× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 66eb0b099caf0cab296d7ad4cbe84e366c44cc465431a33963ac5b32d8e28682
File name: USPS report id 943577924988734.exe
Detection ratio: 27 / 46
Analysis date: 2013-02-20 09:11:10 UTC ( 6 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Androm.44544 20130219
AntiVir TR/Kazy.145721.1 20130220
Avast Win32:Malware-gen 20130220
BitDefender Trojan.Generic.KD.864065 20130220
Commtouch W32/Trojan3.EUF 20130220
Comodo Heur.Suspicious 20130220
DrWeb BackDoor.Andromeda.22 20130220
Emsisoft Backdoor.Win32.Androm.AMN (A) 20130220
ESET-NOD32 Win32/TrojanDownloader.Wauchos.A 20130220
F-Prot W32/Trojan3.EUF 20130220
F-Secure Gen:Variant.Kazy.145721 20130220
Fortinet W32/Yakes.B!tr 20130220
GData Trojan.Generic.KD.864065 20130220
Ikarus Backdoor.Win32.Androm 20130220
Kaspersky Backdoor.Win32.Androm.phh 20130220
McAfee RDN/Generic BackDoor!bh 20130220
McAfee-GW-Edition Artemis!0F2C49F4FCFF 20130220
Microsoft Worm:Win32/Gamarue.I 20130220
eScan Trojan.Generic.KD.864065 20130220
Norman Suspicious_Gen4.CKBDO 20130219
Panda Suspicious file 20130219
Sophos AV Troj/Agent-AAFN 20130220
Symantec Backdoor.Trojan 20130220
TheHacker Posible_Worm32 20130219
TrendMicro BKDR_ANDROM.CB 20130220
TrendMicro-HouseCall BKDR_ANDROM.CB 20130220
VIPRE Trojan.Win32.Generic!BT 20130220
Yandex 20130219
Antiy-AVL 20130219
AVG 20130220
ByteHero 20130218
CAT-QuickHeal 20130220
ClamAV 20130220
eSafe 20130211
Jiangmin 20130220
K7AntiVirus 20130219
Kingsoft 20130204
Malwarebytes 20130219
NANO-Antivirus 20130220
nProtect 20130219
PCTools 20130219
Rising 20130205
SUPERAntiSpyware 20130220
TotalDefense 20130219
VBA32 20130219
ViRobot 20130220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Sixty Flinch
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-05-18 09:36:50
Entry Point 0x00014BC0
Number of sections 3
PE sections
PE imports
RegEnumKeyExA
OpenClusterNode
DrawInsert
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RtlGetAce
ResUtilSetPropertyTable
EndTask
VerInstallFileA
Number of PE resources by type
RT_MENU 13
RT_STRING 4
RT_CURSOR 3
RT_DIALOG 2
RT_ICON 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SPANISH COSTA RICA 26
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
8192

ImageVersion
6.0

FileVersionNumber
8.8.0.0

UninitializedDataSize
45056

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
0.0

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2006:05:18 10:36:50+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Sixty Flinch

OSVersion
6.4

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
E+h$

CodeSize
36864

FileSubtype
0

ProductVersionNumber
8.8.0.0

EntryPoint
0x14bc0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0f2c49f4fcff095b2c97226c0da97a98
SHA1 306146f6812da3d166dc2a1cf7d4d31d23316e4d
SHA256 66eb0b099caf0cab296d7ad4cbe84e366c44cc465431a33963ac5b32d8e28682
ssdeep
768:Uh7JDeMvv9Q9QFeYgtc9ngg3btrXgqWhVutSsY6rh7DXzq71DyvFEMsZpRSl26i6:Uh9DeM39qQcYjCeOPhVsNYuh3u71YVgU

authentihash 49e3fe449e7d82a8a7ff2a795f8456641820d4f8eecfc8b65277f91d5bf650e0
imphash 3b952294dae9db8a766538510e1fdc9e
File size 43.5 KB ( 44544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-02-18 18:29:32 UTC ( 6 years, 3 months ago )
Last submission 2018-11-26 02:20:17 UTC ( 5 months, 3 weeks ago )
File names 1lSS1XWKOV.scr
Virus.exe.txt
file-5166038_exe
aa
0f2c49f4fcff095b2c97226c0da97a98.exe
vt-upload-kG74U
USPS report id 943577924988734.exe
USPS report id 943577924988734.ex0
0f2c49f4fcff095b2c97226c0da97a98
ZCnqFe_SEV.inf
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Set keys
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications