× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f327b5056857c42e65f95fbc57a190aeb296e254d22739e4f269b786034ab36
File name: ورقة حول مجلس القيادة_as‮ fdp.scr
Detection ratio: 48 / 64
Analysis date: 2017-07-20 04:09:29 UTC ( 16 hours, 26 minutes ago )
Antivirus Result Update
AegisLab Troj.W32.VB.bilq!c 20170720
ALYac Backdoor.RAT.DarkComet.gen 20170719
Antiy-AVL Trojan/Win32.VB 20170720
Arcabit Trojan.Kazy.D10A73 20170720
Avast Win32:VB-ACZZ [Trj] 20170720
AVG Win32:VB-ACZZ [Trj] 20170720
Avira (no cloud) TR/Zapchast.CC 20170719
AVware Trojan.Win32.Generic!BT 20170720
BitDefender Gen:Variant.Kazy.68211 20170720
Bkav W32.WatimozD.Trojan 20170719
CAT-QuickHeal Backdoor.Fynloski 20170719
Comodo TrojWare.BAT.Small.~d1 20170720
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20170710
Cylance Unsafe 20170720
Cyren W32/Trojan.XYAP-7436 20170720
DrWeb Trojan.Siggen3.59088 20170720
Emsisoft Gen:Variant.Kazy.68211 (B) 20170720
ESET-NOD32 Win32/Delf.OAZ 20170720
F-Secure Gen:Variant.Kazy.68211 20170720
Fortinet W32/WBNA.IPA!worm 20170720
GData Gen:Variant.Kazy.68211 20170720
Ikarus Trojan.Win32.VB 20170719
Sophos ML heuristic 20170607
Jiangmin Trojan/VB.cklw 20170720
K7AntiVirus Trojan ( 001e5c5d1 ) 20170720
K7GW Trojan ( 001e5c5d1 ) 20170720
Kaspersky Trojan.Win32.VB.bilq 20170720
Kingsoft Win32.Troj.VB.(kcloud) 20170720
McAfee RDN/Generic BackDoor 20170720
McAfee-GW-Edition RDN/Generic BackDoor 20170720
Microsoft Backdoor:Win32/Fynloski.A 20170719
eScan Gen:Variant.Kazy.68211 20170720
NANO-Antivirus Trojan.Win32.VB.pynvt 20170720
Palo Alto Networks (Known Signatures) generic.ml 20170720
Qihoo-360 Win32/Trojan.58b 20170720
Rising Trojan.Generic (cloud:ELIaTg59okM) 20170720
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Mal/Generic-S 20170720
Symantec Backdoor.Breut 20170719
Tencent Win32.Trojan.Vb.Edoh 20170720
TrendMicro BKDR_ZA.D62A3021 20170719
TrendMicro-HouseCall BKDR_ZA.D62A3021 20170720
VBA32 TScope.Trojan.VB 20170719
VIPRE Trojan.Win32.Generic!BT 20170720
Webroot W32.Trojan.Gen 20170720
Yandex Trojan.VB!XHIrSgSulP4 20170719
Zillya Trojan.VB.Win32.79231 20170719
ZoneAlarm by Check Point Trojan.Win32.VB.bilq 20170719
Ad-Aware 20170720
AhnLab-V3 20170719
Alibaba 20170719
Baidu 20170719
ClamAV 20170720
CMC 20170719
Endgame 20170713
F-Prot 20170720
Malwarebytes 20170720
MAX 20170720
nProtect 20170720
Panda 20170719
SUPERAntiSpyware 20170720
Symantec Mobile Insight 20170720
TheHacker 20170719
TotalDefense 20170719
Trustlook 20170720
ViRobot 20170719
WhiteArmor 20170713
Zoner 20170720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command RAR
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-09 13:44:06
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 cce009ae8ff27c66538ab81bf48ca847
File type application/x-rar
Offset 446464
Size 414144
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL DEFAULT 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:01:09 14:44:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0xb3c1

InitializedDataSize
372736

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 8c9f9ccffbd2c888b9b5300412f8e580
SHA1 8712a891daa20aed12ae8f450bbd748362a602e3
SHA256 2f327b5056857c42e65f95fbc57a190aeb296e254d22739e4f269b786034ab36
ssdeep
12288:3xaVAh64U5l085pRq3uDrAzR17Fr59g/X5j:3xaVxr5C85pRq3uDrANxFwBj

authentihash cc2a26690a3c3a635ab9d1c793817124c2dbf1caa888686f728692593c033eca
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 840.4 KB ( 860608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-06-06 06:42:47 UTC ( 5 years, 1 month ago )
Last submission 2016-12-13 11:45:48 UTC ( 7 months, 1 week ago )
File names 2f327b5056857c42e65f95fbc57a190aeb296e254d22739e4f269b786034ab36
ورقة حول مجلس القيادة_as‮ fdp.scr_
fdp.scr
8C9F9CCFFBD2C888B9B5300412F8E580
000000
ورقة حول مجلس القيادة_as‮ fdp.scr
syrianmalware_com.scr
07.exe
???? ??? ???? ???????_as? fdp.scr
8c9f9ccffbd2c888b9b5300412f8e580
as‮ fdp.scr
ورقة حول مجلس القيادة_as‮fdp.scr
PDF.scr
1341415241.ولمجلسالقيادة_as‮fdp.scr
file-4144631_scr
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1014.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!