× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70f9a433f9e784ae247d709494b9d3a76bf08b18c275e9e68877c1ca53ba0fd2
File name: OrderInformations9345.scr.exe
Detection ratio: 19 / 68
Analysis date: 2017-11-17 15:48:46 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Avast Win32:Dropper-gen [Drp] 20171117
AVG Win32:Dropper-gen [Drp] 20171117
Avira (no cloud) TR/Dropper.MSIL.ofeod 20171117
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9953 20171117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.84c98e 20171103
Cylance Unsafe 20171117
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of MSIL/Kryptik.LLL 20171117
Fortinet MSIL/Kryptik.LLL!tr 20171117
Sophos ML heuristic 20170914
Kaspersky HEUR:Trojan.Win32.Generic 20171117
McAfee Packed-TW!14D090D1A105 20171117
McAfee-GW-Edition Packed-TW!14D090D1A105 20171117
Palo Alto Networks (Known Signatures) generic.ml 20171117
Qihoo-360 Win32/Trojan.Dropper.aa9 20171117
SentinelOne (Static ML) static engine - malicious 20171113
VBA32 TScope.Trojan.MSIL 20171117
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171117
Ad-Aware 20171117
AegisLab 20171117
AhnLab-V3 20171117
Alibaba 20170911
ALYac 20171117
Antiy-AVL 20171117
Arcabit 20171117
Avast-Mobile 20171117
AVware 20171117
BitDefender 20171117
Bkav 20171117
CAT-QuickHeal 20171117
ClamAV 20171117
CMC 20171117
Comodo 20171117
Cyren 20171117
DrWeb 20171117
eGambit 20171117
Emsisoft 20171117
F-Prot 20171117
F-Secure 20171117
GData 20171117
Ikarus 20171117
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171117
Kingsoft 20171117
Malwarebytes 20171117
MAX 20171117
Microsoft 20171117
eScan 20171117
NANO-Antivirus 20171117
nProtect 20171117
Panda 20171117
Rising 20171117
Sophos AV 20171117
SUPERAntiSpyware 20171117
Symantec 20171117
Symantec Mobile Insight 20171117
Tencent 20171117
TheHacker 20171112
TotalDefense 20171117
TrendMicro 20171117
TrendMicro-HouseCall 20171117
Trustlook 20171117
VIPRE 20171117
ViRobot 20171117
Webroot 20171117
WhiteArmor 20171104
Yandex 20171116
Zillya 20171116
Zoner 20171117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2012 Adobe Systems Incorporated. All rights reserved.

Product Adobe Acrobat Reader
Original name OrderInformations9345.scr.exe
Internal name OrderInformations9345.scr.exe
File version 1.1.0.0
Description Adobe Acrobat
Comments Adobe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-13 07:27:33
Entry Point 0x000226AE
Number of sections 3
.NET details
Module Version ID 943198c6-04ed-433b-986f-e9d1221e6f35
TypeLib ID 620353a0-4dcd-4f99-ad7e-af0dcefb9240
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Adobe

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Adobe Acrobat

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
512000

EntryPoint
0x226ae

OriginalFileName
OrderInformations9345.scr.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012 Adobe Systems Incorporated. All rights reserved.

FileVersion
1.1.0.0

TimeStamp
2017:11:13 08:27:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OrderInformations9345.scr.exe

ProductVersion
1.1.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
135168

ProductName
Adobe Acrobat Reader

ProductVersionNumber
1.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.1.0.0

File identification
MD5 14d090d1a10563326f62ebe31ae869f7
SHA1 e53e0ca84c98ebafe837c83ab1b937a522d1cc2d
SHA256 70f9a433f9e784ae247d709494b9d3a76bf08b18c275e9e68877c1ca53ba0fd2
ssdeep
6144:1m/g7FGb3JF1hiKBrADDev9oT11LThyLmIfvn3NUssW469A0DDA8p/m:1m/g7FGDJtiU0iaTL1yL7v3NUVta7/

authentihash 8a653ff359b48988a48e8fe6e00b2d0a6910755d2b2d40dc5bb5ce64a67990b3
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 636.0 KB ( 651264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-11-17 15:48:46 UTC ( 1 year, 5 months ago )
Last submission 2017-11-20 12:57:45 UTC ( 1 year, 5 months ago )
File names OrderInformations9345.scr.exe
Zebra 13.scr
OrderInformations9345.scr.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications