× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d9536cb76d9a0a7c5811b3a49007171bdbde4be2b6f722a84a3bf9a89ed2fe5
File name: 684F.tmp.exe
Detection ratio: 3 / 55
Analysis date: 2016-03-08 20:57:45 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Downloader.dh 20160308
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20160308
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160308
Ad-Aware 20160308
AegisLab 20160308
Yandex 20160308
AhnLab-V3 20160308
Alibaba 20160308
ALYac 20160308
Arcabit 20160308
Avast 20160308
AVG 20160308
Avira (no cloud) 20160308
AVware 20160308
Baidu 20160225
Baidu-International 20160308
BitDefender 20160308
Bkav 20160308
ByteHero 20160308
CAT-QuickHeal 20160308
ClamAV 20160308
CMC 20160307
Comodo 20160308
Cyren 20160308
DrWeb 20160308
Emsisoft 20160308
ESET-NOD32 20160308
F-Prot 20160308
F-Secure 20160308
Fortinet 20160308
GData 20160308
Ikarus 20160308
Jiangmin 20160308
K7AntiVirus 20160308
K7GW 20160308
Kaspersky 20160308
Malwarebytes 20160308
McAfee 20160308
Microsoft 20160308
eScan 20160308
NANO-Antivirus 20160308
nProtect 20160308
Panda 20160308
Sophos AV 20160308
SUPERAntiSpyware 20160308
Symantec 20160308
Tencent 20160308
TheHacker 20160307
TrendMicro 20160308
TrendMicro-HouseCall 20160308
VBA32 20160306
VIPRE 20160308
ViRobot 20160308
Zillya 20160306
Zoner 20160308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-06-22 01:15:13
Entry Point 0x00033C50
Number of sections 4
PE sections
PE imports
FlatSB_ShowScrollBar
FlatSB_GetScrollInfo
ImageList_SetBkColor
ImageList_Replace
ImageList_Remove
ImageList_Create
ImageList_GetBkColor
PropertySheetW
Ord(6)
CreatePropertySheetPageA
ImageList_Copy
Ord(8)
CreateICA
GetSystemPaletteEntries
PatBlt
OffsetRgn
EnumFontsW
SaveDC
LPtoDP
CombineRgn
GetROP2
GetPixel
OffsetViewportOrgEx
RestoreDC
GetObjectType
StretchBlt
CreateDCW
EnumFontFamiliesA
OffsetWindowOrgEx
ExtFloodFill
SetAbortProc
BitBlt
EqualRgn
SetViewportOrgEx
PtVisible
ExtSelectClipRgn
SelectClipRgn
PlayEnhMetaFile
PolyBezierTo
CreateFontW
ScaleViewportExtEx
Ellipse
SetDIBColorTable
CreateCompatibleBitmap
SetWindowOrgEx
SetBkColor
SetWinMetaFileBits
SetViewportExtEx
SetRectRgn
CreatePenIndirect
EnumResourceNamesW
GetModuleHandleA
GetTempPathA
GlobalFree
VarDecFromUI4
VarBoolFromR8
VarNumFromParseNum
VarMul
VarCyNeg
VarCyCmp
SafeArrayGetRecordInfo
OleSavePictureFile
BSTR_UserFree
VarCyFromI2
SafeArrayGetElemsize
VarDecMul
VarXor
LPSAFEARRAY_UserMarshal
VarUI2FromDate
VarR8FromDisp
LoadTypeLibEx
VarR8FromI4
VARIANT_UserFree
VarI1FromI2
VarI1FromI4
CreateTypeLib2
VarDecRound
BSTR_UserUnmarshal
VariantTimeToSystemTime
VarUI4FromCy
VarDateFromUdate
SystemTimeToVariantTime
SafeArrayCreate
VarUI1FromI1
VarBstrFromDisp
VarI2FromDec
SysReAllocString
VarUI4FromR8
VarDateFromStr
VarCat
SysAllocString
VarI4FromCy
VarDecFromI4
VarDecFromR8
VarI4FromR8
VarI2FromR8
VarBoolFromDisp
SafeArraySetIID
VarCyMul
SysReAllocStringLen
VarCyMulI4
GetRecordInfoFromTypeInfo
SafeArrayAllocData
SysAllocStringByteLen
OleLoadPicturePath
VarR4CmpR8
VarR8FromDate
VarCyAbs
VarDecFix
SafeArrayGetVartype
VarI4FromBool
SysAllocStringLen
VarDecAbs
SafeArrayCreateEx
VarUI2FromStr
VarI4FromDisp
VariantTimeToDosDateTime
OleLoadPictureFileEx
VarI2FromDate
VarDateFromDec
VarR4FromI1
VarR8Pow
VarCyFromR8
VarR4FromI2
VarCyRound
VarI1FromBool
VarBoolFromI2
SafeArrayDestroyDescriptor
VarBstrFromI1
VarBstrFromI4
VarUI2FromBool
SafeArrayUnaccessData
OaBuildVersion
LHashValOfNameSys
DosDateTimeToVariantTime
LoadRegTypeLib
VariantChangeType
VarAbs
VarBoolFromDec
VarCyAdd
VarI4FromDate
VarFormatNumber
VarI2FromCy
VarDecCmp
DispInvoke
SafeArrayRedim
VarI2FromUI2
VarI2FromUI4
VarI4FromDec
SafeArrayGetDim
VarUdateFromDate
SysStringLen
SafeArrayAllocDescriptor
VarUI1FromStr
VarUI4FromUI2
VarCyFromUI4
VarCyFromUI1
VarUI2FromR4
VarBstrFromUI2
GetActiveObject
VarUI1FromUI4
VarUI1FromUI2
VarBstrCat
VarUI2FromI2
VarBoolFromCy
VarBoolFromUI2
VectorFromBstr
VarR4FromUI2
VarR8FromCy
VarFormatPercent
VarDiv
GetAltMonthNames
VarI1FromStr
VarUI2FromCy
VarParseNumFromStr
GetUrlCacheEntryInfoExW
FtpFindFirstFileW
InternetErrorDlg
InternetCanonicalizeUrlA
CreateUrlCacheEntryW
InternetReadFileExA
InternetSetDialState
InternetGetCookieA
GopherOpenFileW
InternetSetOptionExA
InternetGetLastResponseInfoW
FtpRenameFileW
InternetFindNextFileW
FtpSetCurrentDirectoryA
InternetCheckConnectionA
InternetCheckConnectionW
InternetConfirmZoneCrossing
CommitUrlCacheEntryA
FtpGetFileA
DeleteUrlCacheGroup
InternetOpenUrlA
FtpPutFileA
FindFirstUrlCacheEntryA
InternetOpenA
FtpGetCurrentDirectoryW
FtpCreateDirectoryW
FtpOpenFileW
Number of PE resources by type
RT_ACCELERATOR 3
RT_DIALOG 3
RT_BITMAP 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
CHINESE MACAU 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.207.105.122

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
180224

EntryPoint
0x33c50

OriginalFileName
Serially.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011

FileVersion
155, 134, 94, 202

TimeStamp
2004:06:22 02:15:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Quench

ProductVersion
9, 215, 125, 159

FileDescription
Undistinguished

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Doug Fetter Software Wizardry

CodeSize
208896

FileSubtype
0

ProductVersionNumber
0.94.233.229

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 05e2a020e5c84958b2a2ff9d2e669d96
SHA1 4acb11a1a9a6a28124cbabf4f4f523e9a9c4c78f
SHA256 6d9536cb76d9a0a7c5811b3a49007171bdbde4be2b6f722a84a3bf9a89ed2fe5
ssdeep
6144:wIS5iHEy7ntVUEXV7ufh5fTa6Vxippb9uUZqJt051:QQnntWEl7up5fTaecpb9u/Q

authentihash 3138d4c105025c374c992ac94eb17a8a0709e149983618e9964a9752fd0dd15a
imphash 0e07eba96b1dc0fce19aad324b60941c
File size 276.0 KB ( 282624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-08 20:57:45 UTC ( 3 years, 1 month ago )
Last submission 2016-06-16 03:01:24 UTC ( 2 years, 10 months ago )
File names 684F.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications