× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 876e82910a2da4ccc4fc861b35f6b3bea9b09219657a2da3cfb2b4cf553ab695
File name: USPS_Label_06062013.exe
Detection ratio: 18 / 47
Analysis date: 2013-06-06 20:19:16 UTC ( 5 years, 11 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen8 20130606
BitDefender Gen:Heur.VIZ.7 20130606
Commtouch W32/Trojan.RJEE-6310 20130606
DrWeb Trojan.PWS.Stealer.2877 20130606
Emsisoft Gen:Heur.VIZ.7 (B) 20130606
ESET-NOD32 Win32/PSW.Fareit.A 20130606
F-Secure Gen:Variant.Kazy.183771 20130606
Fortinet W32/Kryptik.AGAJ!tr 20130606
GData Gen:Heur.VIZ.7 20130606
Kaspersky UDS:DangerousObject.Multi.Generic 20130606
Malwarebytes Malware.Packer.EGX6 20130606
McAfee RDN/Generic.grp!eu 20130606
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20130606
eScan Gen:Heur.VIZ.7 20130606
Norman Hlux.ZY 20130606
Rising Backdoor.Agent!5492 20130606
Sophos AV Troj/Ransom-WB 20130606
TrendMicro-HouseCall TROJ_GEN.F47V0606 20130606
Yandex 20130606
AhnLab-V3 20130606
Antiy-AVL 20130606
Avast 20130606
AVG 20130606
ByteHero 20130606
CAT-QuickHeal 20130606
ClamAV 20130606
Comodo 20130606
eSafe 20130606
F-Prot 20130605
Ikarus 20130606
Jiangmin 20130606
K7AntiVirus 20130606
K7GW 20130606
Kingsoft 20130506
Microsoft 20130606
NANO-Antivirus 20130606
nProtect 20130606
Panda 20130606
PCTools 20130521
SUPERAntiSpyware 20130606
Symantec 20130606
TheHacker 20130605
TotalDefense 20130606
TrendMicro 20130606
VBA32 20130606
VIPRE 20130606
ViRobot 20130606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-08 12:02:03
Entry Point 0x000012DE
Number of sections 6
PE sections
PE imports
GetPrivateProfileSectionW
AddAtomW
GetStartupInfoA
GetDriveTypeW
CancelIo
GetFileAttributesA
LoadLibraryW
DeleteFileA
SetEvent
lstrcpyA
CopyFileA
Sleep
HeapSize
HeapDestroy
VirtualProtect
GetCommandLineA
lstrlenW
WriteConsoleW
GetProcessHeap
DllGetClassObject
DllCanUnloadNow
DllRegisterServer
GetThemeTextExtent
DrawThemeBackground
DrawThemeEdge
GetWindowTheme
GetThemeBool
IsThemeActive
OpenThemeData
CloseThemeData
GetThemeSysSize
GetThemeColor
SetWindowTheme
GetThemeTextMetrics
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
FRENCH BELGIAN 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:11:08 13:02:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1024

LinkerVersion
0.255

Warning
Possibly corrupt Version resource

EntryPoint
0x12de

InitializedDataSize
108032

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3990dda8d51f1cb979b4965c8f9c2dc2
SHA1 77b2fd42d826649c83fceedad3f33ba52169f8ee
SHA256 876e82910a2da4ccc4fc861b35f6b3bea9b09219657a2da3cfb2b4cf553ab695
ssdeep
3072:FOnkpP08DH7ygszxc2CtSwvp4yIc1vOID9Pu5m8F9TqlOmnGExWX5e:RNDH2jz2nEMOg1GIDMJF9mlO2G0

authentihash b12090a68453e9d7cfbeca52e2dfdcb19070a083a13963fcc8bc1105322cb462
imphash f48c79633b366154f0103a156d290999
File size 108.5 KB ( 111104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe attachment

VirusTotal metadata
First submission 2013-06-06 14:53:37 UTC ( 5 years, 11 months ago )
Last submission 2017-12-06 18:16:04 UTC ( 1 year, 5 months ago )
File names 1FB021
3990dda8d51f1cb979b4965c8f9c2dc2.exe
comendo-19-1371209444
005732133
ldr_dot-milan.exe
comendo-19
comendo-18
comendo-19-1371209444
USPS_Label_699653814141.zip
3990dda8d51f1cb979b4965c8f9c2dc2
USPS_Label_097044076837.zip
3990dda8d51f1cb979b4965c8f9c2dc2
USPS_Label_717288221977.zip
USPS_Label_798009791368.zip
USPS_Label_206782087079.exe
vt-upload-T8rqL
USPS_Label_948864135960.zip
USPS_Label_189536840811.zip
malekal_3990dda8d51f1cb979b4965c8f9c2dc2
USPS_Label_06062013.exe
USPS_Label_414196564517.zip
USPS_Label_615928438065.zip
file-5784139_zip
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections