× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 650d5a7d247fbe9c7f4d92e901319fec8c83fd07d4f5291f23c30f338a2e2974
File name: notice_262897.exe
Detection ratio: 4 / 57
Analysis date: 2015-04-30 05:38:36 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.MDA 20150429
ESET-NOD32 Win32/Injector.BZMI 20150430
Qihoo-360 HEUR/QVM42.0.Malware.Gen 20150430
TrendMicro-HouseCall Suspicious_GEN.F47V0430 20150430
Ad-Aware 20150430
AegisLab 20150430
Yandex 20150428
Alibaba 20150430
ALYac 20150430
Antiy-AVL 20150430
Avast 20150430
AVG 20150429
Avira (no cloud) 20150429
AVware 20150430
Baidu-International 20150426
BitDefender 20150430
Bkav 20150425
ByteHero 20150430
CAT-QuickHeal 20150429
ClamAV 20150430
CMC 20150423
Comodo 20150430
Cyren 20150430
DrWeb 20150430
Emsisoft 20150430
F-Prot 20150430
F-Secure 20150430
Fortinet 20150430
GData 20150430
Ikarus 20150430
Jiangmin 20150429
K7AntiVirus 20150430
K7GW 20150429
Kaspersky 20150429
Kingsoft 20150430
Malwarebytes 20150430
McAfee 20150430
McAfee-GW-Edition 20150430
Microsoft 20150429
eScan 20150430
NANO-Antivirus 20150430
Norman 20150429
nProtect 20150429
Panda 20150429
Rising 20150429
Sophos AV 20150430
SUPERAntiSpyware 20150430
Symantec 20150430
Tencent 20150430
TheHacker 20150429
TotalDefense 20150429
TrendMicro 20150430
VBA32 20150429
VIPRE 20150430
ViRobot 20150430
Zillya 20150429
Zoner 20150429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product QuickTime Alternative
File version 3.2.2.0
Description QuickTime Alternative Setup
Packers identified
F-PROT NSIS, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-07 04:40:17
Entry Point 0x00003217
Number of sections 5
PE sections
Overlays
MD5 8f4720982a1adb2e2a12dba70207de26
File type data
Offset 33792
Size 190885
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
ReleaseDC
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
PostQuitMessage
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
DrawTextA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
EnableMenuItem
RegisterClassA
SendMessageTimeoutA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 3
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.1.7.4

UninitializedDataSize
1024

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
117760

EntryPoint
0x3217

MIMEType
application/octet-stream

FileVersion
3.2.2.0

TimeStamp
2014:10:07 05:40:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2.2.0

FileDescription
QuickTime Alternative Setup

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
23552

ProductName
QuickTime Alternative

ProductVersionNumber
1.1.7.4

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 4a20784de661675d281edbd48a6e2485
SHA1 460c3c5fa073029cace80c7eb0fe704dd3c5d27a
SHA256 650d5a7d247fbe9c7f4d92e901319fec8c83fd07d4f5291f23c30f338a2e2974
ssdeep
3072:yAsj8MBX8s0oXJcWUAomTArkhcQIBxnROM6b2bsJlN1IjFXGiHIDE8vPNWiHupKH:yAsBZF5oEpcQIBxRo22N1sGb1VCoP3

authentihash b9e84a645f67ef78eea05331669872319892f1ea8f17107b3e889342126c0e9a
imphash 59a4a44a250c4cf4f2d9de2b3fe5d95f
File size 219.4 KB ( 224677 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.9%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2015-04-29 23:00:20 UTC ( 3 years, 11 months ago )
Last submission 2016-12-01 03:14:24 UTC ( 2 years, 3 months ago )
File names notice_262897.exe
carta_certificada_784512.exe
ujabijek.exe
carta_certificada_784512.ejecutable
vt-upload-QTJgPr
tbamozaw.exe
8.exe
notice_262897.exe
carta_certificada_784512.exe
notice_262897 (3).bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications