× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ea58f616453edf3f0efc3c95f0a7614d6217677d8771dd7d39b802dd6069219
File name: ENEL_Bolletta.exe
Detection ratio: 3 / 54
Analysis date: 2016-02-12 08:38:23 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Injector.CSEF 20160212
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160212
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160212
Ad-Aware 20160212
AegisLab 20160212
Yandex 20160211
AhnLab-V3 20160211
Alibaba 20160204
Antiy-AVL 20160211
Arcabit 20160212
Avast 20160212
AVG 20160212
Avira (no cloud) 20160212
Baidu-International 20160212
BitDefender 20160212
Bkav 20160204
ByteHero 20160212
CAT-QuickHeal 20160212
ClamAV 20160212
CMC 20160205
Comodo 20160212
Cyren 20160212
DrWeb 20160212
Emsisoft 20160212
F-Prot 20160212
F-Secure 20160212
Fortinet 20160211
GData 20160212
Ikarus 20160212
Jiangmin 20160212
K7AntiVirus 20160212
K7GW 20160212
Kaspersky 20160212
Malwarebytes 20160212
McAfee 20160212
McAfee-GW-Edition 20160212
Microsoft 20160212
eScan 20160212
NANO-Antivirus 20160212
nProtect 20160211
Panda 20160210
Sophos AV 20160212
SUPERAntiSpyware 20160212
Symantec 20160211
Tencent 20160212
TheHacker 20160212
TotalDefense 20160212
TrendMicro 20160212
TrendMicro-HouseCall 20160212
VBA32 20160211
VIPRE 20160212
ViRobot 20160212
Zillya 20160211
Zoner 20160212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-04 19:42:42
Entry Point 0x0000CC56
Number of sections 4
PE sections
Overlays
MD5 528a68aca92174c6ace878a979142b2f
File type data
Offset 540672
Size 1112
Entropy 6.23
PE imports
CreatePolygonRgn
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
GetBkMode
CreateICW
SetDeviceGammaRamp
LPtoDP
GetClipBox
ModifyWorldTransform
GetDeviceCaps
CreateDCA
DeleteDC
SetMetaFileBitsEx
ScaleViewportExtEx
GetTextExtentExPointW
FillPath
CreateDCW
GetCharWidthA
GetObjectA
GetCurrentObject
RectVisible
GetStockObject
GetCurrentPositionEx
SelectPalette
GetOutlineTextMetricsW
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchBlt
SetStretchBltMode
CloseEnhMetaFile
SetBrushOrgEx
EndPage
GetWinMetaFileBits
EnumEnhMetaFile
ExtCreatePen
SetTextCharacterExtra
GetTextExtentPoint32W
ImmSetOpenStatus
AreFileApisANSI
GetCommTimeouts
GetEnvironmentStrings
DosDateTimeToFileTime
GetCurrentDirectoryW
GetShortPathNameW
GetStartupInfoA
GetModuleHandleA
GetPrivateProfileIntA
GetVolumeInformationW
GetProcessPriorityBoost
Ord(324)
Ord(3825)
Ord(2648)
Ord(3147)
Ord(2124)
Ord(5199)
Ord(1090)
Ord(4627)
Ord(3597)
Ord(4853)
Ord(1092)
Ord(3136)
Ord(2982)
Ord(3079)
Ord(1001)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(1000)
Ord(5241)
Ord(3798)
Ord(1053)
Ord(3259)
Ord(1029)
Ord(3081)
Ord(5065)
Ord(1022)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(3346)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(1168)
Ord(2976)
Ord(2985)
Ord(4998)
Ord(2385)
Ord(815)
Ord(1014)
Ord(4486)
Ord(5300)
Ord(4698)
Ord(1056)
Ord(5163)
Ord(3922)
Ord(4353)
Ord(2514)
Ord(5307)
Ord(3749)
Ord(2512)
Ord(5277)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(5731)
Ord(5265)
__p__fmode
_open
__CxxFrameHandler
_acmdln
_adjust_fdiv
__setusermatherr
_setmbcp
__getmainargs
_onexit
__dllonexit
div
_itow
_initterm
_controlfp
getenv
__p__commode
_execl
__set_app_type
RasHangUpA
GetMenu
Number of PE resources by type
RT_RCDATA 12
RT_ICON 10
RT_GROUP_ICON 5
RT_DIALOG 2
IFo71B 1
skEw732214 1
ti2Q18 1
aT661yh 1
qCN2w 1
nmsvg1M5v5 1
b08on1 1
HM300ER4T 1
hO4300dC3 1
uTK8702 1
u2RC5ex1v4 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 41
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.59.219.164

UninitializedDataSize
0

LanguageCode
Unknown (AMET)

FileFlagsMask
0x003f

CharacterSet
Unknown (HYST)

InitializedDataSize
483328

EntryPoint
0xcc56

MIMEType
application/octet-stream

LegalCopyright
2017 (C) 2012

FileVersion
0.2.200.38

TimeStamp
2005:06:04 20:42:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Clouted

ProductVersion
0.53.124.119

FileDescription
Becoming Deferentially Cape

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LCS/Telegraphics, Inc.

CodeSize
53248

ProductName
Dissertations Cements

ProductVersionNumber
0.127.158.72

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 485f83305f299a228e29de368c2e5e38
SHA1 bb551e1bba60fd811044309a8cde3a5eca860022
SHA256 5ea58f616453edf3f0efc3c95f0a7614d6217677d8771dd7d39b802dd6069219
ssdeep
12288:9zHbEY3d8nDBG4L2YbxJIhTd7FxN/W6V15qow3xzoEUTF9+hw9:9TbEsdcBGS2cahTd7Fxo6FqowGTb

authentihash 0596fcd2206f9d985dedb87cd87705e8ca58c63594e49fba25222c86fd6ef678
imphash db406ecd7d00ce655045e166e84a71fb
File size 529.1 KB ( 541784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-12 08:38:23 UTC ( 3 years, 2 months ago )
Last submission 2016-02-12 13:16:29 UTC ( 3 years, 2 months ago )
File names 485f83305f299a228e29de368c2e5e38
ENEL_Bolletta.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!