× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65539e0b6bd3b40988d0241294e38bd5bd05cba0149b69f1e98c33424b4f165a
File name: CORREOS.exe
Detection ratio: 35 / 55
Analysis date: 2016-03-21 10:35:45 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3104139 20160321
AegisLab Backdoor.W32.Androm!c 20160321
ALYac Trojan.GenericKD.3104139 20160319
Arcabit Trojan.Generic.D2F5D8B 20160321
Avast Win32:Malware-gen 20160321
AVG FileCryptor.IPL 20160321
AVware Trojan.Win32.Generic!BT 20160321
BitDefender Trojan.GenericKD.3104139 20160321
Bkav HW32.Packed.D10D 20160319
Cyren W32/Ransom.ZYVR-4203 20160321
DrWeb Trojan.PWS.Siggen1.48781 20160321
Emsisoft Trojan.GenericKD.3104139 (B) 20160321
ESET-NOD32 Win32/Filecoder.DI 20160321
F-Secure Trojan.GenericKD.3104139 20160321
Fortinet Malicious_Behavior.VEX.99 20160321
GData Trojan.GenericKD.3104139 20160321
Ikarus Trojan.Win32.Filecoder 20160321
Jiangmin p 20160321
K7AntiVirus Trojan ( 004b8b881 ) 20160321
K7GW Trojan ( 004b8b881 ) 20160321
Kaspersky Backdoor.Win32.Androm.jhah 20160321
Malwarebytes Trojan.Injector 20160321
McAfee RDN/Ransom 20160321
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.jc 20160321
Microsoft Ransom:Win32/Teerac 20160321
eScan Trojan.GenericKD.3104139 20160321
nProtect Trojan.GenericKD.3104139 20160321
Panda Trj/CryptoWall.C 20160320
Qihoo-360 Win32/Backdoor.d88 20160321
Sophos AV Troj/Ransom-CNQ 20160321
Symantec Trojan.Cryptolocker.H 20160321
Tencent Win32.Backdoor.Androm.Llrr 20160321
TrendMicro TROJ_FORUCON.BMC 20160321
TrendMicro-HouseCall TROJ_FORUCON.BMC 20160321
VIPRE Trojan.Win32.Generic!BT 20160321
Yandex 20160316
AhnLab-V3 20160320
Alibaba 20160321
Antiy-AVL 20160321
Baidu 20160318
Baidu-International 20160321
ByteHero 20160321
CAT-QuickHeal 20160319
ClamAV 20160319
CMC 20160316
Comodo 20160321
F-Prot 20160321
NANO-Antivirus 20160321
Rising 20160321
SUPERAntiSpyware 20160321
TheHacker 20160320
VBA32 20160318
ViRobot 20160321
Zillya 20160320
Zoner 20160321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-04 15:34:47
Entry Point 0x00012874
Number of sections 4
PE sections
Overlays
MD5 44e93cd0f9ba2153679da5f7e690aa23
File type data
Offset 421888
Size 197453
Entropy 7.03
PE imports
_adjust_fdiv
__p__fmode
_wsetlocale
scanf
__p__commode
__dllonexit
_onexit
mktime
_beep
_mbbtype
sprintf
_wspawnl
_initterm
mblen
__setusermatherr
_y1
__set_app_type
PathSkipRootA
PathBuildRootA
SHQueryValueExA
PathIsSameRootW
PathQuoteSpacesA
PathRemoveExtensionA
StrCSpnA
PathIsURLA
PathRemoveBlanksA
PathIsRelativeA
PathGetArgsA
SHRegQueryUSValueW
PathAddExtensionW
PathFindNextComponentA
StrPBrkW
PathRemoveBackslashW
SHRegCloseUSKey
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 8
RT_DIALOG 3
RT_VERSION 1
Number of PE resources by language
ALBANIAN DEFAULT 17
ENGLISH UK 9
PE resources
ExifTool file metadata
SpecialBuild
0.164.141.47

LegalTrademarks
Magnetometers

SubsystemVersion
4.0

Comments
Jap

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.211.110.21

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Eases Grouping Integrationist

CharacterSet
Unicode

InitializedDataSize
3444736

EntryPoint
0x12874

OriginalFileName
Fundedl.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014

FileVersion
0.206.159.122

TimeStamp
2008:06:04 16:34:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Jettisoned

ProductVersion
0.91.24.140

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ted Barham

CodeSize
73728

ProductName
Feeders Iconoclast

ProductVersionNumber
0.105.114.115

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 3c6f984146fd5183c9a89124af0a140d
SHA1 b01f05d2e12f7f865ac6746a0ee9020d72a3001e
SHA256 65539e0b6bd3b40988d0241294e38bd5bd05cba0149b69f1e98c33424b4f165a
ssdeep
12288:UoqsUnsJRRLc7qOhNTlCAy9qksDbfz/XTly6sSE25Ly:UjsUnMRBYqOhNQ9qkmb7vTlHcf

authentihash 8878f5bde91a9285dd54fbf8d06d91b4c6eac78a5372638b2a9c10c74fefdf15
imphash 4dc8595113d30d1240cb064999f54fa8
File size 604.8 KB ( 619341 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-16 12:17:17 UTC ( 2 years, 11 months ago )
Last submission 2016-03-21 10:35:45 UTC ( 2 years, 11 months ago )
File names Bolletta.exe
65539e0b6bd3b40988d0241294e38bd5bd05cba0149b69f1e98c33424b4f165a.exe
CORREOS.exe
Turkcell_Mart_Fatura.exe
carta_certificada.virus.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0317.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!