× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98c6cf1304a449f37d9b6e099388e0656b1f25d815316c668b1c91f703d87ad1
File name: Bankline_Password_reset_8569474.scr
Detection ratio: 2 / 56
Analysis date: 2015-09-23 12:13:22 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150923
Tencent Win32.Trojan.Fakedoc.Auto 20150923
Ad-Aware 20150923
AegisLab 20150923
Yandex 20150922
AhnLab-V3 20150923
Alibaba 20150923
ALYac 20150923
Antiy-AVL 20150923
Arcabit 20150923
Avast 20150923
AVG 20150923
Avira (no cloud) 20150923
AVware 20150923
Baidu-International 20150923
BitDefender 20150923
Bkav 20150923
ByteHero 20150923
CAT-QuickHeal 20150923
ClamAV 20150923
CMC 20150922
Comodo 20150923
Cyren 20150923
DrWeb 20150923
Emsisoft 20150923
ESET-NOD32 20150923
F-Prot 20150922
F-Secure 20150923
Fortinet 20150923
GData 20150923
Ikarus 20150923
Jiangmin 20150922
K7AntiVirus 20150923
K7GW 20150923
Kingsoft 20150923
Malwarebytes 20150923
McAfee 20150923
McAfee-GW-Edition 20150923
Microsoft 20150923
eScan 20150923
NANO-Antivirus 20150923
nProtect 20150923
Panda 20150922
Qihoo-360 20150923
Rising 20150923
Sophos 20150923
SUPERAntiSpyware 20150923
Symantec 20150922
TheHacker 20150922
TrendMicro 20150923
TrendMicro-HouseCall 20150923
VBA32 20150923
VIPRE 20150923
ViRobot 20150923
Zillya 20150922
Zoner 20150923
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-30 18:20:34
Entry Point 0x00005B74
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
GetBkColor
GetStockObject
TextOutA
SetTextAlign
CreateSolidBrush
SetBkColor
DeleteObject
GetLastError
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
lstrlenA
GetModuleFileNameW
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetEnvironmentStringsW
GetLocaleInfoA
GetCurrentProcessId
CreateDirectoryA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetFileType
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
FindNextFileW
WriteFile
GetCurrentProcess
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
CreateProcessA
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
FindClose
TlsGetValue
FindNextChangeNotification
GetTickCount
TlsSetValue
GetCurrentThreadId
PrepareTape
VirtualAlloc
SetLastError
LeaveCriticalSection
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
LoadStringA
DispatchMessageA
EndPaint
EndDialog
BeginPaint
PostMessageA
SendMessageA
DefWindowProcA
GetClientRect
DialogBoxParamA
TranslateMessage
PostQuitMessage
ShowWindow
DestroyWindow
UpdateWindow
RegisterClassExA
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.146.0

UninitializedDataSize
0

LanguageCode
Spanish (Castilian)

FileFlagsMask
0x0000

CharacterSet
Unknown (30B0)

InitializedDataSize
36864

EntryPoint
0x5b74

OriginalFileName
monlingk.EXE

MIMEType
application/octet-stream

LegalCopyright
Monlin.GK Corporation. All rights reserved.

FileVersion
7.00.146

TimeStamp
2014:09:30 19:20:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
monlingk.EXE

ProductVersion
1.00.146

FileDescription
Monlin.GK launch tools

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Monlin.GK Corporation

CodeSize
28160

ProductName
Monlin.GK launch tools

ProductVersionNumber
1.0.146.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 26baa47cd6a34b0b300671498ac0c705
SHA1 6c8d0e739335bd44f5dd5bc2a1730f226cf3a941
SHA256 98c6cf1304a449f37d9b6e099388e0656b1f25d815316c668b1c91f703d87ad1
ssdeep
1536:EF+/Rp4jYf2NbVXrxZLJFIoQ+aCBjBomX0tHA/DNXs7LeAELqskyE17n8LaEvSsA:gUp4sfyXrPHIoQ+aCBy7

authentihash b6514ed709f81a54629d9c65731d8f99cf008f1ea6401491ce1902c09a9f5a25
imphash e3a0524ce52c8f5c56ffd7af206760e9
File size 62.5 KB ( 64000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-23 10:23:45 UTC ( 1 year, 8 months ago )
Last submission 2016-04-05 14:12:07 UTC ( 1 year, 1 month ago )
File names Bankline_Password_reset_8569474.scr
26baa47cd6a34b0b300671498ac0c705.scr
26baa47cd6a34b0b300671498ac0c705
051.scr
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F0E9H0ZIN15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs