× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 66fcf85da92b843ff6d310d7c31c7aa70bbc921cab57628f1e4bf11c11e218d9
File name: DHL_Versandschein_3951.exe
Detection ratio: 36 / 57
Analysis date: 2016-04-20 09:59:24 UTC ( 2 years, 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3146809 20160420
ALYac Trojan.GenericKD.3146809 20160420
Arcabit Trojan.Generic.D300439 20160420
Avast Win32:Trojan-gen 20160420
AVG FileCryptor.JTZ 20160420
Avira (no cloud) TR/Crypt.ZPACK.uxef 20160420
AVware Trojan.Win32.Generic!BT 20160420
Baidu Win32.Trojan.WisdomEyes.151026.9950.9991 20160420
BitDefender Trojan.GenericKD.3146809 20160420
Cyren W32/Trojan.ZZKY-4459 20160420
DrWeb Trojan.Encoder.761 20160420
Emsisoft Trojan.GenericKD.3146809 (B) 20160420
ESET-NOD32 Win32/Filecoder.TorrentLocker.A 20160420
F-Secure Trojan.GenericKD.3146809 20160420
Fortinet Malicious_Behavior.VEX.99 20160420
GData Trojan.GenericKD.3146809 20160420
Ikarus Trojan.Win32.Filecoder 20160420
Jiangmin ezz 20160420
Kaspersky Backdoor.Win32.Androm.jkqw 20160420
Malwarebytes Ransom.TorrentLocker 20160420
McAfee RDN/Ransom 20160420
McAfee-GW-Edition BehavesLike.Win32.AAEH.hh 20160420
Microsoft Ransom:Win32/Teerac.A 20160420
eScan Trojan.GenericKD.3146809 20160420
NANO-Antivirus Trojan.Win32.Encoder.ebmmqo 20160420
nProtect Trojan.GenericKD.3146809 20160420
Panda Trj/GdSda.A 20160419
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160420
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160420
Sophos AV Mal/Generic-S 20160420
Symantec Trojan.Gen 20160420
Tencent Win32.Backdoor.Androm.Sxon 20160420
TrendMicro-HouseCall Ransom_CRYPTESLA.SMJ9 20160420
VIPRE Trojan.Win32.Generic!BT 20160420
Yandex Backdoor.Androm!QyZRDv7LhuQ 20160419
Zillya Trojan.CryptGen.Win32.1 20160420
AegisLab 20160420
AhnLab-V3 20160419
Alibaba 20160420
Antiy-AVL 20160420
Baidu-International 20160419
Bkav 20160419
CAT-QuickHeal 20160420
ClamAV 20160420
CMC 20160415
Comodo 20160420
F-Prot 20160420
K7AntiVirus 20160420
K7GW 20160420
Kingsoft 20160420
SUPERAntiSpyware 20160420
TheHacker 20160419
TotalDefense 20160420
TrendMicro 20160420
VBA32 20160420
ViRobot 20160420
Zoner 20160420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-21 15:38:58
Entry Point 0x00026258
Number of sections 4
PE sections
PE imports
PathRenameExtensionW
StrToIntExW
PathRemoveExtensionA
PathAddBackslashA
StrCmpIW
timeKillEvent
waveOutSetVolume
waveOutReset
waveInOpen
mmioWrite
auxGetDevCapsA
sndPlaySoundA
timeSetEvent
timeBeginPeriod
waveOutGetNumDevs
mixerGetNumDevs
mixerOpen
timeEndPeriod
mixerGetLineInfoW
mixerGetDevCapsW
joyGetDevCapsA
joyGetPosEx
joyGetPos
mixerGetLineInfoA
waveOutMessage
midiInOpen
mmioClose
midiOutOpen
midiInGetDevCapsA
waveInClose
joySetThreshold
midiInGetNumDevs
timeGetDevCaps
OpenDriver
waveInGetNumDevs
midiOutClose
mixerGetID
mixerGetDevCapsA
midiOutGetNumDevs
mciGetErrorStringA
mixerGetControlDetailsA
mciSendCommandA
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 2
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
GREEK DEFAULT 8
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.27.232.245

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3633152

EntryPoint
0x26258

OriginalFileName
Motional.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015

FileVersion
70, 127, 59, 95

TimeStamp
2016:04:21 16:38:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Legality

ProductVersion
176, 55, 118, 75

FileDescription
Peopled

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Old McDonald's Farm

CodeSize
155648

ProductName
Old McDonald's Farm Overheard

ProductVersionNumber
0.205.210.194

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 5e45ff7ee1a68e21e5075204fed3ccdc
SHA1 924c549e91067d766cea2486a72aee1adc591554
SHA256 66fcf85da92b843ff6d310d7c31c7aa70bbc921cab57628f1e4bf11c11e218d9
ssdeep
12288:M305/0ge8kKsltnlGkT+9zRkNr3OD9rt5bi:Mkp0gdkKsltlGoUCi5tZi

authentihash 9b2e734929595d81a28e14548badf030e84540091b2cdcebafd3dd1d6cf59428
imphash 4098326eda946f7a5725a9e86c7db608
File size 568.0 KB ( 581632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-07 19:15:03 UTC ( 3 years ago )
Last submission 2016-04-07 19:15:03 UTC ( 3 years ago )
File names DHL_Versandschein_3951.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!