× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7fe5a4e51075c9eabaf5ce3a5680d79114c721888c9eaa972a2df9a1c6351e6c
File name: TURKTELEKOM_FATURA.exe
Detection ratio: 6 / 56
Analysis date: 2016-04-04 21:57:05 UTC ( 3 years ago ) View latest
Antivirus Result Update
AegisLab Troj.GameThief.W32.OnLineGames 20160404
Baidu Win32.Trojan.WisdomEyes.151026.9950.9997 20160404
Kaspersky UDS:DangerousObject.Multi.Generic 20160404
McAfee-GW-Edition BehavesLike.Win32.PackedAP.hh 20160404
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160404
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160404
Ad-Aware 20160404
AhnLab-V3 20160404
Alibaba 20160401
ALYac 20160404
Antiy-AVL 20160404
Arcabit 20160404
Avast 20160404
AVG 20160404
Avira (no cloud) 20160404
AVware 20160404
Baidu-International 20160404
BitDefender 20160404
Bkav 20160404
CAT-QuickHeal 20160404
ClamAV 20160404
CMC 20160404
Comodo 20160404
Cyren 20160404
DrWeb 20160404
Emsisoft 20160404
ESET-NOD32 20160404
F-Prot 20160404
F-Secure 20160404
Fortinet 20160404
GData 20160404
Ikarus 20160404
Jiangmin 20160404
K7AntiVirus 20160404
K7GW 20160404
Kingsoft 20160404
Malwarebytes 20160404
McAfee 20160404
Microsoft 20160404
eScan 20160404
NANO-Antivirus 20160404
nProtect 20160404
Panda 20160404
Sophos AV 20160404
SUPERAntiSpyware 20160404
Symantec 20160331
Tencent 20160404
TheHacker 20160403
TrendMicro 20160404
TrendMicro-HouseCall 20160404
VBA32 20160404
VIPRE 20160404
ViRobot 20160404
Yandex 20160316
Zillya 20160404
Zoner 20160404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-04 00:04:43
Entry Point 0x00017E42
Number of sections 4
PE sections
Overlays
MD5 c46bef50086c118b06d51d4e992a18f4
File type data
Offset 327680
Size 201076
Entropy 6.99
PE imports
PathRemoveArgsA
PathFindExtensionA
PathStripPathA
PathIsUNCA
PathRemoveBackslashA
PathIsDirectoryA
SHRegGetUSValueW
PathCanonicalizeA
PathIsUNCW
StrToIntW
SHSetValueA
PathGetArgsW
PathIsRelativeW
StrNCatA
PathIsDirectoryW
PathRemoveBackslashW
PathGetDriveNumberA
StrToIntExW
SHRegGetUSValueA
StrTrimW
PathFileExistsW
PathMakeSystemFolderA
PathCombineA
SHDeleteValueA
PathStripToRootA
PathAddBackslashW
SHGetValueA
SHGetValueW
StrCmpIW
PathFindOnPathA
PathStripToRootW
PathCombineW
PathIsRelativeA
SHCreateShellPalette
PathRemoveExtensionW
StrCSpnIW
PathRemoveFileSpecW
StrToIntA
PathIsRootA
PathIsUNCServerW
StrCpyW
SHRegSetUSValueW
SHDeleteKeyA
PathAppendW
PathRenameExtensionA
PathRemoveFileSpecA
ChrCmpIA
SHRegOpenUSKeyW
PathAddExtensionA
PathFindFileNameW
PathRemoveBlanksA
PathIsRootW
PathFindFileNameA
SHQueryValueExW
StrTrimA
SHRegGetBoolUSValueW
SHDeleteEmptyKeyA
PathFindExtensionW
PathFileExistsA
GetFileVersionInfoSizeA
midiInGetErrorTextA
sndPlaySoundA
mixerGetLineControlsA
mciSendStringA
mixerOpen
waveInGetDevCapsA
waveOutGetNumDevs
joyGetPosEx
waveOutClose
waveOutMessage
timeGetTime
midiOutOpen
waveInClose
mmioOpenA
OpenDriver
mixerGetID
mixerGetDevCapsA
midiOutGetNumDevs
mmioRead
timeGetSystemTime
joySetCapture
mixerGetDevCapsW
waveOutWrite
mciSendCommandA
Number of PE resources by type
RT_DIALOG 8
RT_ICON 5
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 9
SLOVENIAN DEFAULT 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.254.12.115

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3121152

EntryPoint
0x17e42

OriginalFileName
Spicier.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
37, 47, 240, 42

TimeStamp
2014:02:04 01:04:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Smarted

ProductVersion
205, 9, 60, 203

FileDescription
Unassisted

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SPIS Ltd, New Zealand

CodeSize
98304

ProductName
SPIS Ltd, New Zealand Teach

ProductVersionNumber
0.237.36.233

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 4ce1e45085dc6cb5c873796b39abad62
SHA1 e4d58d04fb779585b1fe6140f900b78deb96e379
SHA256 7fe5a4e51075c9eabaf5ce3a5680d79114c721888c9eaa972a2df9a1c6351e6c
ssdeep
12288:UfKKTRVz/i8sa+qsJnaPagrYOF8dtEKS/EOvZSz:UJXjG+sJbgB83DuERz

authentihash d834a248598dac67bb3ed3ed77b33235fd2c6f4c423e3fff0330772c5582c765
imphash eb0a3e9f0159f039162f16650d58628d
File size 516.4 KB ( 528756 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-04-04 21:34:24 UTC ( 3 years ago )
Last submission 2016-04-04 21:57:05 UTC ( 3 years ago )
File names informacion_13771.exe
TURKTELEKOM_FATURA.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!