin
kpbxwrck.exe
file-5045564_exe
005026656
PostalReceipt.exe
ccmvubbl.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs