× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 617472b3d5d70d20f174c33867325d317b506ce34f95915572041b1f1d0334f4
File name: TFN-form-912879471200026.scr
Detection ratio: 9 / 56
Analysis date: 2016-10-21 01:46:36 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161020
Bkav HW32.Packed.5BDD 20161020
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Sophos ML trojanspy.win32.plimrost.b 20161018
Kaspersky UDS:DangerousObject.Multi.Generic 20161021
McAfee Artemis!B6551ACB6DE4 20161021
McAfee-GW-Edition BehavesLike.Win32.AAEH.dc 20161021
Qihoo-360 Worm.Win32.Allaple.J 20161021
Symantec Heur.AdvML.B 20161021
Ad-Aware 20161021
AegisLab 20161021
AhnLab-V3 20161020
Alibaba 20161020
ALYac 20161021
Antiy-AVL 20161021
Arcabit 20161020
Avast 20161021
AVG 20161020
Avira (no cloud) 20161021
AVware 20161021
BitDefender 20161021
CAT-QuickHeal 20161020
ClamAV 20161021
CMC 20161020
Comodo 20161021
Cyren 20161021
DrWeb 20161021
Emsisoft 20161021
ESET-NOD32 20161020
F-Prot 20161021
F-Secure 20161020
Fortinet 20161021
GData 20161021
Ikarus 20161020
Jiangmin 20161021
K7AntiVirus 20161020
K7GW 20161021
Kingsoft 20161021
Malwarebytes 20161020
Microsoft 20161020
eScan 20161021
NANO-Antivirus 20161021
nProtect 20161021
Panda 20161020
Rising 20161021
Sophos AV 20161020
SUPERAntiSpyware 20161021
Tencent 20161021
TheHacker 20161020
TrendMicro 20161021
TrendMicro-HouseCall 20161021
VBA32 20161020
VIPRE 20161021
ViRobot 20161020
Yandex 20161020
Zillya 20161020
Zoner 20161021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-20 17:20:04
Entry Point 0x000010E4
Number of sections 3
PE sections
Overlays
MD5 0ccc7d899dd476d8ec7c501cb11af12e
File type data
Offset 86016
Size 202761
Entropy 7.97
PE imports
EVENT_SINK_QueryInterface
Ord(546)
Ord(516)
Ord(685)
Ord(525)
Ord(663)
EVENT_SINK_AddRef
Ord(707)
Ord(717)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(552)
Ord(520)
Ord(100)
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(706)
Ord(716)
Ord(631)
Ord(545)
Number of PE resources by type
RT_ICON 6
Struct(0) 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:10:20 18:20:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
65536

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
32768

SubsystemVersion
4.0

EntryPoint
0x10e4

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 b6551acb6de46a0d8f9d92d577b978f1
SHA1 fc102552bf4326deec25eeda0f97390f273d6927
SHA256 617472b3d5d70d20f174c33867325d317b506ce34f95915572041b1f1d0334f4
ssdeep
3072:cYmrskDwgvBFCaaWQEfFlLXZFaKhiwrAz1puhj2YqNjSs4CA/ej1avRmOVS9p9Ed:c5rFDJZ1FltFaKG5oifJJ0vR3S9pCf1

authentihash 16e61623f8581d351bf1979cbefa2d2b1be691d1aaebbd79eed76814e5b0df49
imphash 7aaa4f77be3a25c5fb0fb10db712a055
File size 282.0 KB ( 288777 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-20 23:01:30 UTC ( 2 years, 6 months ago )
Last submission 2016-10-21 01:46:36 UTC ( 2 years, 6 months ago )
File names 1 TFN-form.scr
TFN-form-912879471200026.scr
1 TFN-form.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications