× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 804984119700ce1c8cc59840905d47fdcfcf7acad98c1bbae73ad7a55071d269
File name: leverans.exe
Detection ratio: 0 / 55
Analysis date: 2015-10-22 22:05:43 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151022
AegisLab 20151022
Yandex 20151021
AhnLab-V3 20151022
Alibaba 20151022
ALYac 20151022
Antiy-AVL 20151022
Arcabit 20151022
Avast 20151022
AVG 20151022
Avira (no cloud) 20151022
AVware 20151022
Baidu-International 20151022
BitDefender 20151022
Bkav 20151022
ByteHero 20151022
CAT-QuickHeal 20151022
ClamAV 20151022
CMC 20151021
Comodo 20151022
Cyren 20151022
DrWeb 20151022
Emsisoft 20151022
ESET-NOD32 20151022
F-Prot 20151022
F-Secure 20151022
Fortinet 20151022
GData 20151022
Ikarus 20151022
Jiangmin 20151021
K7AntiVirus 20151022
K7GW 20151022
Kaspersky 20151022
Malwarebytes 20151022
McAfee 20151022
McAfee-GW-Edition 20151022
Microsoft 20151022
eScan 20151022
NANO-Antivirus 20151022
nProtect 20151022
Panda 20151022
Qihoo-360 20151022
Rising 20151022
Sophos AV 20151022
SUPERAntiSpyware 20151022
Symantec 20151022
Tencent 20151022
TheHacker 20151020
TrendMicro 20151022
TrendMicro-HouseCall 20151022
VBA32 20151022
VIPRE 20151022
ViRobot 20151022
Zillya 20151022
Zoner 20151022
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-02 15:03:22
Entry Point 0x00015686
Number of sections 4
PE sections
PE imports
RegOpenKeyA
RegCreateKeyExA
OpenServiceA
RegSetValueExW
DeregisterEventSource
RegReplaceKeyW
QueryServiceConfigA
RegEnumKeyExW
RegCreateKeyW
LsaAddAccountRights
InitiateSystemShutdownW
QueryServiceConfig2W
RegOpenKeyExA
RegConnectRegistryA
ChangeServiceConfigW
UnlockServiceDatabase
RegisterServiceCtrlHandlerA
LogonUserW
SetDIBits
GetTextCharsetInfo
GetOutlineTextMetricsA
GetCharABCWidthsW
GetWindowExtEx
SetGraphicsMode
SetBitmapBits
GetEnhMetaFileDescriptionA
SetWindowOrgEx
GetCurrentPositionEx
Arc
GetTextMetricsA
CreatePolygonRgn
MaskBlt
GetViewportOrgEx
CreateBitmap
EndPage
GetCurrentObject
UpdateColors
CreateMetaFileW
RestoreDC
CreateDCA
LineTo
GetTextExtentExPointA
CreateEllipticRgn
GetEnhMetaFileDescriptionW
RemoveFontResourceW
GetBoundsRect
GetTextExtentPointA
GetPixelFormat
CreateDIBPatternBrush
RectInRegion
GetStretchBltMode
StartPage
ChoosePixelFormat
BitBlt
GetKerningPairsA
GetFontLanguageInfo
CreateBitmapIndirect
RealizePalette
OffsetWindowOrgEx
CreatePatternBrush
SelectObject
GetCharacterPlacementW
SetEnhMetaFileBits
PlgBlt
SetAbortProc
PaintRgn
GetTextExtentPoint32W
CreateBrushIndirect
ExtTextOutA
GetCharWidthW
GetGraphicsMode
GetDIBColorTable
SetPixelFormat
SetTextAlign
FlattenPath
GetDCOrgEx
EnumFontFamiliesExA
PolyBezierTo
CreateDIBSection
StretchDIBits
SwapBuffers
CloseEnhMetaFile
BeginPath
SetBrushOrgEx
OffsetViewportOrgEx
CreateFontIndirectA
GetClipRgn
GetTextExtentPoint32A
CopyMetaFileW
GetCharWidth32W
ResetDCA
CloseMetaFile
CancelDC
CreateSolidBrush
SetBitmapDimensionEx
DPtoLP
ExtCreatePen
GetMapMode
SetBkColor
SetTextCharacterExtra
PolyPolygon
LineDDA
GlobalGetAtomNameW
EnumSystemLocalesA
FreeResource
GetModuleHandleA
GetSystemDefaultLCID
Process32Next
EnumSystemCodePagesA
FreeEnvironmentStringsW
GetLocaleInfoW
CancelIo
GetProcessHeap
Ord(1775)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(2396)
Ord(3830)
Ord(2554)
Ord(4627)
Ord(1168)
Ord(2725)
Ord(3738)
Ord(4853)
Ord(641)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(5199)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(6052)
Ord(6375)
Ord(3259)
Ord(4424)
Ord(2648)
Ord(4407)
Ord(5289)
Ord(5714)
Ord(4078)
Ord(2985)
Ord(5065)
Ord(2446)
Ord(3346)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(324)
Ord(1727)
Ord(2385)
Ord(4425)
Ord(2976)
Ord(4486)
Ord(815)
Ord(3825)
Ord(5277)
Ord(3081)
Ord(5731)
Ord(4698)
Ord(4998)
Ord(3922)
Ord(4353)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(4673)
Ord(5300)
Ord(3597)
Ord(5163)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(4079)
_except_handler3
_setmbcp
__p__fmode
__CxxFrameHandler
_acmdln
_adjust_fdiv
__setusermatherr
__p__commode
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
_mbcasemap
__getmainargs
_exit
_initterm
__set_app_type
ExtractIconA
SHBrowseForFolderW
DragQueryFileW
SHChangeNotify
SHFileOperationW
SHGetDiskFreeSpaceA
SHBrowseForFolderA
DragQueryFileA
Shell_NotifyIconA
SHGetFileInfoA
Ord(180)
ShellExecuteExA
DuplicateIcon
SHGetPathFromIDListW
FindExecutableW
ShellExecuteExW
SHEmptyRecycleBinA
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListA
SHFileOperationA
SHGetMalloc
Ord(179)
ExtractAssociatedIconW
SHFreeNameMappings
SHGetSpecialFolderPathA
ExtractAssociatedIconA
SHGetSpecialFolderPathW
SHGetDataFromIDListW
SHAddToRecentDocs
DragFinish
ExtractIconExA
DoEnvironmentSubstA
DragQueryPoint
ShellExecuteA
ExtractIconExW
SHGetInstanceExplorer
SHGetSpecialFolderLocation
SHAppBarMessage
CommandLineToArgvW
DoEnvironmentSubstW
EndPaint
CountClipboardFormats
Number of PE resources by type
RT_ACCELERATOR 33
RT_ICON 12
RT_GROUP_ICON 7
RT_MENU 4
RT_DIALOG 3
kYLr1gat 1
QSmR1 1
j3jR5 1
RT_VERSION 1
Number of PE resources by language
SAAMI DEFAULT 24
SERBIAN ARABIC ALGERIA 22
ENGLISH EIRE 17
PE resources
File identification
MD5 536b57792f9ab99cc92471ed60485364
SHA1 fcccf0cf25c9ded5a6e4f6c53e7fa74141b9036d
SHA256 804984119700ce1c8cc59840905d47fdcfcf7acad98c1bbae73ad7a55071d269
ssdeep
12288:eBgezBkiYAh7dB1D+JFV6ilxXQMQ14QhybwxHcGCwoAmM+a:iz2S7T12lxXq1xsm8GCwoAAa

authentihash b20768d4b02d3bcf03f1fa7655c7818096a9bf4250e1a5aee38e8f15745ea57f
imphash aeba32f11763642ab899692aef3ce07c
File size 712.0 KB ( 729088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-22 22:05:43 UTC ( 2 years, 8 months ago )
Last submission 2015-10-27 20:04:58 UTC ( 2 years, 7 months ago )
File names leverans.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1023.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs