× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a567515e0c0818d889bc7d2ab0263915a071b5374906e8101a57c7e04e196cba
File name: TURKCELL_FATURA.exe
Detection ratio: 31 / 54
Analysis date: 2015-12-11 07:16:02 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BOYA 20151211
Arcabit Trojan.Agent.BOYA 20151211
Avast Win32:Malware-gen 20151211
AVG FileCryptor.FLS 20151210
Avira (no cloud) TR/Crypt.ZPACK.222622 20151211
AVware Trojan.Win32.Generic!BT 20151211
Baidu-International Trojan.Win32.Filecoder.DI 20151210
BitDefender Trojan.Agent.BOYA 20151211
DrWeb Trojan.Encoder.3196 20151211
Emsisoft Trojan.Agent.BOYA (B) 20151211
ESET-NOD32 Win32/Filecoder.DI 20151211
F-Secure Trojan.Agent.BOYA 20151211
Fortinet W32/Cryptolocker.6CBA!tr 20151211
GData Trojan.Agent.BOYA 20151211
Ikarus Trojan.Win32.Filecoder 20151211
K7AntiVirus Trojan ( 004aa0281 ) 20151211
K7GW Trojan ( 004aa0281 ) 20151211
Kaspersky Trojan.Win32.Waldek.ali 20151211
Malwarebytes Ransom.TorrentLocker 20151211
McAfee RDN/Ransom 20151211
McAfee-GW-Edition Artemis!Trojan 20151211
Microsoft Ransom:Win32/Teerac 20151211
eScan Trojan.Agent.BOYA 20151211
nProtect Trojan.Agent.BOYA 20151211
Panda Trj/RansomCrypt.G 20151210
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151211
Symantec Trojan.Cryptolocker.H 20151210
Tencent Win32.Trojan.Crypt.Aotd 20151211
TrendMicro TROJ_WALDEK.A 20151211
TrendMicro-HouseCall TROJ_WALDEK.A 20151211
VIPRE Trojan.Win32.Generic!BT 20151211
AegisLab 20151210
Yandex 20151210
AhnLab-V3 20151211
Alibaba 20151208
Antiy-AVL 20151211
Bkav 20151210
ByteHero 20151211
CAT-QuickHeal 20151209
ClamAV 20151211
CMC 20151211
Comodo 20151209
Cyren 20151211
F-Prot 20151211
Jiangmin 20151210
NANO-Antivirus 20151211
Rising 20151210
SUPERAntiSpyware 20151211
TheHacker 20151209
TotalDefense 20151211
VBA32 20151210
ViRobot 20151211
Zillya 20151210
Zoner 20151211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-23 08:23:04
Entry Point 0x000183B6
Number of sections 4
PE sections
PE imports
MakeSelfRelativeSD
RegCloseKey
LookupAccountSidW
GetExplicitEntriesFromAclW
SetPrivateObjectSecurity
IsTokenRestricted
RegCreateKeyW
GetEffectiveRightsFromAclW
GetNumberOfEventLogRecords
GetAclInformation
GetExplicitEntriesFromAclA
RegReplaceKeyA
GetSidSubAuthority
LookupPrivilegeDisplayNameW
LsaClose
LsaEnumerateTrustedDomainsEx
SetFileSecurityW
LookupPrivilegeDisplayNameA
RegisterEventSourceA
RegReplaceKeyW
GetFileSecurityA
GetNamedSecurityInfoA
OpenEventLogW
EqualSid
RegOverridePredefKey
DecryptFileA
RegOpenKeyW
InitiateSystemShutdownA
RegLoadKeyA
LsaCreateTrustedDomainEx
GetUserNameW
GetAuditedPermissionsFromAclW
GetSecurityDescriptorDacl
ImpersonateSelf
CreateProcessAsUserA
ObjectCloseAuditAlarmW
RegEnumKeyExW
BuildImpersonateTrusteeW
BuildExplicitAccessWithNameW
LsaQueryDomainInformationPolicy
LsaEnumerateTrustedDomains
ObjectCloseAuditAlarmA
GetAce
RegQueryInfoKeyA
LogonUserA
SetKernelObjectSecurity
OpenProcessToken
RegSetValueExW
RegDeleteValueW
GetSidLengthRequired
LsaSetDomainInformationPolicy
RegConnectRegistryA
GetSecurityDescriptorGroup
GetOldestEventLogRecord
RegEnumValueA
GetTrusteeNameW
SetThreadToken
ReportEventA
IsValidSecurityDescriptor
ImageList_Draw
GetDIBColorTable
GetTextMetricsW
GetSystemPaletteEntries
CreateMetaFileA
SetPixelFormat
CreatePen
CreateHalftonePalette
GetTextMetricsA
ColorMatchToTarget
GetClipBox
DeleteEnhMetaFile
GetViewportOrgEx
GetObjectType
Rectangle
GetDeviceCaps
EnumEnhMetaFile
CreateEllipticRgn
GdiGetBatchLimit
GetBoundsRect
GetMapMode
GetWindowOrgEx
FixBrushOrgEx
GetObjectW
AngleArc
CloseMetaFile
CreateBitmapIndirect
EnumFontFamiliesA
CreateHatchBrush
OffsetWindowOrgEx
GetLogColorSpaceA
CreateEnhMetaFileW
BitBlt
StartDocA
SetDIBitsToDevice
CreateFontA
CreatePalette
EqualRgn
SetViewportOrgEx
ScaleWindowExtEx
CreateEllipticRgnIndirect
GetLogColorSpaceW
CreateRoundRectRgn
SelectClipRgn
PlayEnhMetaFile
CreateFontW
EnumICMProfilesA
ScaleViewportExtEx
CreateScalableFontResourceW
CreateColorSpaceA
GetClipRgn
GetEnhMetaFilePixelFormat
UpdateICMRegKeyA
GetWinMetaFileBits
CreateCompatibleBitmap
CreateScalableFontResourceA
GetCharWidthFloatW
GetKerningPairsA
WidenPath
SetWinMetaFileBits
GetCharWidth32A
SetRectRgn
GetBinaryTypeW
GetStartupInfoA
GetModuleHandleA
Ord(1080)
Ord(324)
Ord(3825)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(1775)
Ord(4425)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(3079)
Ord(3262)
Ord(4234)
Ord(5241)
Ord(1576)
Ord(1089)
Ord(2055)
Ord(5065)
Ord(5307)
Ord(5289)
Ord(641)
Ord(3259)
Ord(3081)
Ord(2648)
Ord(5714)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(1043)
Ord(2396)
Ord(6376)
Ord(561)
Ord(4837)
Ord(3831)
Ord(4353)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(3597)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(4486)
Ord(3922)
Ord(3798)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(1029)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(5300)
Ord(2512)
Ord(1047)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(1038)
Ord(5731)
_mbsnextc
__p__fmode
srand
__CxxFrameHandler
_acmdln
_adjust_fdiv
__setusermatherr
_setmbcp
__dllonexit
_mbsupr
wcstol
__getmainargs
_initterm
_controlfp
_onexit
atof
__p__commode
__set_app_type
CharNextA
Number of PE resources by type
RT_DIALOG 8
RT_ICON 7
RT_GROUP_ICON 2
fJMNE211 1
n7Ww85r 1
t6R2YC 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
KYRGYZ DEFAULT 15
ENGLISH AUS 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.125.118.118

UninitializedDataSize
0

LanguageCode
Unknown (TRIM)

FileFlagsMask
0x003f

CharacterSet
Unknown (MINGS)

InitializedDataSize
483328

EntryPoint
0x183b6

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
Rebellion 0,210,172,245

TimeStamp
2008:05:23 09:23:04+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,29,88,200

FileDescription
Traversed Subroutine Sexton

OSVersion
4.0

FileOS
Win32

LegalCopyright
2010 (C) 2018

MachineType
Intel 386 or later, and compatibles

CompanyName
Spiceworks, Inc

CodeSize
98304

FileSubtype
0

ProductVersionNumber
0.50.3.249

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 eeb9515821316c22a6fcdce03699caa3
SHA1 3ffdb3153d8889b97965171f1ef3ad25e5e71f0f
SHA256 a567515e0c0818d889bc7d2ab0263915a071b5374906e8101a57c7e04e196cba
ssdeep
12288:CGar4I4hqpzr0I5Be5k3DhuTjikZ9IKBVandYc1Bkilyi:CGbnqB0I5AGtuTjikHdadL3y

authentihash 471309270061183e34711a84cebb3cf152909414579b5305e1ce614f670435cc
imphash dcb8af7040162787dee745f2e9136e79
File size 572.0 KB ( 585728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-09 11:44:28 UTC ( 3 years, 3 months ago )
Last submission 2016-11-28 23:44:23 UTC ( 2 years, 3 months ago )
File names a567515e0c0818d889bc7d2ab0263915a071b5374906e8101a57c7e04e196cba.exe
obydimak.org.exe
bolletta_61934.exe
TURKCELL_FATURA.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!