× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3ddc64cb76d13b7234128dfa14221872806539b76bb2f09505254fe546da4c93
File name: iate.bmp.exe
Detection ratio: 51 / 67
Analysis date: 2018-02-16 14:53:33 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Midie.34823 20180216
AegisLab Troj.W32.Generic!c 20180216
ALYac Gen:Variant.Midie.34823 20180216
Antiy-AVL Trojan/Win32.AGeneric 20180216
Arcabit Trojan.Midie.D8807 20180216
Avast FileRepMetagen [Malware] 20180216
AVG FileRepMetagen [Malware] 20180216
Avira (no cloud) DR/Delphi.Gen 20180216
AVware Trojan.Win32.Generic!BT 20180216
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9991 20180208
BitDefender Gen:Variant.Midie.34823 20180216
Bkav W32.WmpskAZ.Trojan 20180212
ClamAV Win.Trojan.Agent-1019227 20180216
Comodo UnclassifiedMalware 20180216
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180216
Cyren W32/DelfInject.A.gen!Eldorado 20180216
DrWeb Trojan.DownLoader6.6423 20180216
Emsisoft Gen:Variant.Midie.34823 (B) 20180216
Endgame malicious (high confidence) 20180214
ESET-NOD32 a variant of Win32/Spy.Banker.WTP 20180216
F-Prot W32/DelfInject.A.gen!Eldorado 20180216
F-Secure Gen:Variant.Midie.34823 20180216
Fortinet W32/Sasfis.CZB!tr 20180216
GData Gen:Variant.Midie.34823 20180216
Ikarus Virus.Win32.DelfInject 20180216
Sophos ML heuristic 20180121
Jiangmin Trojan/Delf.uyx 20180216
Kaspersky HEUR:Trojan.Win32.Generic 20180216
Kingsoft Win32.Troj.Undef.(kcloud) 20180216
MAX malware (ai score=99) 20180216
McAfee PWS-Banker.gen.ap 20180216
McAfee-GW-Edition PWS-Banker.gen.ap 20180216
Microsoft Trojan:Win32/Bagsu!rfn 20180216
eScan Gen:Variant.Midie.34823 20180216
NANO-Antivirus Trojan.Win32.Dwn.rifkq 20180216
Panda Trj/Genetic.gen 20180216
Qihoo-360 HEUR/QVM05.1.Malware.Gen 20180216
Rising Spyware.Banker!8.8D (TFE:5:cjAYpGrlhfE) 20180216
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/ArchSMS-A 20180216
Symantec Trojan.Gen 20180216
Tencent Win32.Trojan.Agent.Wlfp 20180216
TrendMicro TROJ_GEN.R002C0CBF18 20180216
TrendMicro-HouseCall TROJ_GEN.R002C0CBF18 20180216
VBA32 suspected of Trojan-Dropper.Agent.109 20180216
VIPRE Trojan.Win32.Generic!BT 20180216
Webroot W32.Trojan.Gen 20180216
Yandex TrojanSpy.Banker!13sTRi1nGH8 20180216
Zillya Trojan.Banker.Win32.59230 20180216
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180216
AhnLab-V3 20180216
Alibaba 20180209
Avast-Mobile 20180216
CAT-QuickHeal 20180216
CMC 20180216
Cybereason None
eGambit 20180216
K7AntiVirus 20180216
K7GW 20180216
Malwarebytes 20180216
nProtect 20180216
Palo Alto Networks (Known Signatures) 20180216
SUPERAntiSpyware 20180216
Symantec Mobile Insight 20180215
TheHacker 20180213
TotalDefense 20180216
Trustlook 20180216
ViRobot 20180216
WhiteArmor 20180205
Zoner 20180216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-04 17:43:23
Entry Point 0x00087A4C
Number of sections 9
PE sections
Overlays
MD5 37bc2f9dd00df408c4e21730fbd373da
File type data
Offset 638464
Size 638574
Entropy 8.00
PE imports
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
ImageList_Write
ImageList_Read
ImageList_BeginDrag
ImageList_Destroy
_TrackMouseEvent
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_Draw
ImageList_GetIconSize
ImageList_Remove
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DrawEx
ImageList_GetBkColor
ImageList_Add
ImageList_SetIconSize
ImageList_Create
ImageList_DragEnter
ImageList_EndDrag
GetDIBColorTable
GetWindowOrgEx
PatBlt
GetClipBox
GetRgnBox
SaveDC
GetCurrentPositionEx
CreateFontIndirectA
GetTextMetricsA
MaskBlt
SetStretchBltMode
GetPixel
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
CreateSolidBrush
IntersectClipRect
CreateHalftonePalette
CreateDIBSection
RealizePalette
SetTextColor
GetDeviceCaps
MoveToEx
BitBlt
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
GetDIBits
SetBrushOrgEx
GetDCOrgEx
GetBrushOrgEx
StretchBlt
GetBitmapBits
CreateCompatibleDC
SetROP2
SelectObject
GetTextExtentPoint32A
GetPaletteEntries
SetDIBColorTable
CreateBrushIndirect
SetWindowOrgEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
CreatePenIndirect
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
GetLocalTime
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetThreadContext
SetFileAttributesA
GetTempPathA
WideCharToMultiByte
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
GetFullPathNameA
SetEvent
MoveFileA
ResumeThread
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
FormatMessageA
InitializeCriticalSection
WriteProcessMemory
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
RaiseException
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GetExitCodeThread
GlobalAddAtomA
MulDiv
ExitThread
SetThreadContext
VirtualQuery
SetEndOfFile
GetVersion
InterlockedIncrement
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
ReadProcessMemory
GetProcAddress
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
GetTimeZoneInformation
CreateEventA
CopyFileA
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
VirtualAllocEx
lstrlenA
GetThreadLocale
WinExec
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCPInfo
GetCommandLineA
QueryPerformanceFrequency
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
CreateProcessA
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ResetEvent
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
RedrawWindow
GetMessagePos
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
SetScrollPos
CallNextHookEx
GetKeyboardState
ClientToScreen
GetTopWindow
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
PeekMessageW
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
GetIconInfo
LoadStringA
SetParent
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
IsWindowUnicode
GetWindowLongW
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
GetKeyboardLayoutNameA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
MapWindowPoints
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
GetScrollRange
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateWindowExA
ScreenToClient
GetClassLongA
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
IsDialogMessageW
GetSystemMenu
GetDC
SetForegroundWindow
CharToOemA
DrawTextA
IntersectRect
GetScrollInfo
GetKeyboardLayout
GetCapture
WaitMessage
FindWindowA
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
GetMenu
DestroyIcon
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
EnableMenuItem
GetKeyNameTextA
IsWindowVisible
GetDCEx
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CreateIcon
IsRectEmpty
GetCursor
GetFocus
CreateMenu
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_STRING 20
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 4
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 24
ENGLISH US 14
PORTUGUESE BRAZILIAN 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:05:04 18:43:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
551936

LinkerVersion
2.25

EntryPoint
0x87a4c

InitializedDataSize
85504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 640df7f1cb08c32b068ee07ffeaff8e2
SHA1 8622b368f4481fdb232b1a59762f6466a0d9d819
SHA256 3ddc64cb76d13b7234128dfa14221872806539b76bb2f09505254fe546da4c93
ssdeep
24576:kW2DayNbhAvgGP05vWmQi6rl2gt6IjKYgmU93QOeTTF1WrkRELqUXr29:kVNerlLt6Ij1gmaPYTFgrLqm29

authentihash f076af119d5d4ea343c58d29ebcf569b461e66d61f68f4981366ed9f224e4000
imphash 3801f0c4b4428ba86f4c459c8b3ef730
File size 1.2 MB ( 1277038 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (33.3%)
Win32 EXE PECompact compressed (generic) (32.2%)
Win32 Executable Delphi generic (10.9%)
Windows screen saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Tags
bobsoft peexe overlay

VirusTotal metadata
First submission 2012-05-08 18:23:51 UTC ( 6 years, 1 month ago )
Last submission 2018-02-16 14:53:33 UTC ( 4 months ago )
File names 640df7f1cb08c32b068ee07ffeaff8e2
aa
iate.bmp.exe
3ddc64cb76d13b7234128dfa14221872806539b76bb2f09505254fe546da4c93.vir
8622b368f4481fdb232b1a59762f6466a0d9d819.exe
iate.bmp.exe.vir
iate.bmp
Ixi31.pps
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!