× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 95d22c9d3cdbb61618af861a869d3ba8209877c4db1e0e0fef70a20884556d45
File name: berlinetta.exe
Detection ratio: 5 / 54
Analysis date: 2015-11-04 15:18:52 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/AD.DridexDownloader.Y.42 20151104
ESET-NOD32 Win32/Dridex.P 20151104
Kaspersky Trojan-Downloader.Win32.Agent.hghj 20151104
TrendMicro TSPY_DRIDEX.SOU 20151104
TrendMicro-HouseCall TSPY_DRIDEX.SOU 20151104
Ad-Aware 20151104
AegisLab 20151104
Yandex 20151104
AhnLab-V3 20151104
Alibaba 20151104
ALYac 20151104
Antiy-AVL 20151104
Arcabit 20151104
Avast 20151104
AVG 20151104
AVware 20151104
Baidu-International 20151104
BitDefender 20151104
Bkav 20151104
ByteHero 20151104
CAT-QuickHeal 20151103
ClamAV 20151103
CMC 20151102
Comodo 20151104
Cyren 20151104
DrWeb 20151104
Emsisoft 20151104
F-Prot 20151104
F-Secure 20151104
Fortinet 20151104
GData 20151104
Ikarus 20151104
Jiangmin 20151104
K7AntiVirus 20151104
K7GW 20151104
Malwarebytes 20151104
McAfee 20151104
McAfee-GW-Edition 20151104
Microsoft 20151104
eScan 20151104
NANO-Antivirus 20151104
nProtect 20151104
Panda 20151104
Rising 20151103
Sophos AV 20151104
SUPERAntiSpyware 20151104
Symantec 20151103
Tencent 20151104
TheHacker 20151103
VBA32 20151104
VIPRE 20151104
ViRobot 20151104
Zillya 20151104
Zoner 20151104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-03-19 10:34:40
Entry Point 0x00046438
Number of sections 4
PE sections
PE imports
RegSetValueA
RegOverridePredefKey
LsaLookupSids
DeleteService
ClearEventLogA
QueryServiceStatus
RegConnectRegistryW
RegOpenKeyExW
LsaRemoveAccountRights
RegisterEventSourceA
RegReplaceKeyW
RegOpenKeyExA
AreAllAccessesGranted
StartServiceCtrlDispatcherW
GetUserNameA
InitiateSystemShutdownW
RegLoadKeyW
RegEnumKeyExA
RegEnumValueW
RegSetValueExA
StartServiceA
RegDeleteValueA
PropertySheetA
ImageList_BeginDrag
ImageList_Replace
FlatSB_SetScrollInfo
ImageList_SetImageCount
FlatSB_GetScrollRange
PropertySheetW
Ord(5)
ImageList_SetDragCursorImage
InitCommonControlsEx
FlatSB_SetScrollRange
ImageList_DragMove
ImageList_DragLeave
FlatSB_SetScrollProp
ImageList_Create
ImageList_DragEnter
ImageList_Merge
Ord(17)
ImageList_SetIconSize
Ord(15)
UninitializeFlatSB
DestroyPropertySheetPage
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
Ord(6)
ImageList_GetBkColor
Ord(4)
FlatSB_SetScrollPos
ImageList_ReplaceIcon
Ord(14)
Ord(2)
ImageList_Duplicate
InitializeFlatSB
Ord(8)
ImageList_LoadImageA
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_Remove
Ord(16)
CreatePropertySheetPageA
ImageList_LoadImageW
ImageList_EndDrag
GetWindowExtEx
SetICMMode
SetDeviceGammaRamp
GetTextExtentExPointA
RemoveFontResourceW
GetBoundsRect
EnumFontFamiliesW
IntersectClipRect
CreateDCW
GdiComment
CopyEnhMetaFileA
CreatePatternBrush
GetCurrentObject
CreateBitmap
CreatePalette
EqualRgn
CreateBrushIndirect
ExtTextOutA
UnrealizeObject
CreateEnhMetaFileA
SetTextAlign
CreateCompatibleDC
StretchDIBits
SetViewportExtEx
StartDocA
GetEnhMetaFileHeader
CreateSolidBrush
GetKerningPairsA
SetWinMetaFileBits
CopyMetaFileA
GetBkColor
Ellipse
SetSystemPaletteUse
GetGraphicsMode
GetModuleHandleA
CreateFileW
LZOpenFileA
_acmdln
__p__fmode
_exit
_adjust_fdiv
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
atof
__setusermatherr
__set_app_type
GetCursorPos
DdeImpersonateClient
CharLowerA
OpenInputDesktop
GetKBCodePage
GetActiveWindow
AdjustWindowRect
SetMenuItemInfoA
ToUnicodeEx
GetDesktopWindow
SubtractRect
GetFocus
SetProcessWindowStation
ToAsciiEx
GetSystemMetrics
GetKeyboardType
DdeQueryStringA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_ICON 3
RT_ACCELERATOR 3
RT_GROUP_ICON 3
pB030I0T8e 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
BASQUE DEFAULT 6
ENGLISH AUS 6
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.132.160.72

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
180224

EntryPoint
0x46438

OriginalFileName
Contraction.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018

FileVersion
3, 224, 126, 5

TimeStamp
2008:03:19 11:34:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cruises

FileDescription
Determines

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
CompuServe Interactive Services, Inc.

CodeSize
286720

FileSubtype
0

ProductVersionNumber
0.63.253.109

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 497a261a91be31fce655c8df2ccaf7ee
SHA1 0962aa0294c91826a02d39011b870add94c232bd
SHA256 95d22c9d3cdbb61618af861a869d3ba8209877c4db1e0e0fef70a20884556d45
ssdeep
6144:RDgiJbMt8bFoc6XVdQNmq8amC2VXkyQq0wDAlBmJIpFBg28zE+QsL:JlbQ8qc6MNmuu5OE4BmaoB

authentihash 8ce17c7eaf6db3510d88f17f05ca64d98346a79615222a3d76dcd001f398827f
imphash 1d57fda61113c0c7b7caa9a1070a37a7
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-04 07:33:29 UTC ( 2 years, 5 months ago )
Last submission 2015-11-05 19:16:40 UTC ( 2 years, 5 months ago )
File names 117.239.73.244_8880_ClientAccess_owaauth.php
owaauth.php
mal.exe
berlinetta.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections