× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6193e4256d68b6f21dd3cd165cc25b9d1502dbff5c8613fd0b63584cc3301fd3
File name: transaction details.scr
Detection ratio: 1 / 54
Analysis date: 2015-11-11 16:44:51 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151111
AegisLab 20151111
Yandex 20151111
AhnLab-V3 20151111
Alibaba 20151111
ALYac 20151111
Antiy-AVL 20151111
Arcabit 20151111
Avast 20151111
AVG 20151111
Avira (no cloud) 20151111
AVware 20151111
Baidu-International 20151111
BitDefender 20151111
Bkav 20151110
ByteHero 20151111
CAT-QuickHeal 20151110
ClamAV 20151111
CMC 20151109
Comodo 20151111
Cyren 20151111
DrWeb 20151111
Emsisoft 20151111
ESET-NOD32 20151111
F-Prot 20151111
F-Secure 20151111
Fortinet 20151111
GData 20151111
Ikarus 20151111
Jiangmin 20151111
K7AntiVirus 20151111
K7GW 20151111
Malwarebytes 20151111
McAfee 20151111
McAfee-GW-Edition 20151111
Microsoft 20151111
eScan 20151111
NANO-Antivirus 20151111
nProtect 20151111
Panda 20151111
Qihoo-360 20151111
Rising 20151110
Sophos AV 20151111
SUPERAntiSpyware 20151111
Symantec 20151111
Tencent 20151111
TheHacker 20151110
TrendMicro 20151111
TrendMicro-HouseCall 20151111
VBA32 20151111
VIPRE 20151111
ViRobot 20151111
Zillya 20151110
Zoner 20151111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-10 11:23:04
Entry Point 0x00001673
Number of sections 4
PE sections
PE imports
QueryServiceConfigW
GetSystemTime
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
VirtualProtect
RemoveDirectoryA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
GetModuleFileNameA
WriteConsoleA
HeapCreate
OpenSemaphoreA
VirtualFree
FindClose
Sleep
GetFileType
CreateFileA
ExitProcess
GetVersion
OpenSemaphoreW
VirtualAlloc
EnableWindow
CreateIcon
GetDC
Number of PE resources by type
RT_BITMAP 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_ICON 1
Number of PE resources by language
RUSSIAN 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
8.2

FileVersionNumber
7.16.13.806

LanguageCode
Russian

FileFlagsMask
0x0001

CharacterSet
Unknown (24B2)

InitializedDataSize
57344

EntryPoint
0x1673

MIMEType
application/octet-stream

TimeStamp
2015:11:10 12:23:04+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0x5)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

BuildVersion
7, 16, 19, 806

CodeSize
16384

FileSubtype
1

ProductVersionNumber
7.16.13.806

FileTypeExtension
exe

ObjectFileType
VxD

Compressed bundles
File identification
MD5 28989811c6b498910637847d538e43bf
SHA1 d1ea7ae4e45412dc22998f91b1975175d4a98b35
SHA256 6193e4256d68b6f21dd3cd165cc25b9d1502dbff5c8613fd0b63584cc3301fd3
ssdeep
768:TpFbFgJeSyyjhJo0Zd41x64eFfxO5aGYrx:TpFbF+elOo0Z14j50d

authentihash 632e4c85e498aec7cbc32d32f85d8dda291497fc881d67b684267d6e0f48ad2c
imphash 04e13e7d5f37e0d4a629fe89cc731654
File size 76.0 KB ( 77824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-11 14:27:44 UTC ( 2 years, 1 month ago )
Last submission 2015-11-12 19:00:56 UTC ( 2 years, 1 month ago )
File names malware.scr
a.exe
transaction details.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs