× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ca0f3cb258435aed5f1990462c97189a686a7683bd64a28f9ad6f801c76d3f5
File name: 5ca0f3cb258435aed5f1990462c97189a686a7683bd64a28f9ad6f801c76d3f5
Detection ratio: 10 / 53
Analysis date: 2016-02-20 00:28:03 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20160220
AVG FileCryptor.HFU 20160220
Avira (no cloud) TR/AD.Teerac.Y.130 20160220
ESET-NOD32 Win32/Filecoder.DI 20160219
Kaspersky Backdoor.Win32.Androm.jead 20160219
McAfee Ransom-Teerac!4AA4EE8CF8F3 20160219
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160220
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160219
Sophos AV Mal/Ransom-EF 20160219
Symantec Trojan.Cryptolocker.H 20160219
Ad-Aware 20160219
AegisLab 20160219
Yandex 20160219
AhnLab-V3 20160219
Antiy-AVL 20160220
Arcabit 20160220
Baidu-International 20160219
BitDefender 20160220
Bkav 20160219
ByteHero 20160220
CAT-QuickHeal 20160219
ClamAV 20160219
CMC 20160219
Comodo 20160220
Cyren 20160220
DrWeb 20160220
Emsisoft 20160220
F-Prot 20160219
F-Secure 20160219
Fortinet 20160218
GData 20160219
Ikarus 20160219
Jiangmin 20160219
K7AntiVirus 20160219
K7GW 20160219
Malwarebytes 20160219
McAfee-GW-Edition 20160219
Microsoft 20160219
eScan 20160219
NANO-Antivirus 20160219
nProtect 20160219
Panda 20160219
SUPERAntiSpyware 20160219
Tencent 20160220
TheHacker 20160217
TotalDefense 20160219
TrendMicro 20160219
TrendMicro-HouseCall 20160219
VBA32 20160219
VIPRE 20160219
ViRobot 20160220
Zillya 20160219
Zoner 20160219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-01-23 02:27:41
Entry Point 0x00007E86
Number of sections 4
PE sections
Overlays
MD5 1e211dae05f29e516fe061f042c68b3e
File type data
Offset 528384
Size 1077
Entropy 6.11
PE imports
PlayEnhMetaFileRecord
GetCharABCWidthsW
GetTextMetricsW
SetMapMode
GetWindowOrgEx
CreateMetaFileA
PolyPolyline
ResizePalette
SetTextAlign
GetTextMetricsA
CombineRgn
GetROP2
SetMetaFileBitsEx
GetObjectType
SetColorAdjustment
GetTextExtentPointA
CopyEnhMetaFileW
SetPixel
SetWorldTransform
DeleteObject
IntersectClipRect
CreateFontA
CopyEnhMetaFileA
OffsetWindowOrgEx
CreateEllipticRgn
EqualRgn
GetPolyFillMode
GetDIBits
ExtCreateRegion
SetPixelFormat
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
GetTextFaceA
ScaleViewportExtEx
Pie
SetWindowExtEx
Arc
GetKerningPairsA
WidenPath
ExtCreatePen
SetBkColor
SetWinMetaFileBits
GetBkColor
SetRectRgn
MoveToEx
GetTextCharsetInfo
GetDIBColorTable
DeleteEnhMetaFile
CreateFontIndirectW
SetStretchBltMode
EnumFontsW
TextOutA
CreateFontIndirectA
LPtoDP
EnumFontsA
UpdateColors
GetPixel
PolyDraw
OffsetViewportOrgEx
SetBkMode
RectInRegion
OffsetClipRgn
BitBlt
EnumFontFamiliesA
GetDeviceCaps
FillRgn
SetAbortProc
SelectPalette
GetFontData
StrokePath
CreateEnhMetaFileA
ResetDCW
ExtSelectClipRgn
StartDocW
ScaleWindowExtEx
CloseEnhMetaFile
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
CancelDC
GetTextColor
PtVisible
Escape
BeginPath
SetViewportExtEx
CreatePenIndirect
SetGraphicsMode
PlayMetaFileRecord
SetBitmapBits
PatBlt
CreatePen
GetClipBox
Rectangle
GetObjectA
CreateDCA
GetMetaFileBitsEx
DeleteDC
EndDoc
GetMapMode
GetWorldTransform
EnumMetaFile
StartPage
GetObjectW
CreateDCW
GetCharWidthA
RealizePalette
CreateDIBPatternBrushPt
OffsetRgn
RectVisible
DeleteColorSpace
GetStockObject
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
GetTextAlign
ExtEscape
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWindowOrgEx
SetTextCharacterExtra
GetTextExtentPoint32W
EndPath
CreatePolygonRgn
CreateICA
Polygon
GetGlyphOutlineW
GetRgnBox
SaveDC
CreateICW
SetDeviceGammaRamp
MaskBlt
GetEnhMetaFilePaletteEntries
GetGlyphOutlineA
GetDeviceGammaRamp
RestoreDC
GetBitmapBits
FillPath
GetBkMode
CreateDIBSection
SetTextColor
ExtFloodFill
GetBrushOrgEx
SetPixelV
EnumFontFamiliesExW
SetViewportOrgEx
SetArcDirection
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
CreateFontW
PolyBezier
Chord
CreateRectRgn
RemoveFontResourceA
GetClipRgn
StartDocA
SetPolyFillMode
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
AbortDoc
Ellipse
DebugActiveProcess
FreeEnvironmentStringsA
GetStartupInfoA
GetModuleHandleA
GetCommState
LZCopy
Ord(324)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(5199)
Ord(3830)
Ord(4627)
Ord(3597)
Ord(1096)
Ord(1168)
Ord(4853)
Ord(3136)
Ord(2982)
Ord(1099)
Ord(1071)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(1057)
Ord(1576)
Ord(4079)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(3798)
Ord(1079)
Ord(3259)
Ord(1041)
Ord(3081)
Ord(2648)
Ord(4407)
Ord(2446)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(1076)
Ord(6376)
Ord(561)
Ord(1091)
Ord(3346)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(1097)
Ord(1727)
Ord(4486)
Ord(2976)
Ord(4234)
Ord(3831)
Ord(2385)
Ord(815)
Ord(1089)
Ord(2396)
Ord(2985)
Ord(1044)
Ord(4698)
Ord(4998)
Ord(5163)
Ord(3922)
Ord(1068)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(5300)
Ord(2554)
Ord(4353)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(5731)
_except_handler3
_setmbcp
_acmdln
_adjust_fdiv
_lfind
_heapset
__p__commode
tanh
__dllonexit
_onexit
ftell
__setusermatherr
__p__fmode
__getmainargs
_initterm
_chsize
_controlfp
__set_app_type
RasDialA
CreateCursor
Number of PE resources by type
RT_ICON 10
RT_DIALOG 6
RT_GROUP_ICON 5
g3574n88 1
fVQ47 1
T4303 1
Nk2M45 1
h4b06E6F4T 1
VbH33 1
VG6826n 1
Glb16 1
RT_VERSION 1
UCO6Pkt472 1
RT_RCDATA 1
A1np41Q 1
Omqg8Q 1
grmJ6C2BK1 1
h66w2 1
Number of PE resources by language
CHINESE MACAU 10
CHINESE HONGKONG 8
CHINESE TRADITIONAL 7
CHINESE SINGAPORE 6
CHINESE SIMPLIFIED 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.68.135.144

UninitializedDataSize
0

LanguageCode
Unknown (PHIL)

FileFlagsMask
0x003f

CharacterSet
Unknown (ATELISTS)

InitializedDataSize
491520

EntryPoint
0x7e86

MIMEType
application/octet-stream

LegalCopyright
2010 (C) 2017

FileVersion
0.230.33.84

TimeStamp
2006:01:23 03:27:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Insurers

ProductVersion
0.77.193.116

FileDescription
Initiating Named Paled

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The MathWorks Inc.

CodeSize
32768

ProductName
Incensing Paw

ProductVersionNumber
0.83.3.160

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4aa4ee8cf8f367a4cf119778c22dabd5
SHA1 b0a6730a60c51ced8c3e3dd273e33874aff0a7f4
SHA256 5ca0f3cb258435aed5f1990462c97189a686a7683bd64a28f9ad6f801c76d3f5
ssdeep
12288:NYNfKl7TwOfCjl6fRYhzMa6w6YybuzqW36gxuj/HiMwJdfxH:NYNfA3KjEf+wPwZSK/0C1JlZ

authentihash 29fd292207ede26c7523654d496658cc0ad22b52347d6deea874d9c195d1c6ca
imphash 87e257e4169ee5bfb7db96fe4c9f6b05
File size 517.1 KB ( 529461 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-20 00:28:03 UTC ( 3 years, 1 month ago )
Last submission 2016-06-20 23:22:00 UTC ( 2 years, 9 months ago )
File names 4aa4ee8cf8f367a4cf119778c22dabd5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!