× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 955b41ec93d517b348a485b377848d102bdc74a81bb712ec416addc6c9997b8d
File name: SalesOrderAcknowledgement.scr
Detection ratio: 3 / 55
Analysis date: 2015-09-11 11:51:38 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150911
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20150911
Tencent Win32.Trojan.Inject.Auto 20150911
Ad-Aware 20150911
AegisLab 20150911
Yandex 20150910
AhnLab-V3 20150910
Alibaba 20150911
ALYac 20150911
Antiy-AVL 20150911
Arcabit 20150911
Avast 20150911
AVG 20150911
Avira (no cloud) 20150910
AVware 20150911
Baidu-International 20150911
BitDefender 20150911
Bkav 20150911
ByteHero 20150911
CAT-QuickHeal 20150911
ClamAV 20150911
CMC 20150910
Comodo 20150911
Cyren 20150911
DrWeb 20150911
ESET-NOD32 20150911
F-Prot 20150911
F-Secure 20150911
Fortinet 20150911
GData 20150911
Ikarus 20150911
Jiangmin 20150909
K7AntiVirus 20150911
K7GW 20150911
Kingsoft 20150911
Malwarebytes 20150911
McAfee 20150911
McAfee-GW-Edition 20150910
Microsoft 20150911
eScan 20150911
NANO-Antivirus 20150911
nProtect 20150911
Panda 20150911
Rising 20150909
Sophos AV 20150911
SUPERAntiSpyware 20150911
Symantec 20150910
TheHacker 20150910
TrendMicro 20150911
TrendMicro-HouseCall 20150911
VBA32 20150911
VIPRE 20150911
ViRobot 20150911
Zillya 20150911
Zoner 20150911
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-28 00:59:29
Entry Point 0x00003B4C
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GlobalSize
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
RaiseException
CreateThread
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
IsDebuggerPresent
TerminateProcess
QueryPerformanceCounter
WideCharToMultiByte
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
CommandLineToArgvW
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
LoadStringA
DispatchMessageA
EndPaint
EndDialog
UpdateWindow
PostMessageA
SendMessageA
DialogBoxParamA
GetClientRect
PostQuitMessage
BeginPaint
TranslateMessage
DefWindowProcA
ShowWindow
DestroyWindow
RegisterClassExA
WTSSetUserConfigA
WTSSendMessageA
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
POLISH DEFAULT 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
42496

ImageVersion
4.31

ProductName
Microsoft Visual Studio 10

FileVersionNumber
1.0.6.1

LanguageCode
Unknown (0364)

FileFlagsMask
0x0000

FileDescription
DangerWolf

CharacterSet
Unknown (D280)

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Dangerwolf.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.6.1

TimeStamp
2014:01:28 01:59:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DaWo

ProductVersion
1.0.6.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
36352

FileSubtype
0

ProductVersionNumber
1.0.6.1

EntryPoint
0x3b4c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0a7e68a84765d639210b77575c2373bd
SHA1 f98e1d397a61bc98141f9c1c31f607855331ee10
SHA256 955b41ec93d517b348a485b377848d102bdc74a81bb712ec416addc6c9997b8d
ssdeep
1536:LfaACSdZ1gHZVtlayuDfkJYR1zJU+mDqDD:LASaurTz6+mDkD

authentihash d778c439e9031a09bb1072c93599eb2ab27161248758d5113f9006c46f8b35a9
imphash b6e2362437a034c1db5762338dc7d1c1
File size 72.5 KB ( 74240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (68.6%)
Win32 Executable (generic) (11.2%)
Win16/32 Executable Delphi generic (5.1%)
OS/2 Executable (generic) (5.0%)
Generic Win/DOS Executable (4.9%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-11 09:44:52 UTC ( 3 years, 8 months ago )
Last submission 2016-05-03 20:32:40 UTC ( 3 years ago )
File names iFgRzDy8C.tmp
0a7e68a84765d639210b77575c2373bd.scr
955b41ec93d517b348a485b377848d102bdc74a81bb712ec416addc6c9997b8d.bin
0a7e68a84765d639210b77575c2373bd
0a7e68a84765d639210b77575c2373bd
SalesOrderAcknowledgement.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs