× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a4afedaacf2a37036b8ee62c53f266c5796f012c7d1846224596a6cb4049921d
File name: bolletta_197260.exe
Detection ratio: 1 / 56
Analysis date: 2015-09-08 19:30:41 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Rising PE:Malware.FakePDF@CV!1.9E05[F1] 20150908
Ad-Aware 20150908
AegisLab 20150908
Yandex 20150908
AhnLab-V3 20150908
Alibaba 20150902
ALYac 20150908
Antiy-AVL 20150908
Arcabit 20150905
Avast 20150908
AVG 20150908
Avira (no cloud) 20150908
AVware 20150901
Baidu-International 20150908
BitDefender 20150908
Bkav 20150908
ByteHero 20150908
CAT-QuickHeal 20150908
ClamAV 20150908
CMC 20150908
Comodo 20150908
Cyren 20150908
DrWeb 20150908
Emsisoft 20150908
ESET-NOD32 20150908
F-Prot 20150908
F-Secure 20150908
Fortinet 20150908
GData 20150908
Ikarus 20150908
Jiangmin 20150907
K7AntiVirus 20150908
K7GW 20150908
Kaspersky 20150908
Kingsoft 20150908
Malwarebytes 20150908
McAfee 20150908
McAfee-GW-Edition 20150908
Microsoft 20150908
eScan 20150908
NANO-Antivirus 20150908
nProtect 20150908
Panda 20150908
Qihoo-360 20150908
Sophos AV 20150908
SUPERAntiSpyware 20150908
Symantec 20150908
Tencent 20150908
TheHacker 20150907
TrendMicro 20150908
TrendMicro-HouseCall 20150908
VBA32 20150907
VIPRE 20150908
ViRobot 20150908
Zillya 20150908
Zoner 20150908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-16 19:46:29
Entry Point 0x00011A86
Number of sections 4
PE sections
Overlays
MD5 23f625a32205fd1629bda87653cf5108
File type data
Offset 483328
Size 173703
Entropy 7.95
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
RegConnectRegistryW
GetServiceKeyNameA
RegDeleteKeyW
OpenBackupEventLogW
GetExplicitEntriesFromAclW
RegQueryValueExA
GetSecurityDescriptorControl
AccessCheck
RegSetValueA
AbortSystemShutdownW
OpenEventLogA
RegCreateKeyExA
DeleteService
OpenBackupEventLogA
DecryptFileW
RegQueryValueExW
CreatePrivateObjectSecurity
QueryServiceConfig2A
CloseServiceHandle
RegCreateKeyExW
GetFileSecurityW
RegQueryMultipleValuesW
QueryServiceStatus
MakeAbsoluteSD
CloseEventLog
BuildImpersonateTrusteeA
ObjectPrivilegeAuditAlarmA
IsValidSid
AreAnyAccessesGranted
RegReplaceKeyW
RegOpenKeyW
QueryServiceConfig2W
RegOpenKeyExA
SetFileSecurityA
PrivilegedServiceAuditAlarmW
BackupEventLogA
RegQueryValueW
GetFileSecurityA
LookupPrivilegeNameW
LsaOpenPolicy
GetKernelObjectSecurity
GetAuditedPermissionsFromAclW
GetSidIdentifierAuthority
ImpersonateSelf
RegisterServiceCtrlHandlerW
RegEnumKeyExW
DeregisterEventSource
BuildExplicitAccessWithNameW
GetSidSubAuthority
RegLoadKeyW
IsTokenRestricted
ObjectCloseAuditAlarmA
RegisterServiceCtrlHandlerA
RegUnLoadKeyA
LsaQueryInformationPolicy
GetNumberOfEventLogRecords
QueryServiceLockStatusA
GetServiceDisplayNameW
EnumDependentServicesW
SetNamedSecurityInfoA
QueryServiceObjectSecurity
LsaNtStatusToWinError
CreateServiceA
RegSetValueExA
QueryServiceLockStatusW
StartServiceCtrlDispatcherW
RegUnLoadKeyW
GetSecurityDescriptorGroup
LsaDeleteTrustedDomain
ObjectOpenAuditAlarmW
Ord(4)
ImageList_Merge
DestroyPropertySheetPage
FlatSB_EnableScrollBar
ImageList_Destroy
GetTextMetricsW
GetNearestColor
GetTextMetricsA
SetICMProfileW
GetViewportOrgEx
GetObjectType
EndDoc
FixBrushOrgEx
IntersectClipRect
AngleArc
GetMiterLimit
EqualRgn
GetDIBits
ExtCreateRegion
SetMetaFileBitsEx
StretchDIBits
SetICMMode
ResetDCA
GetKerningPairsA
SetViewportExtEx
ResetDCW
GetBkColor
GetDIBColorTable
OffsetRgn
GetCurrentPositionEx
CreateRectRgnIndirect
EndPath
GetEnhMetaFileW
EnumFontsA
GetBitmapBits
GetBrushOrgEx
OffsetViewportOrgEx
SetBkMode
RectInRegion
PtInRegion
OffsetClipRgn
BitBlt
CreateEnhMetaFileW
GetArcDirection
CreateBrushIndirect
PtVisible
CreateEnhMetaFileA
SetWinMetaFileBits
CloseEnhMetaFile
EndPage
GetCharWidth32W
GetOutlineTextMetricsW
DeleteObject
GetWindowExtEx
SetBitmapBits
FloodFill
CreateDCA
DeleteDC
GetMapMode
GetEnhMetaFileDescriptionA
GetCharWidthW
GetObjectW
CreateDCW
RealizePalette
CreatePatternBrush
SetEnhMetaFileBits
SelectClipPath
GetStockObject
GetPath
RoundRect
GetTextAlign
GetCharWidthFloatA
GetTextExtentPoint32A
CreateColorSpaceW
GetPaletteEntries
SelectObject
CreatePolygonRgn
SaveDC
CreateICW
GetGlyphOutlineA
GetDeviceGammaRamp
GetColorAdjustment
GetTextExtentExPointA
CreateDIBPatternBrush
GetStretchBltMode
FillPath
CreateDIBSection
GetCurrentObject
CreateFontA
AbortPath
CreateRoundRectRgn
Chord
GetClipRgn
SetPolyFillMode
CreateSolidBrush
DPtoLP
AbortDoc
SymGetSymFromName
UnDecorateSymbolName
SymUnloadModule
SymGetSymFromAddr
ImageDirectoryEntryToData
ImageEnumerateCertificates
MapDebugInformation
ImageUnload
SymGetModuleInfo
MapFileAndCheckSumA
UnmapDebugInformation
SymFunctionTableAccess
MakeSureDirectoryPathExists
FindDebugInfoFile
BindImageEx
UpdateDebugInfoFileEx
MapFileAndCheckSumW
SymUnDName
GetImageConfigInformation
SetImageConfigInformation
SymEnumerateModules
FoldStringA
GetStartupInfoA
GetDiskFreeSpaceExA
GetModuleHandleA
LoadLibraryW
GetFullPathNameW
Ord(1775)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(2396)
Ord(4425)
Ord(2554)
Ord(4627)
Ord(2385)
Ord(2725)
Ord(3738)
Ord(4853)
Ord(6375)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(641)
Ord(5199)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(2648)
Ord(4407)
Ord(2446)
Ord(3830)
Ord(5714)
Ord(4078)
Ord(2985)
Ord(5065)
Ord(5289)
Ord(3346)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(3825)
Ord(324)
Ord(2976)
Ord(4486)
Ord(815)
Ord(1089)
Ord(1168)
Ord(3922)
Ord(3081)
Ord(5731)
Ord(4698)
Ord(4998)
Ord(5163)
Ord(4353)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(4673)
Ord(5300)
Ord(3597)
Ord(5277)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(4079)
WNetCancelConnectionA
MultinetGetConnectionPerformanceW
WNetEnumResourceA
WNetGetNetworkInformationA
WNetGetUniversalNameW
WNetOpenEnumW
WNetGetUserW
WNetGetLastErrorA
WNetAddConnectionW
WNetAddConnection2W
MultinetGetConnectionPerformanceA
WNetGetConnectionA
WNetAddConnection2A
WNetAddConnection3A
WNetCloseEnum
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
_setmbcp
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
VarDecFromUI4
VarDecFromDisp
VarI1FromR4
VarDecFromUI2
SysStringByteLen
VarUI1FromBool
VarMul
LHashValOfNameSysA
LPSAFEARRAY_UserUnmarshal
OleSavePictureFile
VarCyFromI4
VarI4FromI1
VarCyFromI1
SafeArrayGetElemsize
VarImp
GetActiveObject
SafeArrayAccessData
VarDecMul
VarXor
LPSAFEARRAY_UserMarshal
VarR8FromDisp
VarI1FromUI1
SafeArrayAllocDescriptorEx
VarPow
LoadTypeLibEx
VarDecFromBool
VarR8FromI4
SafeArrayLock
VARIANT_UserFree
VarI1FromI2
VarI1FromI4
VarCySub
SafeArraySetRecordInfo
VarDecRound
VarI2FromBool
VarBstrFromBool
BSTR_UserUnmarshal
OleLoadPictureEx
VarUI4FromDec
VarDecFromDate
SafeArrayCopy
VarDateFromCy
VarI2FromDisp
SystemTimeToVariantTime
SafeArrayCreate
VarUI1FromI1
VarBstrFromDisp
VarI2FromDec
VarDecFromR4
SysReAllocString
VarCat
VarUI4FromR4
VarFix
VarDecFromI1
VarDecFromR8
CreateTypeLib2
VarI2FromR4
VarCyFix
VarI4FromR8
OleLoadPicturePath
VarUI4FromDate
VarUI2FromUI4
VariantCopy
VarUI2FromUI1
SafeArraySetIID
VarDateFromBool
VarI1FromDec
VariantInit
SafeArrayGetElement
SafeArrayGetIID
VarDateFromR4
VarCyFromDate
VarI2FromUI1
VarDateFromR8
GetRecordInfoFromGuids
VarCyMulI4
VarDecSub
VarUI2FromI2
SafeArrayGetUBound
GetRecordInfoFromTypeInfo
SysFreeString
SysAllocStringByteLen
VarFormatFromTokens
VarBoolFromUI2
VarR8FromDate
VarFormatCurrency
VarCyAbs
SafeArrayGetVartype
VarR8Round
VarI4FromBool
VarBstrFromI4
VarR4FromUI4
VarR4FromBool
VarCyFromDisp
VarUI2FromDisp
RegisterActiveObject
VarR4FromUI1
VarCyFromBool
VarUI2FromStr
VarUI1FromDisp
VarI4FromDisp
VarCyFromR4
SafeArrayCreateVectorEx
VarI2FromDate
VarR4FromI4
DispGetParam
SafeArrayRedim
VarR4FromI1
VarR8Pow
VarCyFromR8
VarR4FromI2
VarI2FromStr
VarCyRound
VarI1FromBool
VarBoolFromI2
VarI4FromUI1
UnRegisterTypeLib
VarI1FromR8
VarUI2FromBool
SafeArrayUnaccessData
SafeArrayDestroy
VarBoolFromStr
VarI4FromUI4
OaBuildVersion
LHashValOfNameSys
VarNeg
VarBoolFromDec
VarMod
VarI4FromDate
VarFormatNumber
SafeArrayCopyData
VarI2FromCy
VarDecCmp
DispInvoke
VarUI1FromDec
ClearCustData
SafeArrayAllocDescriptor
VarR4FromDate
VarI2FromUI2
VarFormat
VarI2FromUI4
VarI4FromDec
VarCyInt
SafeArrayGetDim
VarR4FromR8
SysStringLen
SysReAllocStringLen
VarDateFromDisp
VarUI1FromCy
VarDecNeg
VarUI1FromStr
VarUI4FromUI1
VarCyFromUI2
VariantChangeTypeEx
VarCyMul
VarI4FromStr
VarI2FromI4
VarBstrFromDate
VarUI4FromI4
VarBstrFromUI1
LPSAFEARRAY_UserFree
VarBstrFromUI4
VarDecFromCy
VarUI4FromI2
VarDateFromI1
VarUI1FromUI4
VarR8FromDec
VarIdiv
VarUI1FromUI2
VarR8FromUI1
SafeArrayCreateEx
VarR4FromStr
VarR8FromUI2
VarI1FromDate
VarR8FromUI4
VarUI4FromDisp
VarUI2FromDec
VarBoolFromUI1
VarBstrFromCy
DosDateTimeToVariantTime
VarUI2FromI1
VarUI2FromI4
VarDecInt
VectorFromBstr
VarFormatDateTime
DispCallFunc
BstrFromVector
VarDateFromDec
VarI4FromUI2
BSTR_UserSize
VarDecAdd
BSTR_UserMarshal
VarRound
VarAdd
VarCyCmpR8
VarUI1FromR8
VarDecDiv
VARIANT_UserSize
VarUI1FromR4
VarFormatPercent
VarDiv
GetAltMonthNames
VarR8FromBool
VarI1FromStr
CreateStdDispatch
VarDateFromUI4
VarDateFromUI1
VarUI2FromCy
VarParseNumFromStr
PathIsDirectoryA
PathIsRelativeA
PathIsRootW
PathRemoveBackslashW
PathCompactPathExW
PathMakePrettyW
SHRegGetBoolUSValueW
SHDeleteValueA
PathMakePrettyA
StrCSpnW
SHRegGetBoolUSValueA
StrToIntA
PathIsRootA
SHRegGetUSValueW
StrIsIntlEqualW
PathSetDlgItemPathW
SHEnumKeyExW
StrToIntW
SHRegOpenUSKeyW
PathFindFileNameW
StrPBrkA
PathRemoveBlanksA
PathFindFileNameA
PathIsContentTypeW
SHGetValueA
PathCanonicalizeA
PathParseIconLocationW
PathFindExtensionW
PathRemoveArgsW
SHRegEnumUSKeyA
StrCSpnIW
StrToIntExW
SHEnumValueW
PathRelativePathToA
PathAddBackslashW
StrCatW
StrCmpIW
PathBuildRootW
PathRelativePathToW
SHDeleteKeyW
PathIsFileSpecW
PathRemoveFileSpecW
PathIsUNCServerW
PathIsFileSpecA
SHDeleteKeyA
SHRegEnumUSValueW
PathRemoveFileSpecA
PathGetArgsA
PathAddExtensionW
PathGetArgsW
PathIsPrefixA
StrSpnA
PathCombineA
PathStripToRootA
PathCompactPathA
PathMakeSystemFolderW
PathCombineW
PathUnmakeSystemFolderW
SHRegSetUSValueA
SHRegQueryUSValueW
SHRegCloseUSKey
PathMatchSpecW
StrDupW
PathIsURLA
SHRegWriteUSValueA
PathUnquoteSpacesA
PathIsURLW
PathMatchSpecA
SHSetValueA
SHRegWriteUSValueW
StrFormatByteSizeA
StrNCatW
StrNCatA
SHRegDeleteUSValueA
StrTrimW
SHOpenRegStreamA
StrTrimA
PathFileExistsA
SHRegCreateUSKeyW
PathRenameExtensionW
SHQueryInfoKeyW
ChrCmpIW
PathRenameExtensionA
StrFromTimeIntervalW
ChrCmpIA
PathSkipRootA
PathFindNextComponentW
SHQueryValueExA
PathSearchAndQualifyW
PathSkipRootW
EnableWindow
CallWindowProcA
GetFileVersionInfoA
VerInstallFileA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
PrintDlgA
FindTextA
GetOpenFileNameW
ChooseColorW
ChooseFontW
GetSaveFileNameW
GetFileTitleA
ChooseColorA
FindTextW
PrintDlgW
PageSetupDlgW
GetSaveFileNameA
Number of PE resources by type
RT_ACCELERATOR 3
RT_MENU 3
RT_ICON 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
SYRIAC DEFAULT 6
ENGLISH ARABIC QATAR 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

FileOS
Win32

TimeStamp
2008:01:16 20:46:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
6.0

FileSubtype
0

ProductVersionNumber
0.40.246.141

FileTypeExtension
exe

InitializedDataSize
409600

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileVersionNumber
0.64.112.48

EntryPoint
0x11a86

UninitializedDataSize
0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 23660193ef7c1cde85f2aeed3047f233
SHA1 c83fb735f0eb210a2e127ff416532503cdec8101
SHA256 a4afedaacf2a37036b8ee62c53f266c5796f012c7d1846224596a6cb4049921d
ssdeep
12288:Dd6ysCTVM62uhDiTBD+mrQi/k9/Z/4dxdlLekVJ9zPtmm+OSP9mN8:DHxpiNDjrx/k9/Z/4zje4TzPtNx8

authentihash cffad359bdb757e774cac653a2bc2492e874894f3d1042cb53bb6baeb746fb88
imphash 7516e64ff63b8b8d5e70bee7994b746f
File size 641.6 KB ( 657031 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-08 19:28:14 UTC ( 3 years, 6 months ago )
Last submission 2015-09-09 16:25:16 UTC ( 3 years, 6 months ago )
File names bolletta_197260.exe
ecucijsg.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs