× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 891f5c4ca2a835e32b773b6179b21e9737000a862bce81229fbc8b8930992e38
File name: Sscanner15081208190.exe
Detection ratio: 5 / 54
Analysis date: 2015-08-24 11:01:38 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.6E78 20150824
Fortinet W32/Waski.K!tr 20150824
Kaspersky HEUR:Trojan.Win32.Generic 20150824
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150824
Sophos AV Mal/Generic-S 20150824
Ad-Aware 20150824
AegisLab 20150824
Yandex 20150822
AhnLab-V3 20150824
ALYac 20150824
Antiy-AVL 20150824
Arcabit 20150824
Avast 20150824
AVG 20150824
AVware 20150824
Baidu-International 20150824
BitDefender 20150824
ByteHero 20150824
CAT-QuickHeal 20150824
ClamAV 20150824
CMC 20150824
Comodo 20150824
Cyren 20150824
DrWeb 20150824
Emsisoft 20150824
ESET-NOD32 20150824
F-Prot 20150824
F-Secure 20150824
GData 20150824
Ikarus 20150824
Jiangmin 20150823
K7AntiVirus 20150824
K7GW 20150824
Kingsoft 20150824
Malwarebytes 20150824
McAfee 20150824
McAfee-GW-Edition 20150823
Microsoft 20150824
eScan 20150824
NANO-Antivirus 20150824
nProtect 20150824
Panda 20150824
Rising 20150823
SUPERAntiSpyware 20150822
Symantec 20150823
Tencent 20150824
TheHacker 20150824
TrendMicro 20150824
TrendMicro-HouseCall 20150824
VBA32 20150822
VIPRE 20150824
ViRobot 20150824
Zillya 20150824
Zoner 20150824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-10-16 12:02:07
Entry Point 0x000030B6
Number of sections 4
PE sections
Overlays
MD5 5e2d1e9039e382333d9f9aea0c2ec912
File type data
Offset 159744
Size 52879
Entropy 7.79
PE imports
GetColorAdjustment
StartDocA
GetICMProfileA
SetICMMode
GetKerningPairsA
GetCharABCWidthsA
SetPaletteEntries
GetEnhMetaFilePaletteEntries
LineDDA
StretchBlt
CreateHatchBrush
GetStartupInfoA
GetModuleHandleA
LoadLibraryW
_except_handler3
_acmdln
_adjust_fdiv
__p__fmode
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_exit
_controlfp
__set_app_type
StrCSpnIW
SHRegSetUSValueA
SHRegOpenUSKeyA
StrToIntW
SHGetValueW
SHRegGetBoolUSValueA
EmptyClipboard
OpenDesktopW
SetWindowsHookExA
MapDialogRect
ImpersonateDdeClientWindow
GetUpdateRgn
SetMenu
ChangeDisplaySettingsExA
DrawIconEx
CharUpperW
LoadCursorFromFileA
GrayStringA
GetCapture
SubtractRect
GetCursor
SetDoubleClickTime
GetMenuCheckMarkDimensions
GetMessageW
SetScrollPos
DialogBoxIndirectParamA
GetMenuStringW
InternetOpenUrlA
GetUrlCacheEntryInfoExA
InternetDial
CoIsOle1Class
OleLoadFromStream
CoGetObject
Number of PE resources by type
RT_STRING 100
RT_ICON 10
RT_MENU 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH JAMAICA 114
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.117.228.45

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Domiciliary

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
897024

EntryPoint
0x30b6

MIMEType
application/octet-stream

LegalCopyright
Copyright 2068

FileVersion
46, 3, 164, 63

TimeStamp
2005:10:16 13:02:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Disparaging

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Vonage Holdings

CodeSize
12288

ProductName
Distortion Gallantries

ProductVersionNumber
0.26.149.180

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ba3beecb0b939a09a07ead5300028564
SHA1 6b839a74aeb1e1d3dfbacde30efad6e4066ef3f1
SHA256 891f5c4ca2a835e32b773b6179b21e9737000a862bce81229fbc8b8930992e38
ssdeep
3072:xDTDrtr+7a3OzgAxmYA+d1WfLIj9iKs75J9CLWDQbwqysv75fL1212coO:/MaezJmN2WfEjI75nuWDQbmQ75jsGO

authentihash 9d3a326b22c692e950d4df2d1d9f5d9654a5a945986ea45e66880a729c4e65cd
imphash 3efe2aac3c6daea983c3e2617fa3c32e
File size 207.6 KB ( 212623 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-08-24 09:24:08 UTC ( 3 years, 9 months ago )
Last submission 2018-10-09 10:37:27 UTC ( 7 months, 2 weeks ago )
File names sscanner15081208190.exe.vir
891f5c4ca2a835e32b773b6179b21e9737000a862bce81229fbc8b8930992e38.bin
ba3beecb0b939a09a07ead5300028564.exe
1.exe
BA3BEECB0B939A09A07EAD5300028564
891f5c4ca2a835e32b773b6179b21e9737000a862bce81229fbc8b8930992e38.exe
Sscanner15081208190.exe
Sscanner15081208190.exe
ba3beecb0b939a09a07ead5300028564.vir
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.