× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82b0120dc84acf76d839107997d217a1c0eb3b7f549039db34d009d41b4c7a94
File name: fictions.scr
Detection ratio: 5 / 65
Analysis date: 2018-02-22 11:25:29 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cylance Unsafe 20180222
Endgame malicious (high confidence) 20180216
Palo Alto Networks (Known Signatures) generic.ml 20180222
Tencent Suspicious.Heuristic.Gen.b.0 20180222
Ad-Aware 20180222
AhnLab-V3 20180222
Alibaba 20180222
ALYac 20180222
Arcabit 20180222
Avast 20180222
Avast-Mobile 20180221
AVG 20180222
Avira (no cloud) 20180222
AVware 20180222
Baidu 20180208
BitDefender 20180222
Bkav 20180212
CAT-QuickHeal 20180222
ClamAV 20180222
CMC 20180222
Comodo 20180222
Cybereason 20180205
Cyren 20180222
DrWeb 20180222
eGambit 20180222
Emsisoft 20180222
ESET-NOD32 20180222
F-Prot 20180222
F-Secure 20180222
Fortinet 20180222
GData 20180222
Ikarus 20180222
Sophos ML 20180121
Jiangmin 20180222
K7AntiVirus 20180222
K7GW 20180222
Kaspersky 20180222
Kingsoft 20180222
MAX 20180222
McAfee 20180221
McAfee-GW-Edition 20180222
Microsoft 20180222
eScan 20180222
NANO-Antivirus 20180222
nProtect 20180222
Panda 20180221
Qihoo-360 20180222
Rising 20180222
SentinelOne (Static ML) 20180115
Sophos AV 20180222
SUPERAntiSpyware 20180221
Symantec 20180222
Symantec Mobile Insight 20180220
TheHacker 20180219
TotalDefense 20180222
TrendMicro 20180222
TrendMicro-HouseCall 20180222
Trustlook 20180222
VBA32 20180221
VIPRE 20180222
ViRobot 20180222
Webroot 20180222
WhiteArmor 20180205
Yandex 20180222
Zillya 20180221
ZoneAlarm by Check Point 20180222
Zoner 20180222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2006-2016 Qualifacts Systems Flower, Inc.

Product Him Wife
Original name Cardspread.exe
Internal name Him Wife
File version 12, 1, 2721, 6737
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-04-18 22:31:04
Entry Point 0x00019446
Number of sections 4
PE sections
PE imports
RegCreateKeyA
RegQueryValueExA
RegCloseKey
GetDeviceCaps
SetAbortProc
TextOutA
EndDoc
CombineRgn
AbortDoc
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
MoveFileA
InitializeCriticalSection
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetFileSize
GetStartupInfoW
GetCPInfo
GetProcAddress
GetProcessHeap
WaitNamedPipeA
IsValidLocale
GetUserDefaultLCID
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
IsBadReadPtr
NetGetAnyDCName
NetWkstaSetInfo
NetApiBufferFree
ReleaseDC
SetWindowTextA
ScrollWindow
SetPropA
EndPaint
BeginPaint
EnumWindows
GetClassInfoExA
GetDlgItem
SetWindowLongA
PostQuitMessage
DefWindowProcA
GetWindow
IsIconic
GetMenuItemID
CallNextHookEx
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 9
RT_RCDATA 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.1.2721.6737

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
590848

EntryPoint
0x19446

OriginalFileName
Cardspread.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2006-2016 Qualifacts Systems Flower, Inc.

FileVersion
12, 1, 2721, 6737

TimeStamp
2007:04:18 15:31:04-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Him Wife

ProductVersion
12, 1, 2721, 6737

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Qualifacts Systems Flower

CodeSize
173056

ProductName
Him Wife

ProductVersionNumber
12.1.2721.6737

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 84643e32a9c82e4c10943aa059d2e389
SHA1 b7de17bf9af2287926a2b618cef2f12f33a4c0b5
SHA256 82b0120dc84acf76d839107997d217a1c0eb3b7f549039db34d009d41b4c7a94
ssdeep
6144:vsuQORSuyCqdJeuTCo1cgCXVhfAuhPezG/mgJSJPKi6WMawIdA:UFOMLCywt9gCXV7hyc2weA

authentihash 9896904ed6b8f78a39492a3ed8da12212fb6a85909dd37ec42dd37bc1d13b2b3
imphash 07683c69ea3db6fef4d66065fde4f2d4
File size 721.5 KB ( 738816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-02-22 11:25:29 UTC ( 1 year, 2 months ago )
Last submission 2018-07-16 07:23:55 UTC ( 9 months, 1 week ago )
File names VirusShare_84643e32a9c82e4c10943aa059d2e389
fictions.scr
Him Wife
fictions.scr
fictions.scr
fictions.scr
fictions.scr
Cardspread.exe
flareFile
58111546.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs