× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 725ab6433b6b2bf50ca82b38176f8b44ef8ad4f26efef3c8a90e2b9f204cf831
File name: octet-stream
Detection ratio: 1 / 55
Analysis date: 2015-04-24 19:52:31 UTC ( 4 years ago )
Antivirus Result Update
TheHacker Trojan/FakeTool.ai 20150501
Ad-Aware 20150501
AegisLab 20150501
Yandex 20150501
AhnLab-V3 20150501
Alibaba 20150501
ALYac 20150501
Antiy-AVL 20150501
Avast 20150501
AVG 20150501
AVware 20150501
Baidu-International 20150501
BitDefender 20150501
Bkav 20150425
ByteHero 20150502
CAT-QuickHeal 20150430
ClamAV 20150501
CMC 20150501
Comodo 20150501
Cyren 20150501
DrWeb 20150501
Emsisoft 20150501
ESET-NOD32 20150501
F-Prot 20150501
F-Secure 20150501
Fortinet 20150501
GData 20150501
Ikarus 20150501
Jiangmin 20150430
K7AntiVirus 20150501
K7GW 20150501
Kaspersky 20150501
Kingsoft 20150502
McAfee 20150501
McAfee-GW-Edition 20150501
Microsoft 20150501
eScan 20150501
NANO-Antivirus 20150501
Norman 20150501
nProtect 20150430
Panda 20150501
Qihoo-360 20150502
Rising 20150501
Sophos AV 20150501
SUPERAntiSpyware 20150501
Symantec 20150501
Tencent 20150502
TotalDefense 20150430
TrendMicro 20150501
TrendMicro-HouseCall 20150501
VBA32 20150501
VIPRE 20150501
ViRobot 20150501
Zillya 20150501
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Keskin Yazýlým Güzellik Salonu Takip Yükleme Programý
File version 2, 0, 0, 36
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-11 21:07:00
Entry Point 0x0001B982
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueA
RegQueryValueExA
AdjustTokenPrivileges
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
AddFontResourceA
GetSystemPaletteEntries
CreateHalftonePalette
CreateFontIndirectA
SetStretchBltMode
GetDeviceCaps
DeleteDC
SetBkMode
CreateDIBPatternBrush
BitBlt
RealizePalette
SetTextColor
CreatePalette
GetStockObject
SelectPalette
ExtTextOutA
CreateCompatibleDC
StretchDIBits
SetBrushOrgEx
RemoveFontResourceA
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetFileAttributesA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
FreeLibrary
MoveFileA
GetExitCodeProcess
GetEnvironmentVariableA
FindClose
FormatMessageA
CopyFileA
HeapAlloc
GetModuleFileNameA
GetPrivateProfileStringA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
GetVersion
SetCurrentDirectoryA
HeapFree
SetHandleCount
GetOEMCP
GetTickCount
IsBadWritePtr
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GetProcAddress
CompareStringW
FindFirstFileA
CompareStringA
FindNextFileA
GlobalLock
GetTimeZoneInformation
GetFileType
CreateFileA
ExitProcess
GetLastError
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetShortPathNameA
HeapCompact
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
SetFileTime
GetCurrentDirectoryA
WinExec
GetCommandLineA
SetFilePointer
OpenFile
ReadFile
CloseHandle
GetACP
CreateProcessA
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SetFocus
RedrawWindow
GetParent
EnableWindow
UpdateWindow
EndDialog
BeginPaint
CheckRadioButton
KillTimer
PostQuitMessage
DefWindowProcA
FindWindowA
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowPos
AdjustWindowRectEx
TranslateMessage
DialogBoxParamA
GetWindow
GetSysColor
CheckDlgButton
SetWindowLongA
DrawTextA
SetWindowTextA
wsprintfA
ShowWindow
GetLastActivePopup
IsWindowVisible
SendMessageA
IsWindowEnabled
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
BringWindowToTop
IsIconic
RegisterClassA
SendMessageTimeoutA
InvalidateRect
GetWindowLongA
IsClipboardFormatAvailable
SetTimer
LoadCursorA
LoadIconA
GetMessageA
FillRect
IsDlgButtonChecked
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
EndPaint
CloseClipboard
DestroyWindow
ExitWindowsEx
IsDialogMessageA
OpenClipboard
GetFileVersionInfoSizeA
VerFindFileA
GetFileVersionInfoA
VerQueryValueA
GetOpenFileNameA
OleUninitialize
CoCreateInstance
CoGetMalloc
OleInitialize
Number of PE resources by type
RT_ICON 5
RT_DIALOG 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.36

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
53248

EntryPoint
0x1b982

MIMEType
application/octet-stream

FileVersion
2, 0, 0, 36

TimeStamp
2009:12:11 22:07:00+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 0, 0, 36

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
139264

ProductName
Keskin Yaz l m G zellik Salonu Takip Y kleme Program

ProductVersionNumber
2.0.0.36

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8b2407119a7be56f65c7601c65c2c513
SHA1 8629e8de31f983e2b508715899d02718e5433614
SHA256 725ab6433b6b2bf50ca82b38176f8b44ef8ad4f26efef3c8a90e2b9f204cf831
ssdeep
98304:qC2u5bZGlwnc8U3UyOByLIcyehmj60n6jkKiZ4qLIzH:/5ZGlwnciVILSj36jiIzH

authentihash 1f9a82e7c3d3008d58e4fc5721b8f1df86aab0234d065470ad9550536e902400
imphash 90afa92d873238ff3b805cbd75c43898
File size 5.0 MB ( 5278011 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows Screen Saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-12-25 01:38:19 UTC ( 6 years, 4 months ago )
Last submission 2013-06-09 00:19:07 UTC ( 5 years, 11 months ago )
File names 725ab6433b6b2bf50ca82b38176f8b44ef8ad4f26efef3c8a90e2b9f204cf831
octet-stream
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications