× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: acd608ff0b07ffcf199312cc6c05bdc86a4bfaaa759a9711e33d334654ea160b
File name: IMG2021464-JPG.scr
Detection ratio: 2 / 45
Analysis date: 2013-01-26 16:59:49 UTC ( 5 years, 11 months ago ) View latest
Antivirus Result Update
Fortinet W32/Zbot.ANQ!tr 20130126
Panda Suspicious file 20130126
Yandex 20130125
AhnLab-V3 20130126
AntiVir 20130126
Antiy-AVL 20130126
Avast 20130126
AVG 20130126
BitDefender 20130126
ByteHero 20130123
CAT-QuickHeal 20130125
ClamAV 20130126
Commtouch 20130126
Comodo 20130126
DrWeb 20130126
Emsisoft 20130124
eSafe 20130120
ESET-NOD32 20130126
F-Prot 20130126
GData 20130126
Ikarus 20130126
Jiangmin 20121221
K7AntiVirus 20130125
Kaspersky 20130126
Kingsoft 20130121
Malwarebytes 20130126
McAfee 20130126
McAfee-GW-Edition 20130126
Microsoft 20130126
eScan 20130126
NANO-Antivirus 20130126
Norman 20130126
nProtect 20130125
PCTools 20130126
Rising 20130125
Sophos AV 20130126
SUPERAntiSpyware 20130126
Symantec 20130126
TheHacker 20130125
TotalDefense 20130125
TrendMicro 20130126
TrendMicro-HouseCall 20130126
VBA32 20130125
VIPRE 20130126
ViRobot 20130126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-07 16:07:50
Entry Point 0x00003F8C
Number of sections 6
PE sections
PE imports
lstrcpynW
PathGetDriveNumberA
UrlIsOpaqueW
GetActiveWindow
GetForegroundWindow
PtInRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:03:07 17:07:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
31232

LinkerVersion
10.0

EntryPoint
0x3f8c

InitializedDataSize
47104

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9b1c227d8bed48135cbb65666a8f24a6
SHA1 1f0ee32f9417fae5e62d7016bf7fc16e362e1dea
SHA256 acd608ff0b07ffcf199312cc6c05bdc86a4bfaaa759a9711e33d334654ea160b
ssdeep
1536:WHt4pAdIRTqvJh+K00GFHs96CjCK3FVa+S+X8G+kFkrp0t:WHt40FL0vlsUCjCcFV9MG+kF

authentihash 791f27e1893c875a836a93ede172b00ce0f850849c3ae43987d42412c82bf594
imphash 2e1157a7d47659aa21dba06f36fd0caf
File size 77.5 KB ( 79360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-01-26 13:59:08 UTC ( 5 years, 11 months ago )
Last submission 2018-05-23 11:50:02 UTC ( 7 months, 4 weeks ago )
File names IMG7595160-JPG.scr
IMG631144-JPG.scr
IMG7461456-JPG.scr
IMG635968-JPG.scr
IMG622952-JPG.scr
IMG7593424-JPG.scr
IMG7458320-JPG.scr
IMG7459104-JPG.scr
file-5064540_scr
9235919
IMG756464-JPG.scr
IMG2654512-JPG.scr
IMG626736-JPG.SCR
IMG625616-JPG.scr
IMG2021464-JPG.sc_
smona_acd608ff0b07ffcf199312cc6c05bdc86a4bfaaa759a9711e33d334654ea160b.bin
IMG630104-JPG.scr
IMG630048-JPG.scr
IMG626624-JPG.scr
IMG606832-JPG.scr
IMG762328-JPG.scr
7035099.malware
IMG7467168-JPG.scr
IMG7467424-JPG.scr
IMG631536-JPG.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Set keys
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications