× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1769b5b65c3c93c1fd6f17380dc23678af1033ed2b51a6d876bdc9867d279f0
File name: Scan.exe
Detection ratio: 17 / 48
Analysis date: 2013-10-16 09:31:48 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
AntiVir TR/Yarwi.A.13 20131016
Avast Win32:Malware-gen 20131016
Commtouch W32/Trojan.UVFL-8017 20131016
DrWeb Trojan.DownLoad3.28161 20131016
ESET-NOD32 Win32/TrojanDownloader.Small.AAB 20131016
Emsisoft Trojan.Agent.BAQJ (B) 20131016
F-Prot W32/Trojan3.GFJ 20131016
F-Secure Trojan.Agent.BAQJ 20131016
GData Trojan.Agent.BAQJ 20131016
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
McAfee Downloader-FUL!1A339ECFAC8D 20131016
McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.J!89 20131016
Sophos Troj/ZBot-GLT 20131016
Symantec Downloader 20131016
TrendMicro TROJ_UPATRE.AX 20131016
TrendMicro-HouseCall TROJ_UPATRE.AX 20131016
VIPRE Trojan.Win32.Generic!SB.0 20131016
AVG 20131015
Agnitum 20131015
AhnLab-V3 20131015
Antiy-AVL 20131016
Baidu-International 20131016
BitDefender 20131012
Bkav 20131016
ByteHero 20130929
CAT-QuickHeal 20131016
ClamAV 20131016
Comodo 20131016
Fortinet 20131016
Ikarus 20131016
Jiangmin 20131014
K7AntiVirus 20131015
K7GW 20131015
Kaspersky 20131016
Malwarebytes 20131016
MicroWorld-eScan 20131016
Microsoft 20131016
NANO-Antivirus 20131016
Norman 20131016
PCTools 20131002
Panda 20131016
Rising 20131016
SUPERAntiSpyware 20131016
TheHacker 20131015
TotalDefense 20131015
VBA32 20131015
ViRobot 20131016
nProtect 20131016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-15 20:04:40
Entry Point 0x00002000
Number of sections 6
PE sections
PE imports
mciSendStringA
GetEnvironmentVariableA
GetModuleHandleA
FreeLibrary
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetEnvironmentVariableA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
1.7

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Neutral 2

FileFlagsMask
0x0000

CharacterSet
Unknown (0025)

InitializedDataSize
21504

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2002

FileVersion
1.0.0.1

TimeStamp
2013:10:15 21:04:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
app.exe

ProductVersion
1.0.0.1

FileDescription
app.exe

OSVersion
1.0

OriginalFilename
app.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IntelCorp

CodeSize
2048

ProductName
App

ProductVersionNumber
1.0.0.1

EntryPoint
0x2000

ObjectFileType
Executable application

File identification
MD5 1a339ecfac8d2446e2f9c7e7ff639c56
SHA1 204a32a39a9afb288ab811b67208c7b182b59dbc
SHA256 b1769b5b65c3c93c1fd6f17380dc23678af1033ed2b51a6d876bdc9867d279f0
ssdeep
384:PRHl4JEGsUM3xm6Fzjz7Jsx0tOziKVlgUoLbr7gtdgI2MyzNtRCFtONlIwo59NV:ZFnGJaxmc2+UuKVlgUoLbr7gtdgI2My

File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.2%)
Win32 Executable (generic) (11.7%)
Win16/32 Executable Delphi generic (5.4%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-15 23:19:37 UTC ( 6 months, 1 week ago )
Last submission 2013-11-29 03:30:14 UTC ( 4 months, 3 weeks ago )
File names Scan_10162013.exe.bin
Scan_mybona.com1.exe
Scan_10162013.pdf
Docs.exe.renamed
c-5849b-365-1381880703
Scan10162013.exe
Scan_10162013.exe-2013-10-16_09_30_01.txt
Docs.exe
ATO_TAX_101613.exe
vti-rescan
Scan_dolores.uz.zip^Scan_10162013.exe
b1769b5b65c3c93c1fd6f17380dc23678af1033ed2b51a6d876bdc9867d279f0
Scan_10162013.exe_
1a339ecfac8d2446e2f9c7e7ff639c56.exe
file-6083482_exe
Scan_10162013.exe
1a339ecfac8d2446e2f9c7e7ff639c56.bin
1a339ecfac8d2446e2f9c7e7ff639c56
Sample.exe
Scan.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications