× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7dbab99fb8f5696ee1e52f17e03cef09c1d152ea14499a7d2f028110498a11f3
File name: ENEL_Bolletta.exe
Detection ratio: 4 / 54
Analysis date: 2016-02-12 09:48:56 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dropper.Gen 20160212
ESET-NOD32 a variant of Win32/Injector.CSEF 20160212
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160212
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160212
Ad-Aware 20160212
AegisLab 20160212
Yandex 20160211
AhnLab-V3 20160211
Alibaba 20160204
Antiy-AVL 20160211
Arcabit 20160212
Avast 20160212
AVG 20160212
Baidu-International 20160212
BitDefender 20160212
Bkav 20160204
ByteHero 20160212
CAT-QuickHeal 20160212
ClamAV 20160212
CMC 20160205
Comodo 20160212
Cyren 20160212
DrWeb 20160212
Emsisoft 20160212
F-Prot 20160212
F-Secure 20160212
Fortinet 20160212
GData 20160212
Ikarus 20160212
Jiangmin 20160212
K7AntiVirus 20160212
K7GW 20160212
Kaspersky 20160212
Malwarebytes 20160212
McAfee 20160212
McAfee-GW-Edition 20160212
Microsoft 20160212
eScan 20160212
NANO-Antivirus 20160212
nProtect 20160211
Panda 20160210
Sophos AV 20160212
SUPERAntiSpyware 20160212
Symantec 20160211
Tencent 20160212
TheHacker 20160212
TotalDefense 20160212
TrendMicro 20160212
TrendMicro-HouseCall 20160212
VBA32 20160211
VIPRE 20160212
ViRobot 20160212
Zillya 20160211
Zoner 20160212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-08-13 10:02:51
Entry Point 0x0000E1E0
Number of sections 4
PE sections
Overlays
MD5 ee2783b3712ab69401f430640c22ae87
File type data
Offset 544768
Size 1090
Entropy 6.27
PE imports
CreatePolygonRgn
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
GetBkMode
CreateICW
SetDeviceGammaRamp
LPtoDP
GetClipBox
ModifyWorldTransform
GetDeviceCaps
CreateDCA
DeleteDC
SetMetaFileBitsEx
ScaleViewportExtEx
GetTextExtentExPointW
FillPath
CreateDCW
GetCharWidthA
GetObjectA
GetCurrentObject
RectVisible
GetStockObject
GetCurrentPositionEx
SelectPalette
GetOutlineTextMetricsW
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchBlt
SetStretchBltMode
CloseEnhMetaFile
SetBrushOrgEx
EndPage
GetWinMetaFileBits
EnumEnhMetaFile
ExtCreatePen
SetTextCharacterExtra
GetTextExtentPoint32W
ImmSetOpenStatus
AreFileApisANSI
GetCommTimeouts
GetEnvironmentStrings
DosDateTimeToFileTime
GetCurrentDirectoryW
GetShortPathNameW
GetStartupInfoA
GetModuleHandleA
GetPrivateProfileIntA
GetVolumeInformationW
GetProcessPriorityBoost
Ord(324)
Ord(3825)
Ord(2648)
Ord(3147)
Ord(2124)
Ord(5199)
Ord(3830)
Ord(4627)
Ord(3597)
Ord(4234)
Ord(4853)
Ord(3136)
Ord(1036)
Ord(2982)
Ord(3079)
Ord(3262)
Ord(1064)
Ord(1057)
Ord(5241)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(1010)
Ord(3798)
Ord(3259)
Ord(3081)
Ord(5065)
Ord(4407)
Ord(2446)
Ord(6374)
Ord(4079)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(3346)
Ord(1083)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(1168)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(1043)
Ord(4486)
Ord(5300)
Ord(4698)
Ord(4998)
Ord(3922)
Ord(1068)
Ord(4353)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2512)
Ord(5277)
Ord(4441)
Ord(1003)
Ord(4274)
Ord(1050)
Ord(5261)
Ord(4465)
Ord(1085)
Ord(5731)
__p__fmode
fputc
__CxxFrameHandler
_acmdln
_futime
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
atexit
_rmtmp
__getmainargs
_initterm
_controlfp
atof
_adjust_fdiv
__set_app_type
RasHangUpA
UnionRect
Number of PE resources by type
RT_RCDATA 12
RT_ICON 10
RT_GROUP_ICON 5
RT_DIALOG 2
skEw73221 1
mX0661y 1
N8R4Tm 1
aGQ18 1
R4o71 1
iu2RC5 1
nmsvg1 1
sWct0 1
Gr7W2 1
CqCN2w6 1
RT_VERSION 1
BLdC3Q40M 1
Number of PE resources by language
NEUTRAL 41
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.237.123.16

UninitializedDataSize
0

LanguageCode
Unknown (DIAG)

FileFlagsMask
0x003f

CharacterSet
Unknown (ONALISING)

InitializedDataSize
483328

EntryPoint
0xe1e0

MIMEType
application/octet-stream

LegalCopyright
2010 (C) 2012

FileVersion
0.38.72.211

TimeStamp
2006:08:13 11:02:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Coprocessors

ProductVersion
0.48.250.33

FileDescription
Dampen Elaborate Glasshouse

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Thinking Man Software

CodeSize
57344

ProductName
Giant Gecko

ProductVersionNumber
0.6.3.201

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 de224ab121d3dd985a082b68e0fefa74
SHA1 32af81c6d9231835a2edbc47f98caf2eacc2c10a
SHA256 7dbab99fb8f5696ee1e52f17e03cef09c1d152ea14499a7d2f028110498a11f3
ssdeep
12288:6tpvVvZ+H4N/IGYtWwadKbT+EZCd1Gfr1avghaCeLTZSpkhXZZFCPRvTE:6bdvZ+H4CVYL8T+oYCrUvghxMTZDtFCq

authentihash 62f87b671a008a46e3604f623a16a22e3fce6752de17049a60d969ef1c0f2461
imphash f1220a917cf558df8c8e43a4dc37729f
File size 533.1 KB ( 545858 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-12 09:48:44 UTC ( 3 years, 2 months ago )
Last submission 2016-02-12 16:07:14 UTC ( 3 years, 2 months ago )
File names ENEL_Bolletta.exe
turkcell
32af81c6d9231835a2edbc47f98caf2eacc2c10a.exe
TURKCELL_FATURA.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!