× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a7545d4aeb127eafb8bf15b27f1957fc34f312d65c1918a314a793f4741a585
File name: UPS_Versandschein_5427.exe
Detection ratio: 23 / 57
Analysis date: 2016-04-30 13:59:18 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3188729 20160430
Arcabit Trojan.Generic.D30A7F9 20160430
Avast Win32:Trojan-gen 20160430
AVG Luhe.Fiha.A 20160430
Avira (no cloud) TR/Crypt.ZPACK.xdoy 20160430
BitDefender Trojan.GenericKD.3188729 20160430
DrWeb Trojan.Encoder.761 20160430
Emsisoft Trojan.GenericKD.3188729 (B) 20160430
ESET-NOD32 a variant of Win32/Kryptik.EWAX 20160430
F-Secure Trojan.GenericKD.3188729 20160430
GData Trojan.GenericKD.3188729 20160430
Ikarus Trojan.Win32.Crypt 20160430
Jiangmin Backdoor.Androm.gzz 20160430
Kaspersky Backdoor.Win32.Androm.jofn 20160430
Malwarebytes Ransom.TorrentLocker 20160430
McAfee-GW-Edition BehavesLike.Win32.Almanahe.jh 20160429
eScan Trojan.GenericKD.3188729 20160430
Panda Generic Suspicious 20160430
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160430
Rising Malware.XPACK-HIE/Heur!1.9C48 20160430
Symantec Trojan.Gen.2 20160430
TrendMicro Ransom_CRILOCK.CBQ164T 20160430
TrendMicro-HouseCall Ransom_CRILOCK.CBQ164T 20160430
AegisLab 20160430
AhnLab-V3 20160430
Alibaba 20160429
ALYac 20160430
Antiy-AVL 20160430
AVware 20160430
Baidu 20160429
Baidu-International 20160430
Bkav 20160429
CAT-QuickHeal 20160430
ClamAV 20160429
CMC 20160429
Comodo 20160430
Cyren 20160430
F-Prot 20160430
Fortinet 20160430
K7AntiVirus 20160430
K7GW 20160430
Kingsoft 20160430
McAfee 20160430
Microsoft 20160430
NANO-Antivirus 20160430
nProtect 20160429
Sophos AV 20160430
SUPERAntiSpyware 20160430
Tencent 20160430
TheHacker 20160429
TotalDefense 20160430
VBA32 20160429
VIPRE 20160430
ViRobot 20160430
Yandex 20160429
Zillya 20160430
Zoner 20160430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-30 10:08:02
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
ReadEncryptedFileRaw
RegCloseKey
LookupAccountSidW
RegQueryValueExA
SetEntriesInAclW
GetAce
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegRestoreKeyW
WriteEncryptedFileRaw
InitializeSecurityDescriptor
DecryptFileW
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
RegFlushKey
RegisterEventSourceW
OpenProcessToken
QueryServiceStatus
RegConnectRegistryW
AddAccessAllowedAce
RegOpenKeyExW
SetFileSecurityW
CloseEncryptedFileRaw
RegReplaceKeyW
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
GetUserNameW
GetSecurityDescriptorDacl
RegEnumKeyExW
OpenThreadToken
EncryptFileW
RegLoadKeyW
OpenEncryptedFileRawW
DeleteAce
RegDeleteValueW
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
RegSaveKeyW
EqualSid
RegUnLoadKeyW
FreeSid
ReportEventW
ImageList_GetImageCount
InitCommonControlsEx
ImageList_AddMasked
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW
ImageList_GetIcon
ImageList_ReplaceIcon
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
SetMetaRgn
Polygon
CreateFontIndirectW
PatBlt
GetTextCharset
CombineRgn
GdiConvertEnhMetaFile
Rectangle
GetMetaFileW
EngTextOut
GetMapMode
SetMetaFileBitsEx
StartPage
DeleteObject
GetObjectW
BitBlt
CreateMetaFileA
EnableEUDC
CreateBitmap
CreateCompatibleDC
DeviceCapabilitiesExA
ArcTo
CreateRectRgn
EngLineTo
SelectObject
CreateCompatibleBitmap
Escape
GetTextExtentPoint32W
ColorCorrectPalette
GetVolumePathNameW
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
SetFileTime
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
GetTapeParameters
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
RtlZeroMemory
UnhandledExceptionFilter
SetErrorMode
GetFileInformationByHandle
GetTapePosition
GetLocaleInfoW
WideCharToMultiByte
WriteFile
FindNextVolumeMountPointW
GetSystemTimeAsFileTime
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
SetLocaleInfoA
GetLogicalDriveStringsW
FindClose
FormatMessageA
SetFileAttributesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
FindFirstVolumeMountPointW
IsDebuggerPresent
HeapAlloc
RemoveDirectoryA
VerSetConditionMask
SetFileShortNameW
GetVolumeInformationW
MultiByteToWideChar
VerifyVersionInfoW
GetPrivateProfileStringW
GetModuleHandleA
_lclose
EraseTape
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
GetVolumeNameForVolumeMountPointW
ExitThread
PrepareTape
TerminateProcess
CreateSemaphoreW
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
CreateEventW
SetEndOfFile
BackupSeek
GetCurrentThreadId
OpenJobObjectA
GetNumberFormatW
ReadConsoleOutputA
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
SetTapeParameters
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LoadLibraryA
GetStartupInfoA
Heap32ListFirst
GetWindowsDirectoryW
GetFileSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
FindVolumeMountPointClose
GetProcAddress
GetProcessHeap
GetComputerNameW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
BackupWrite
CreateHardLinkW
DeleteFileW
FindFirstFileW
GetUserDefaultLCID
lstrcmpi
GetTimeZoneInformation
CreateFileW
WriteProfileSectionW
DeleteTimerQueueEx
LocalUnlock
GetCurrencyFormatW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalFree
GetTapeStatus
CompareStringW
LockFile
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetTapePosition
GetCompressedFileSizeW
MapUserPhysicalPages
GetCurrentDirectoryA
HeapSize
BackupRead
SetThreadAffinityMask
WritePrivateProfileStringW
WriteTapemark
ReleaseSemaphore
SetFilePointer
ReadFile
CloseHandle
GetModuleHandleW
SetCommConfig
GetLocalTime
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
CompareStringA
ExtractIconA
SHQueryRecycleBinW
ExtractAssociatedIconExW
SHBrowseForFolderW
SHFileOperation
SHLoadNonloadedIconOverlayIdentifiers
ShellAboutA
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHCreateDirectoryExA
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
SHAppBarMessage
SHFormatDrive
DragAcceptFiles
SHIsFileAvailableOffline
SHBrowseForFolder
SHFreeNameMappings
SHGetSpecialFolderPathW
SHGetFolderPathW
CheckEscapesW
ExtractIconExA
ShellExecuteW
ExtractIconExW
SHGetSpecialFolderLocation
SHGetDataFromIDListA
ShellExecuteA
Shell_NotifyIcon
StrRStrIW
StrChrA
StrChrIW
EnumWindowStationsA
LoadBitmapW
ChangeDisplaySettingsW
SetUserObjectSecurity
EnumDesktopsW
PostQuitMessage
BroadcastSystemMessageW
LockSetForegroundWindow
SetWindowPos
IsWindow
ClientToScreen
WindowFromPoint
CopyRect
GetClipboardSequenceNumber
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
SendMessageW
UnregisterClassA
DefFrameProcA
UnregisterClassW
GetClientRect
InSendMessage
CallNextHookEx
LoadImageW
ChangeDisplaySettingsExA
GetActiveWindow
ShowCursor
GetWindowTextW
GetWindowTextLengthW
InvalidateRgn
DdeQueryStringA
DestroyWindow
GetParent
UpdateWindow
SetClassLongW
ShowWindow
GetNextDlgGroupItem
CreateIconFromResourceEx
IsCharAlphaW
PeekMessageW
CreateIconFromResource
EnableWindow
ChildWindowFromPoint
GetWindow
GetMenuBarInfo
GetIconInfo
SetParent
LoadStringW
DdeConnect
EnableMenuItem
GetPriorityClipboardFormat
SetTimer
FlashWindow
CreateAcceleratorTableW
DdeCreateDataHandle
CloseWindow
RealChildWindowFromPoint
GetWindowLongW
CharNextW
GetDoubleClickTime
GetMonitorInfoW
IsIconic
SystemParametersInfoW
DefWindowProcW
KillTimer
DefMDIChildProcA
DrawFocusRect
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
IsDialogMessage
SetCapture
SetWindowLongA
SendDlgItemMessageW
PostMessageW
DrawCaption
CreateDialogParamW
GetSubMenu
SetWindowTextW
GetDlgItem
BringWindowToTop
ScreenToClient
LoadIconA
GetMenuItemCount
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
ExitWindowsEx
GetAsyncKeyState
GetCaretBlinkTime
ReleaseDC
HideCaret
CreateIconIndirect
GetCapture
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
GetMenu
UnhookWindowsHookEx
LoadKeyboardLayoutW
AppendMenuW
GetWindowDC
GetSysColor
SendMessageCallbackW
GetKeyState
wvsprintfW
SetClassWord
DestroyIcon
DdeQueryNextServer
IsWindowVisible
DdeNameService
IsCharAlphaNumericW
MonitorFromWindow
DeleteMenu
InvalidateRect
DrawTextA
TranslateAcceleratorA
BlockInput
GetFocus
wsprintfW
DefDlgProcW
LookupIconIdFromDirectory
SetCursor
_purecall
__wgetmainargs
malloc
_putenv
__p__fmode
wprintf
_wfopen
_wcsnicmp
__dllonexit
_open_osfhandle
_snwprintf
fread
wcstok
_wcsupr
fflush
_onexit
_vsnwprintf
_cexit
wcslen
_c_exit
wcscpy
clearerr
wcscmp
_errno
_tzset
fseek
__p__commode
_mbslen
_wcsicmp
_getpid
_wcsdup
mktime
ftell
isalpha
wcsncat
_XcptFilter
_ftol
exit
__setusermatherr
_local_unwind2
wcsncpy
_wcmdln
__CxxFrameHandler
_mbscpy
_CxxThrowException
wcspbrk
_fdopen
fclose
_adjust_fdiv
time
_wcsrev
_filelength
wcscat
wcsncmp
free
_except_handler3
calloc
realloc
_exit
_wcslwr
memmove
localtime
isspace
swscanf
wcsrchr
wcschr
swprintf
fwrite
wcsstr
_initterm
_controlfp
_wtoi
__set_app_type
CoInitializeEx
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_BITMAP 11
RT_RCDATA 7
RT_ICON 3
MAD 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 20
CHINESE SIMPLIFIED 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:30 11:08:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
414208

LinkerVersion
9.0

EntryPoint
0x1000

InitializedDataSize
212992

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 d14b8cec71802e4d3b247e915a4c2a11
SHA1 00133f41559c521658a88e4afe775d48f8ea3bd2
SHA256 3a7545d4aeb127eafb8bf15b27f1957fc34f312d65c1918a314a793f4741a585
ssdeep
12288:FXkXqq63Uj1T072/v0UKNM/n5tZfegX0Qw/BGHZXqHpHIIFa:rG1Tc2/vaNM/HZmgS/+I0

authentihash 4a5f704984b91619a9e5c3586fcaa65693c1edb91920b70f86433d1416a46f30
imphash 2c03ed18121f4070b11bd0c3c09fc264
File size 613.0 KB ( 627712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-29 10:50:53 UTC ( 2 years, 10 months ago )
Last submission 2016-05-06 11:48:18 UTC ( 2 years, 10 months ago )
File names POCZTA_TRACK.exe
UPS_Versandschein_5427.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications