× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e5b0cb5f3b99243bea3c4c45fe139d99124afce8d088146956a9cc8c234c7ed
File name: Fax_938_391102933_1245561.scr
Detection ratio: 6 / 53
Analysis date: 2014-05-28 12:23:04 UTC ( 4 years, 12 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen 20140528
ESET-NOD32 Win32/TrojanDownloader.Waski.D 20140528
GData Win32.Trojan.Zbot.BL 20140528
Qihoo-360 HEUR/Malware.QVM07.Gen 20140528
TrendMicro-HouseCall TROJ_GEN.F47V0528 20140528
VIPRE Trojan.Win32.Generic.pak!cobra 20140528
Ad-Aware 20140528
AegisLab 20140528
Yandex 20140527
AhnLab-V3 20140528
Antiy-AVL 20140528
Avast 20140528
AVG 20140528
Baidu-International 20140528
BitDefender 20140528
Bkav 20140528
ByteHero 20140528
CAT-QuickHeal 20140528
ClamAV 20140528
CMC 20140528
Commtouch 20140528
Comodo 20140528
DrWeb 20140528
Emsisoft 20140528
F-Prot 20140528
F-Secure 20140528
Fortinet 20140528
Ikarus 20140528
Jiangmin 20140528
K7AntiVirus 20140527
K7GW 20140527
Kaspersky 20140528
Kingsoft 20140528
Malwarebytes 20140528
McAfee 20140528
McAfee-GW-Edition 20140528
Microsoft 20140528
eScan 20140528
NANO-Antivirus 20140528
Norman 20140528
nProtect 20140528
Panda 20140528
Rising 20140528
Sophos AV 20140528
SUPERAntiSpyware 20140528
Symantec 20140528
Tencent 20140528
TheHacker 20140528
TotalDefense 20140528
TrendMicro 20140528
VBA32 20140527
ViRobot 20140528
Zillya 20140528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-27 21:29:47
Entry Point 0x00001013
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
EnterCriticalSection
GetOEMCP
IsDebuggerPresent
EncodePointer
TlsAlloc
VirtualProtect
RtlUnwind
GetCurrentProcess
LoadLibraryExA
LoadLibraryExW
GetStartupInfoW
GetSystemPowerStatus
GetProcessHeap
GetCPInfo
TlsFree
GetModuleHandleA
IsProcessorFeaturePresent
GetACP
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
OutputDebugStringW
VirtualFree
TlsGetValue
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:27 22:29:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
11.0

FileTypeExtension
exe

InitializedDataSize
13824

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1013

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 de73adfa3285c1b0c12ced5ee29b3f0d
SHA1 0d1085481f7f1b7aa79dd288260284e5e95492fa
SHA256 2e5b0cb5f3b99243bea3c4c45fe139d99124afce8d088146956a9cc8c234c7ed
ssdeep
384:2Mv0aVJOt2obD3/HhzF8N+HBnFIy+YPe6xagk58sCub2R:373OtJDvhzNsyXk58sCuSR

authentihash 23aed330fe994564a325392178626739ab9d4ca43adcc0a86090be47bd0c8fdf
imphash bbc712c81dbe5f313d887223f25de84e
File size 22.5 KB ( 23040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-28 09:18:13 UTC ( 4 years, 12 months ago )
Last submission 2018-10-09 11:27:30 UTC ( 7 months, 2 weeks ago )
File names Secure Message.scr
file-7059185_scr
de73adfa3285c1b0c12ced5ee29b3f0d.scr
008104971
SNdl6.pps
2e5b0cb5f3b99243bea3c4c45fe139d99124afce8d088146956a9cc8c234c7ed.bin
Fax_938_391102933_1245561.scr
16.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications