× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 95152c157ad86aa36f19e67b0ac5787acd24189bc69e0dfc96af6cf6f67576e3
File name: ATL23072013.exe
Detection ratio: 17 / 47
Analysis date: 2013-09-12 22:34:57 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Yandex Packed/PECompact 20130912
AhnLab-V3 Downloader/Win32.Dapato 20130912
AVG PSW.Banker6.BAQK 20130912
Baidu-International Trojan-Downloader.Win32.Dapato.qns 20130912
BitDefender Gen:Variant.Graftor.65550 20130912
ClamAV Trojan.Spy.Banker-1006 20130912
DrWeb Trojan.DownLoader10.15438 20130912
Emsisoft Gen:Variant.Graftor.65550 (B) 20130912
ESET-NOD32 a variant of Win32/Spy.Banker.ZVD 20130912
F-Secure Gen:Variant.Graftor.65550 20130912
GData Gen:Variant.Graftor.65550 20130912
Jiangmin TrojanSpy.Banker.gsh 20130903
Kaspersky Trojan-Downloader.Win32.Dapato.qns 20130912
Malwarebytes Trojan.Banker 20130912
Microsoft TrojanDownloader:Win32/Banload.ASZ 20130912
eScan Gen:Variant.Graftor.65550 20130912
Symantec WS.Reputation.1 20130912
AntiVir 20130912
Antiy-AVL 20130912
Avast 20130912
ByteHero 20130903
CAT-QuickHeal 20130912
Commtouch 20130912
Comodo 20130912
F-Prot 20130912
Fortinet 20130912
Ikarus 20130912
K7AntiVirus 20130912
K7GW 20130912
Kingsoft 20130829
McAfee 20130912
McAfee-GW-Edition 20130912
NANO-Antivirus 20130911
Norman 20130912
nProtect 20130912
Panda 20130912
PCTools 20130912
Rising 20130912
Sophos AV 20130912
SUPERAntiSpyware 20130912
TheHacker 20130912
TotalDefense 20130912
TrendMicro 20130912
TrendMicro-HouseCall 20130912
VBA32 20130912
VIPRE 20130912
ViRobot 20130912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Complemento cia
File version 10.6.10.5
Description Portugal
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx (Slim Loader) --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x001915F4
Number of sections 2
PE sections
PE imports
SHGetFolderPathA
URLDownloadToFileA
RegQueryValueExA
ImageList_SetIconSize
PrintDlgA
UnrealizeObject
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
CreateStreamOnHGlobal
SysFreeString
GetKeyboardType
VerQueryValueA
InternetGetConnectedState
OpenPrinterA
WSACleanup
Number of PE resources by type
RT_STRING 35
RT_BITMAP 21
RT_RCDATA 8
RT_ICON 8
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 80
PORTUGUESE BRAZILIAN 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.6.10.5

UninitializedDataSize
0

LanguageCode
Portuguese (Brazilian)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
2949632

EntryPoint
0x1915f4

MIMEType
application/octet-stream

FileVersion
10.6.10.5

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
10.6.10.5

FileDescription
Portugal

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Complemento

CodeSize
1640448

ProductName
Complemento cia

ProductVersionNumber
10.6.10.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6920a754156dcaaa908e630998d86522
SHA1 090320fdf810a96cb38a21245cc446688c5b8ab4
SHA256 95152c157ad86aa36f19e67b0ac5787acd24189bc69e0dfc96af6cf6f67576e3
ssdeep
49152:9aS+wRX6aChjTPW/LYGYYAaqcb4xzNmAUFIQdXW9Ki2Ihmr1:9EUX6aCuLNYYUhmPO9Ki2Ihmr1

authentihash 6134221d9db444b7245c0bb885692339f795b65dec3b70a686a3b7f7f936c304
imphash 155619f083c5064ebbbd003d3d3cff00
File size 2.7 MB ( 2872320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2013-09-12 22:34:57 UTC ( 4 years, 10 months ago )
Last submission 2018-03-24 01:16:27 UTC ( 3 months, 3 weeks ago )
File names ATL23072013.exe
ATL23072013
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections
UDP communications