× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 721b51167606841c4badb9cab775c06782a0bb7e8b790b84b6e9ba9e3865162c
File name: 721b51167606841c4badb9cab775c06782a0bb7e8b790b84b6e9ba9e3865162c
Detection ratio: 2 / 68
Analysis date: 2017-11-24 16:13:02 UTC ( 3 weeks ago ) View latest
Antivirus Result Update
Cylance Unsafe 20171124
TheHacker Trojan/Agent.ofc 20171121
Ad-Aware 20171124
AegisLab 20171124
AhnLab-V3 20171124
Alibaba 20171124
ALYac 20171124
Antiy-AVL 20171124
Arcabit 20171124
Avast 20171124
Avast-Mobile 20171124
AVG 20171124
Avira (no cloud) 20171124
AVware 20171124
Baidu 20171124
BitDefender 20171124
Bkav 20171124
CAT-QuickHeal 20171124
ClamAV 20171124
CMC 20171124
Comodo 20171124
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cyren 20171124
DrWeb 20171124
eGambit 20171124
Emsisoft 20171124
Endgame 20171024
ESET-NOD32 20171124
F-Prot 20171124
F-Secure 20171124
Fortinet 20171124
GData 20171124
Ikarus 20171124
Sophos ML 20170914
Jiangmin 20171124
K7AntiVirus 20171124
K7GW 20171124
Kaspersky 20171124
Kingsoft 20171124
Malwarebytes 20171124
MAX 20171124
McAfee 20171124
McAfee-GW-Edition 20171124
Microsoft 20171124
eScan 20171124
NANO-Antivirus 20171124
nProtect 20171124
Palo Alto Networks (Known Signatures) 20171124
Panda 20171124
Qihoo-360 20171124
Rising 20171124
SentinelOne (Static ML) 20171113
Sophos AV 20171124
SUPERAntiSpyware 20171124
Symantec 20171124
Symantec Mobile Insight 20171123
Tencent 20171124
TotalDefense 20171124
TrendMicro 20171124
TrendMicro-HouseCall 20171124
Trustlook 20171124
VBA32 20171124
VIPRE 20171124
ViRobot 20171124
Webroot 20171124
WhiteArmor 20171104
Yandex 20171120
Zillya 20171124
ZoneAlarm by Check Point 20171124
Zoner 20171124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-06-09 21:57:29
Entry Point 0x000071A0
Number of sections 5
PE sections
Overlays
MD5 befe70fbd999903cff877fff800d88c3
File type data
Offset 69632
Size 2012645
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
LCMapStringW
GetStartupInfoA
LoadLibraryA
lstrlenA
GlobalFree
FreeLibrary
LCMapStringA
HeapDestroy
ExitProcess
CreateDirectoryA
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
RemoveDirectoryA
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryA
FreeEnvironmentStringsW
CompareStringW
lstrcatA
SetFileTime
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
_llseek
_hread
GetCommandLineA
GetProcAddress
_lread
FileTimeToSystemTime
GetFullPathNameA
GetModuleHandleA
_lclose
GetCPInfo
GetStringTypeA
_lcreat
lstrcmpA
FindFirstFileA
_hwrite
lstrcpyA
_lopen
CompareStringA
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
SetFileAttributesA
GetDriveTypeA
TerminateProcess
GetTimeZoneInformation
WideCharToMultiByte
SetHandleCount
HeapCreate
WriteFile
GlobalAlloc
VirtualFree
LocalFileTimeToFileTime
FindClose
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
GetOEMCP
wsprintfA
MessageBoxA
LoadIconA
ExitWindowsEx
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1999:06:09 22:57:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
6.0

EntryPoint
0x71a0

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 31b222c5043064d4644b82151fa9aa9f
SHA1 6980b9b39e2f4a906a18b473f819ea6c0aa21742
SHA256 721b51167606841c4badb9cab775c06782a0bb7e8b790b84b6e9ba9e3865162c
ssdeep
49152:af/MysATJvpZWI3geGwG3cgcWsS6ZB4CZZSpIxawtcWahNEJ7k6:asysA9vpZWIzGwG3cc6b4hpIFcpOr

authentihash d29b70ab2cf58b7be171d7c242bf1f655bf6520281c6c249e7ebb694d9c08160
imphash 6c6e8576f6d86b0e67e45f26ef4de96d
File size 2.0 MB ( 2082277 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay armadillo software-collection

VirusTotal metadata
First submission 2007-08-18 14:22:22 UTC ( 10 years, 4 months ago )
Last submission 2017-11-01 23:38:01 UTC ( 1 month, 2 weeks ago )
File names file-3471535_exe
scrabblewin.exe
file
file
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0929.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Opened service managers
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.