× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: baecc5361c03673aa0cdb118435dd46dca9e1d106d8bc6997d766ad9a45b1457
File name: nonchalantly.scr
Detection ratio: 30 / 57
Analysis date: 2015-01-20 18:27:06 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BHHS 20150120
AhnLab-V3 Win-Trojan/Downloader.28672.ABV 20150120
Antiy-AVL Trojan[Downloader]/Win32.Cabby 20150120
Avast Win32:Trojan-gen 20150120
Avira (no cloud) TR/Cabhot.A.95 20150120
AVware Trojan.Win32.Generic!BT 20150120
BitDefender Trojan.Agent.BHHS 20150120
Cyren W32/Trojan.NESF-4279 20150120
DrWeb Trojan.DownLoad3.35539 20150120
Emsisoft Trojan.Agent.BHHS (B) 20150120
ESET-NOD32 Win32/TrojanDownloader.Elenoocka.A 20150120
F-Prot W32/Trojan3.NER 20150120
F-Secure Trojan.Agent.BHHS 20150120
GData Trojan.Agent.BHHS 20150120
Ikarus Trojan-Downloader.Win32.Elenoocka 20150120
K7GW Trojan-Downloader ( 00499db21 ) 20150120
Kaspersky Trojan-Downloader.Win32.Cabby.cbtj 20150120
Malwarebytes Trojan.Email.FakeDoc 20150120
McAfee RDN/Downloader.a!ul 20150120
McAfee-GW-Edition BehavesLike.Win32.Trojan.mh 20150120
Microsoft TrojanDownloader:Win32/Dalexis 20150120
eScan Trojan.Agent.BHHS 20150120
Norman Kryptik.PDB 20150120
Panda Trj/Ransom.AB 20150120
Qihoo-360 Malware.QVM20.Gen 20150120
Sophos AV Troj/Agent-ALFM 20150120
Symantec Downloader 20150120
TrendMicro-HouseCall TROJ_GEN.F0D1H0ZAJ15 20150120
VIPRE Trojan.Win32.Generic!BT 20150120
ViRobot Trojan.Win32.Ransom.28672.A[h] 20150120
AegisLab 20150120
Yandex 20150120
Alibaba 20150120
ALYac 20150120
AVG 20150127
Baidu-International 20150120
Bkav 20150120
ByteHero 20150120
CAT-QuickHeal 20150120
ClamAV 20150120
CMC 20150120
Comodo 20150120
Fortinet 20150119
Jiangmin 20150119
K7AntiVirus 20150127
Kingsoft 20150120
NANO-Antivirus 20150120
nProtect 20150120
Rising 20150119
SUPERAntiSpyware 20150120
Tencent 20150128
TheHacker 20150120
TotalDefense 20150119
TrendMicro 20150120
VBA32 20150120
Zillya 20150120
Zoner 20150119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-03-16 21:13:32
Entry Point 0x000024FF
Number of sections 5
PE sections
PE imports
GetProcessId
ReadConsoleA
GetEnvironmentVariableA
SetEnvironmentVariableW
GetStringTypeA
GetComputerNameA
GetGeoInfoA
WaitForSingleObject
GetConsoleAliasW
GetCurrentProcess
GetLongPathNameA
HeapValidate
CloseHandle
GetTimeFormatA
lstrcpynA
GetProcAddress
GetPrivateProfileStructW
LoadLibraryA
GetBinaryTypeA
UpdateResourceA
UrlCanonicalizeA
UrlCreateFromPathA
UrlCombineA
UrlIsNoHistoryW
UrlIsA
UrlCompareA
UrlUnescapeA
PathCompactPathA
UrlEscapeA
UrlHashA
UrlGetLocationA
UrlIsOpaqueA
WTSVirtualChannelPurgeInput
WTSUnRegisterSessionNotification
WTSQuerySessionInformationA
WTSSendMessageA
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSVirtualChannelClose
WTSFreeMemory
WTSRegisterSessionNotification
WTSLogoffSession
WTSSetUserConfigW
WTSEnumerateProcessesA
WTSOpenServerW
WTSQueryUserToken
AlphaBlend
DllInitialize
TransparentBlt
GradientFill
NDdeShareEnumA
NDdeShareSetInfoA
NDdeShareAddA
Number of PE resources by type
RT_ICON 2
RT_MESSAGETABLE 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:03:16 22:13:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
10.0

EntryPoint
0x24ff

InitializedDataSize
22016

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 b16594828075b92fcba9e017a65d4436
SHA1 239d03a07798dbcf8f074d0a58d86ea29d0c1c58
SHA256 baecc5361c03673aa0cdb118435dd46dca9e1d106d8bc6997d766ad9a45b1457
ssdeep
384:yvEuszTkE5fsTQl7/LH3qRlQiAEmDcuUB+obFI8ytRvG:U2gSfs+/zaoVEmD/y+So7v

authentihash 20149fe927ece0b0199237444b4ec892548e79ac7fd91faa39ef3908a3797ef9
imphash abe419df550107c081fafd8ffe205844
File size 28.0 KB ( 28672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-20 05:57:12 UTC ( 2 years, 8 months ago )
Last submission 2015-01-20 18:27:06 UTC ( 2 years, 8 months ago )
File names nonchalantly.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections