× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 809154e0402366e7dfb272ea1620cc4a7b1d03ea0c6880835d394d117608fda9
File name: Statement - Copy.exe
Detection ratio: 6 / 50
Analysis date: 2014-03-13 12:54:30 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
AntiVir TR/Yarwi.B.210 20140313
Avast Win32:Malware-gen 20140313
ESET-NOD32 a variant of Win32/Kryptik.BXBY 20140313
McAfee Downloader-FSH!D4DE8BBD2BDE 20140313
Panda Trj/Zbot.M 20140313
Qihoo-360 HEUR/Malware.QVM20.Gen 20140313
AVG 20140312
Ad-Aware 20140313
Agnitum 20140312
AhnLab-V3 20140313
Antiy-AVL 20140311
Baidu-International 20140313
BitDefender 20140313
Bkav 20140313
ByteHero 20140313
CAT-QuickHeal 20140313
CMC 20140313
ClamAV 20140312
Commtouch 20140313
Comodo 20140313
DrWeb 20140313
Emsisoft 20140313
F-Prot 20140313
F-Secure 20140313
Fortinet 20140313
GData 20140313
Ikarus 20140313
Jiangmin 20140313
K7AntiVirus 20140312
K7GW 20140312
Kaspersky 20140313
Kingsoft 20140313
Malwarebytes 20140313
McAfee-GW-Edition 20140313
MicroWorld-eScan 20140313
Microsoft 20140313
NANO-Antivirus 20140313
Norman 20140313
Rising 20140313
SUPERAntiSpyware 20140313
Sophos 20140313
Symantec 20140313
TheHacker 20140312
TotalDefense 20140313
TrendMicro 20140313
TrendMicro-HouseCall 20140313
VBA32 20140313
VIPRE 20140313
ViRobot 20140313
nProtect 20140313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-27 20:38:07
Link date 9:38 PM 1/27/2012
Entry Point 0x00001AB5
Number of sections 3
PE sections
PE imports
GetModuleHandleA
HeapAlloc
CloseHandle
GetProcessHeap
InsertMenuA
CharLowerA
CreateMenu
CreatePopupMenu
EndDialog
ShowCursor
PostMessageA
SendMessageA
MessageBoxA
GetDlgItem
DestroyCursor
DialogBoxParamA
DestroyMenu
CreateCursor
Number of PE resources by type
RT_BITMAP 3
RT_GROUP_ICON 1
RT_DIALOG 1
RT_ICON 1
Number of PE resources by language
ENGLISH US 6
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:01:27 21:38:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3072

LinkerVersion
7.1

FileAccessDate
2014:11:07 17:08:31+01:00

EntryPoint
0x1ab5

InitializedDataSize
16384

SubsystemVersion
5.0

ImageVersion
3.2

OSVersion
5.0

FileCreateDate
2014:11:07 17:08:31+01:00

UninitializedDataSize
0

File identification
MD5 d4de8bbd2bdee1211ae97d0bb79ab65f
SHA1 8e5e394d8fcbe80089adc6691400312410cfeac8
SHA256 809154e0402366e7dfb272ea1620cc4a7b1d03ea0c6880835d394d117608fda9
ssdeep
192:0aWjyh/fBFJtS/liOhMwb5QRLjMR+/vJ8vXkghW3USoQkC4duC8ffbQSEy:YyheNitu2RLjpH9ghe91kCh0SE

authentihash 76aee39fbff3843898be4fb46fd3d0699169776faa82fbb8007b0a8806e14850
imphash 397a95116b500848ae2a01af5f88df45
File size 20.0 KB ( 20480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-13 09:48:21 UTC ( 11 months, 3 weeks ago )
Last submission 2014-11-07 16:03:24 UTC ( 3 months, 3 weeks ago )
File names 8E5E394D8FCBE80089ADC6691400312410CFEAC8
d4de8bbd2bdee1211ae97d0bb79ab65f
c-3cde4-2399-1394703902
Statement.scr-2014-03-13.21-00-02.txt
Statement - Copy.exe
d4de8bbd2bdee1211ae97d0bb79ab65f
file-6714894_scr
Statement.scr
vti-rescan
Statement.exe
d4de8bbd2bdee1211ae97d0bb79ab65f.scr
d4de8bbd2bdee1211ae97d0bb79ab65f.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections