× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47de271bdf0bbe10f19cff2bb53846ba805824cf18a00577d0ea9dcce4585d00
File name: Amendment or the Agreement_09-11-2015.scr
Detection ratio: 2 / 54
Analysis date: 2015-11-09 12:39:06 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151109
Qihoo-360 QVM20.1.Malware.Gen 20151109
AegisLab 20151109
Yandex 20151108
AhnLab-V3 20151109
Alibaba 20151109
ALYac 20151109
Antiy-AVL 20151109
Arcabit 20151109
Avast 20151109
AVG 20151109
Avira (no cloud) 20151109
AVware 20151109
Baidu-International 20151109
BitDefender 20151109
Bkav 20151109
ByteHero 20151109
CAT-QuickHeal 20151109
ClamAV 20151109
CMC 20151109
Comodo 20151109
Cyren 20151109
DrWeb 20151109
Emsisoft 20151109
ESET-NOD32 20151109
F-Prot 20151109
F-Secure 20151109
Fortinet 20151109
GData 20151109
Ikarus 20151109
Jiangmin 20151108
K7AntiVirus 20151109
K7GW 20151109
Malwarebytes 20151109
McAfee 20151109
McAfee-GW-Edition 20151109
Microsoft 20151109
eScan 20151109
NANO-Antivirus 20151109
nProtect 20151109
Panda 20151108
Rising 20151108
Sophos 20151109
SUPERAntiSpyware 20151108
Symantec 20151108
Tencent 20151109
TheHacker 20151108
TrendMicro 20151109
TrendMicro-HouseCall 20151109
VBA32 20151107
VIPRE 20151109
ViRobot 20151109
Zillya 20151109
Zoner 20151109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Canonical Raw Image Viewer©. All rights reserved.

Product Canonical Raw Image Viewer
File version 0.7
Description Canonical Raw Image Viewer
Comments Canonical Raw Image Viewer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-18 10:05:43
Entry Point 0x00003147
Number of sections 5
PE sections
PE imports
SelectObject
LineTo
DeleteDC
CreateFontIndirectW
GetNearestColor
MoveToEx
CreatePen
TranslateCharsetInfo
CreateSolidBrush
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetLastError
LocalLock
GlobalDeleteAtom
GlobalFree
FreeLibrary
GlobalUnlock
IsDBCSLeadByte
lstrlenW
GlobalSize
GetCurrentProcessId
MultiByteToWideChar
GlobalLock
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpyW
GlobalAddAtomW
WideCharToMultiByte
GetSystemDirectoryW
GetACP
LocalFree
GlobalAlloc
LocalUnlock
LocalAlloc
SetupFreeSourceListA
ReleaseDC
OpenClipboard
DdeClientTransaction
SendMessageW
DdeFreeStringHandle
GetMessageW
DdeAddData
GetClipboardData
TranslateMessage
DdeCreateDataHandle
DdePostAdvise
SetTimer
DdeCreateStringHandleW
FlashWindow
CloseClipboard
PostMessageW
GetDC
TranslateAcceleratorW
DispatchMessageW
InvalidateRect
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 5
PE resources
ExifTool file metadata
CodeSize
10752

SubsystemVersion
4.0

Comments
Canonical Raw Image Viewer

InitializedDataSize
22528

ImageVersion
4.0

ProductName
Canonical Raw Image Viewer

FileVersionNumber
0.7.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.7

TimeStamp
2015:06:18 11:05:43+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.7.0.0

FileDescription
Canonical Raw Image Viewer

OSVersion
4.0

FileOS
Win32

LegalCopyright
Canonical Raw Image Viewer . All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
TooDo Company

LegalTrademarks
Canonical Raw Image Viewer . 2013

FileSubtype
0

ProductVersionNumber
0.7.0.0

EntryPoint
0x3147

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 386426e5633b120c3a0e2f605af42433
SHA1 c503c6cb0ba5381bc7f13cd43e3014fd516c7641
SHA256 47de271bdf0bbe10f19cff2bb53846ba805824cf18a00577d0ea9dcce4585d00
ssdeep
768:jpI022MCnneoHY1HvaXyvI3BvB54xiN0uvQZHfQQPFj:9N0Tv2BvB54gN0uvcHd

authentihash 874a6b5d8af1896fb02fb5cccd10f2d26068a42e0da1551586e0aaa01cb7c6ef
imphash 0259ce59397b9b00206b18a1bf4efe72
File size 33.5 KB ( 34304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-09 11:43:43 UTC ( 1 year, 7 months ago )
Last submission 2016-03-14 18:19:17 UTC ( 1 year, 3 months ago )
File names 386426e5633b120c3a0e2f605af42433.scr
VirusShare_386426e5633b120c3a0e2f605af42433
47de271bdf0bbe10f19cff2bb53846ba805824cf18a00577d0ea9dcce4585d00.bin
Amendment or the Agreement_09-11-2015.scr
Amendment or the Agreement
a.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs