× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b230f30fd26be4a879d8bdf4504ecf3e374c25ac2bd2880b1342a35284a80d8d
File name: Adres_Degisikligi_Form.exe
Detection ratio: 2 / 56
Analysis date: 2015-09-09 07:09:58 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150909
Rising PE:Malware.FakePDF@CV!1.9E05[F1] 20150908
Ad-Aware 20150909
AegisLab 20150909
Yandex 20150908
AhnLab-V3 20150908
Alibaba 20150902
ALYac 20150909
Antiy-AVL 20150909
Arcabit 20150909
Avast 20150909
AVG 20150909
Avira (no cloud) 20150909
AVware 20150901
Baidu-International 20150908
BitDefender 20150909
Bkav 20150908
ByteHero 20150909
CAT-QuickHeal 20150908
ClamAV 20150909
CMC 20150908
Comodo 20150909
Cyren 20150909
DrWeb 20150909
Emsisoft 20150909
ESET-NOD32 20150909
F-Prot 20150908
F-Secure 20150909
Fortinet 20150909
GData 20150909
Ikarus 20150909
Jiangmin 20150907
K7AntiVirus 20150909
K7GW 20150909
Kaspersky 20150909
Kingsoft 20150909
Malwarebytes 20150909
McAfee 20150909
McAfee-GW-Edition 20150908
Microsoft 20150909
eScan 20150909
NANO-Antivirus 20150908
nProtect 20150908
Panda 20150908
Sophos AV 20150909
SUPERAntiSpyware 20150909
Symantec 20150908
Tencent 20150909
TheHacker 20150907
TrendMicro 20150909
TrendMicro-HouseCall 20150909
VBA32 20150907
VIPRE 20150908
ViRobot 20150909
Zillya 20150909
Zoner 20150909
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-09-30 08:32:06
Entry Point 0x0000DC00
Number of sections 4
PE sections
Overlays
MD5 d64639e1f4b420df5ed7f94311d68a54
File type data
Offset 458752
Size 171380
Entropy 7.96
PE imports
LsaFreeMemory
Ord(3)
PropertySheetA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
FlatSB_SetScrollInfo
FlatSB_GetScrollProp
PropertySheetW
Ord(6)
Ord(17)
Ord(5)
UninitializeFlatSB
FlatSB_GetScrollInfo
ImageList_GetDragImage
ImageList_ReplaceIcon
FlatSB_SetScrollProp
ImageList_DrawIndirect
ImageList_Merge
ImageList_DrawEx
ImageList_SetIconSize
Ord(13)
FlatSB_ShowScrollBar
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_Draw
DestroyPropertySheetPage
ImageList_DragLeave
Ord(4)
FlatSB_SetScrollPos
ImageList_GetImageInfo
ImageList_DragEnter
InitCommonControlsEx
ImageList_DragMove
ImageList_LoadImageW
ImageList_LoadImageA
CreatePropertySheetPageW
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Remove
CreatePropertySheetPageA
ImageList_Copy
Ord(8)
ImageList_EndDrag
DeviceIoControl
GetStartupInfoA
GetModuleHandleA
LoadLibraryW
EnumResourceNamesW
GetVolumeInformationW
GetProfileStringA
HeapSize
DefineDosDeviceA
AddAtomW
Ord(324)
Ord(3825)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(1775)
Ord(4425)
Ord(4627)
Ord(3597)
Ord(1168)
Ord(4853)
Ord(6375)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(641)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(5199)
Ord(1576)
Ord(1089)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(3081)
Ord(2648)
Ord(4407)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(5714)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(5300)
Ord(6376)
Ord(561)
Ord(3831)
Ord(3346)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(2385)
Ord(2976)
Ord(2985)
Ord(4234)
Ord(815)
Ord(4486)
Ord(3922)
Ord(3738)
Ord(4698)
Ord(4998)
Ord(5163)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(4673)
Ord(2554)
Ord(4353)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(5731)
WNetGetLastErrorA
MultinetGetConnectionPerformanceW
WNetEnumResourceA
WNetGetNetworkInformationA
WNetAddConnection3W
WNetDisconnectDialog
WNetAddConnectionW
WNetConnectionDialog1W
WNetEnumResourceW
WNetGetLastErrorW
WNetGetConnectionA
WNetAddConnection3A
WNetCloseEnum
_except_handler3
_acmdln
__p__fmode
__CxxFrameHandler
_adjust_fdiv
__setusermatherr
__p__commode
_setmbcp
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
EnableWindow
Number of PE resources by type
RT_ACCELERATOR 13
RT_DIALOG 9
RT_ICON 9
RT_GROUP_ICON 4
RT_MENU 3
RT_VERSION 1
Number of PE resources by language
NEUTRAL 13
BULGARIAN DEFAULT 13
ENGLISH ARABIC QATAR 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

FileOS
Win32

TimeStamp
2006:09:30 09:32:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
6.0

FileSubtype
0

ProductVersionNumber
0.131.182.78

FileTypeExtension
exe

InitializedDataSize
397312

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileVersionNumber
0.150.31.256

EntryPoint
0xdc00

UninitializedDataSize
0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2e902e458d88cea396a9cf73068db07d
SHA1 aef17bf9d31c5c68b8531ed704d52455061c709b
SHA256 b230f30fd26be4a879d8bdf4504ecf3e374c25ac2bd2880b1342a35284a80d8d
ssdeep
12288:bD1tbTrHFufW+HQiOjpTDSHiINHz08SCp4hcbnWujvTSPXK:/brHFiwiOjpT2HiINHg9w4h2jvOPXK

authentihash b8f9bdfa5d2d0c853f0517e9d91412a0cf36ef7d35e92f50ff50458a8b280aa4
imphash 12924de12a29876fb00f15cb447f565b
File size 615.4 KB ( 630132 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-09 06:34:43 UTC ( 3 years, 6 months ago )
Last submission 2015-09-09 12:56:57 UTC ( 3 years, 6 months ago )
File names bolletta_293148.exe
Adres_Degisikligi_Form.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs