× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a40ea145028c1f09ba4a78970359489380d75ce65f74cf662e60da779896e11
File name: SWIFT_transfer.scr
Detection ratio: 2 / 56
Analysis date: 2015-09-30 12:28:16 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Rising PE:Malware.RDM.45!5.33[F1] 20150929
Sophos Mal/Upatre-V 20150930
Ad-Aware 20150930
AegisLab 20150930
Yandex 20150929
AhnLab-V3 20150930
Alibaba 20150927
ALYac 20150930
Antiy-AVL 20150930
Arcabit 20150930
Avast 20150930
AVG 20150930
Avira (no cloud) 20150930
AVware 20150930
Baidu-International 20150930
BitDefender 20150930
Bkav 20150929
ByteHero 20150930
CAT-QuickHeal 20150930
ClamAV 20150929
CMC 20150930
Comodo 20150930
Cyren 20150930
DrWeb 20150930
Emsisoft 20150930
ESET-NOD32 20150930
F-Prot 20150929
F-Secure 20150930
Fortinet 20150930
GData 20150930
Ikarus 20150930
Jiangmin 20150927
K7AntiVirus 20150930
K7GW 20150930
Kaspersky 20150930
Kingsoft 20150930
Malwarebytes 20150930
McAfee 20150930
McAfee-GW-Edition 20150930
Microsoft 20150930
eScan 20150930
NANO-Antivirus 20150930
nProtect 20150925
Panda 20150930
Qihoo-360 20150930
SUPERAntiSpyware 20150930
Symantec 20150929
Tencent 20150930
TheHacker 20150929
TrendMicro 20150930
TrendMicro-HouseCall 20150930
VBA32 20150930
VIPRE 20150930
ViRobot 20150930
Zillya 20150929
Zoner 20150930
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-15 21:52:45
Entry Point 0x00003F9C
Number of sections 3
PE sections
PE imports
_acmdln_dll
exit
_XcptFilter
__GetMainArgs
_initterm
_exit
_local_unwind2
_fmode_dll
_commode_dll
_global_unwind2
GetBkColor
GetStockObject
TextOutA
SetTextAlign
CreateSolidBrush
SetBkColor
DeleteObject
GetCurrentDirectoryA
lstrlenA
GetStartupInfoA
GetModuleHandleA
SetFocus
GetMessageA
UpdateWindow
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
FindWindowA
LoadBitmapA
DispatchMessageA
EndPaint
PostMessageA
TranslateMessage
DialogBoxParamA
RegisterClassExA
LoadStringA
ShowWindow
SendMessageA
GetClientRect
IsIconic
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
DestroyWindow
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.171.3

UninitializedDataSize
0

LanguageCode
Unknown (0505)

FileFlagsMask
0x0000

CharacterSet
Unknown (17E0)

InitializedDataSize
20480

EntryPoint
0x3f9c

OriginalFileName
wersion.EXE

MIMEType
application/octet-stream

LegalCopyright
Wersion Corporation. All rights reserved.

FileVersion
1.1.146.3

TimeStamp
2015:05:15 22:52:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wersion.EXE

ProductVersion
1.1.171.3

FileDescription
Wersion pure tools

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Wersion Corporation

CodeSize
13824

ProductName
Wersion pure tools

ProductVersionNumber
1.1.171.3

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 cff592f9b20d6e66977021d0d7e9f3b0
SHA1 67d07cedc85fec9c82a584519eb7dc3c7f531e5a
SHA256 5a40ea145028c1f09ba4a78970359489380d75ce65f74cf662e60da779896e11
ssdeep
768:lifNMjAO9zxHHUZGgcSNiDHiv3/1PJilfiHj4xN2y:li2XxHH8cSwHiP/1EwIwy

authentihash bda6f24acee479cfc250549b398def0249923f249d0061dda6208f851bf3a00c
imphash 796d721adc916bfeac28796ee8b260cf
File size 34.5 KB ( 35328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-30 10:58:59 UTC ( 1 year, 8 months ago )
Last submission 2015-10-01 06:53:01 UTC ( 1 year, 8 months ago )
File names SWIFT_transfer.exe
SWIFT_transfer.scr
0003_.b64.zip-1.exe
cff592f9b20d6e66977021d0d7e9f3b0.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs