× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e82c5534c04bcf50c9afb9dd5e28bba23c418fbfa0ffed19645a30de56b25aa
File name: 6305093.scr
Detection ratio: 7 / 54
Analysis date: 2015-11-04 14:06:08 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Avast Win32:Evo-gen [Susp] 20151104
Kaspersky UDS:DangerousObject.Multi.Generic 20151104
McAfee-GW-Edition BehavesLike.Win32.Downloader.nh 20151104
NANO-Antivirus Virus.Win32.Gen.ccmw 20151104
Tencent Win32.Trojan.Fakedoc.Auto 20151104
TrendMicro PAK_Generic.001 20151104
TrendMicro-HouseCall PAK_Generic.001 20151104
Ad-Aware 20151104
AegisLab 20151104
Yandex 20151104
AhnLab-V3 20151104
Alibaba 20151104
ALYac 20151104
Antiy-AVL 20151104
Arcabit 20151104
AVG 20151104
Avira (no cloud) 20151104
AVware 20151104
Baidu-International 20151104
BitDefender 20151104
Bkav 20151104
ByteHero 20151104
CAT-QuickHeal 20151103
ClamAV 20151103
CMC 20151102
Comodo 20151104
Cyren 20151104
DrWeb 20151104
Emsisoft 20151104
ESET-NOD32 20151104
F-Prot 20151104
F-Secure 20151104
Fortinet 20151104
GData 20151104
Ikarus 20151104
Jiangmin 20151104
K7AntiVirus 20151104
K7GW 20151104
Malwarebytes 20151104
McAfee 20151104
Microsoft 20151104
eScan 20151104
nProtect 20151104
Panda 20151104
Rising 20151103
Sophos AV 20151104
SUPERAntiSpyware 20151104
Symantec 20151103
TheHacker 20151103
VBA32 20151104
VIPRE 20151104
ViRobot 20151104
Zillya 20151104
Zoner 20151104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-19 04:04:13
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
GetStartupInfoA
HeapFree
GetModuleHandleA
GetCommandLineW
IsDebuggerPresent
GetTickCount
HeapAlloc
GetModuleFileNameA
GetLocalTime
GetProcessHeap
DragFinish
RegisterClassA
Number of PE resources by type
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
RT_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:10:19 05:04:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6656

LinkerVersion
2.4

EntryPoint
0x1000

InitializedDataSize
24064

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 6a4cce90ba28720fa9e6813f681b1f75
SHA1 cbad9aa42e6f96fb6e311d1733f14375dee76a85
SHA256 2e82c5534c04bcf50c9afb9dd5e28bba23c418fbfa0ffed19645a30de56b25aa
ssdeep
768:Gx6lDGzd10soknZDwFbhTiXPQNb/Li6Uw:+t13ZDoi/QpDiT

authentihash 1b4de802488bd7f0807d7e94718306e297a3f219b28eb73dd7582c6b7bea9d20
imphash 7a58a74773bf1fbb721bf09c4b3176d1
File size 31.0 KB ( 31744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-04 11:44:35 UTC ( 1 year, 11 months ago )
Last submission 2016-09-30 17:47:31 UTC ( 1 year ago )
File names Statements2015.bin
6a4cce90ba28720fa9e6813f681b1f75.scr
1 (17).bin
Statements2015.scr
dwhcb90.scr
6305093.scr
a.exe
dwh7803.scr
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F0D1H00K415.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!