× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 535637a6af1e0e34b3a41039bf2e77b84a63d871c2284401f1cf0642ec49fa47
File name: my_resume_pdf_id-4523-4557-293.scr
Detection ratio: 8 / 55
Analysis date: 2015-07-01 19:55:53 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150701
AVG Crypt_r.FQ 20150701
Bkav HW32.Packed.9EC6 20150701
ESET-NOD32 a variant of Win32/Injector.CEAI 20150701
Kaspersky UDS:DangerousObject.Multi.Generic 20150701
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150701
Symantec Suspicious.Cloud.5 20150701
ViRobot Trojan.Win32.CryptoLocker.270336[h] 20150701
Ad-Aware 20150701
AegisLab 20150701
Yandex 20150630
AhnLab-V3 20150701
Alibaba 20150630
ALYac 20150701
Antiy-AVL 20150701
Arcabit 20150630
Avira (no cloud) 20150701
AVware 20150701
Baidu-International 20150701
BitDefender 20150701
ByteHero 20150701
CAT-QuickHeal 20150701
ClamAV 20150701
Comodo 20150701
Cyren 20150701
DrWeb 20150701
Emsisoft 20150701
F-Prot 20150701
F-Secure 20150701
Fortinet 20150701
GData 20150701
Ikarus 20150701
Jiangmin 20150701
K7AntiVirus 20150701
K7GW 20150701
Kingsoft 20150701
Malwarebytes 20150701
McAfee 20150701
McAfee-GW-Edition 20150701
Microsoft 20150701
eScan 20150701
NANO-Antivirus 20150701
nProtect 20150701
Panda 20150701
Rising 20150701
Sophos AV 20150701
SUPERAntiSpyware 20150701
Tencent 20150701
TheHacker 20150701
TrendMicro 20150701
TrendMicro-HouseCall 20150701
VBA32 20150701
VIPRE 20150701
Zillya 20150701
Zoner 20150701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-30 13:38:41
Entry Point 0x0000256D
Number of sections 4
PE sections
PE imports
RegEnumKeyW
RegCreateKeyW
GetObjectA
SetPixel
GetStockObject
GetObjectW
LocalFree
GetStartupInfoA
HeapFree
CreateFileW
GetCurrentDirectoryW
GetModuleHandleA
GetModuleFileNameW
GlobalFree
ReadFile
GetCommState
VirtualFree
GetCurrentDirectoryA
CreateEventW
ExitProcess
CompareStringA
GetDateFormatA
GetThreadTimes
GetTickCount
GetModuleFileNameA
GlobalAlloc
Ord(2023)
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(2124)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3721)
Ord(5290)
Ord(2446)
Ord(795)
Ord(616)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(3092)
Ord(567)
Ord(1134)
Ord(4465)
Ord(2578)
Ord(5300)
Ord(4398)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5199)
Ord(5307)
Ord(4441)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(823)
Ord(2642)
Ord(2379)
Ord(2725)
Ord(1776)
Ord(4998)
Ord(5981)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(6375)
Ord(2621)
Ord(3259)
Ord(3262)
Ord(1576)
Ord(2754)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4376)
Ord(3402)
Ord(3582)
Ord(324)
Ord(2411)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_setmbcp
_exit
_adjust_fdiv
__setusermatherr
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__p__commode
__set_app_type
RegisterWindowMessageW
DefWindowProcW
MoveWindow
KillTimer
GetClipboardOwner
CheckMenuItem
GetSystemMetrics
EnableWindow
SetDlgItemTextA
DrawIcon
DialogBoxParamW
MessageBoxA
GetDC
ReleaseDC
ShowCaret
RegisterClassW
SendMessageA
GetClientRect
IsIconic
DeleteMenu
InvalidateRect
LoadIconA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:30 14:38:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

EntryPoint
0x256d

InitializedDataSize
200704

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 828eef80021937eeb4a82f4ba18cf83c
SHA1 6f31f40f37dabf671024bd1d143f90fca6862242
SHA256 535637a6af1e0e34b3a41039bf2e77b84a63d871c2284401f1cf0642ec49fa47
ssdeep
3072:+fc8/XXOpp0vnXYq8UYkUEABHN5LY4nNQPpZRjZEOCZHVyJ7jBhRZl2vKXbrT8YD:+fc0fXYqNY8gk4nNmZF6OAHgJVh7n

authentihash b63e4436a643c4b8668c57f368b650b67fe2520ba761bc9f95270dca689d2c6f
imphash 7b1e2826905e543ef542e67cad8339a8
File size 208.0 KB ( 212992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-01 16:29:20 UTC ( 2 years, 4 months ago )
Last submission 2015-07-06 08:26:01 UTC ( 2 years, 4 months ago )
File names 828EEF80021937EEB4A82F4BA18CF83C
my_resume_pdf_id-4523-4557-293.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs