× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bca67f8e01e369b934855f920e6a440d7b00086951e1d428faae581c78b9857a
File name: finanscozum.exe
Detection ratio: 1 / 68
Analysis date: 2019-02-17 16:09:30 UTC ( 3 months ago )
Antivirus Result Update
CMC Trojan-FakeAV.Win32!O 20190217
Acronis 20190213
Ad-Aware 20190217
AegisLab 20190217
AhnLab-V3 20190217
Alibaba 20180921
ALYac 20190217
Antiy-AVL 20190217
Arcabit 20190217
Avast 20190217
Avast-Mobile 20190217
AVG 20190217
Avira (no cloud) 20190217
Babable 20180917
Baidu 20190214
BitDefender 20190217
Bkav 20190215
CAT-QuickHeal 20190217
ClamAV 20190217
Comodo 20190217
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190217
Cyren 20190217
DrWeb 20190217
eGambit 20190217
Emsisoft 20190217
Endgame 20190215
ESET-NOD32 20190217
F-Prot 20190217
F-Secure 20190217
Fortinet 20190217
GData 20190217
Ikarus 20190217
Sophos ML 20181128
Jiangmin 20190217
K7AntiVirus 20190216
K7GW 20190216
Kaspersky 20190217
Kingsoft 20190217
Malwarebytes 20190217
MAX 20190217
McAfee 20190217
McAfee-GW-Edition 20190217
Microsoft 20190217
eScan 20190217
NANO-Antivirus 20190217
Palo Alto Networks (Known Signatures) 20190217
Panda 20190217
Qihoo-360 20190217
Rising 20190217
SentinelOne (Static ML) 20190203
Sophos AV 20190217
SUPERAntiSpyware 20190213
Symantec 20190217
Symantec Mobile Insight 20190206
TACHYON 20190216
Tencent 20190217
TheHacker 20190217
TotalDefense 20190216
Trapmine 20190123
TrendMicro 20190217
TrendMicro-HouseCall 20190217
Trustlook 20190217
VBA32 20190215
ViRobot 20190217
Webroot 20190217
Yandex 20190215
ZoneAlarm by Check Point 20190217
Zoner 20190216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BF98
Number of sections 8
PE sections
Overlays
MD5 9262bc6fcb4f08d554c68f99e4944c9b
File type data
Offset 61952
Size 2404362
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitCommonControls
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetFileAttributesA
GetExitCodeProcess
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 15:22:17-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
47104

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xbf98

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 4cbfc679d2363d77e726e60c4801ac0b
SHA1 bc7437d1097467b19e13b565c5feb6fbc8864d5b
SHA256 bca67f8e01e369b934855f920e6a440d7b00086951e1d428faae581c78b9857a
ssdeep
49152:wVlw+z12vr0kya1xrt/F8KFWgYKHkJBLMAdLMZlgJ9ZmsB:wVlo0qt/1WTUZlgJKW

authentihash d2323afac74d4335ca8ddc98b1cfdf7ec2f32dda9ec074279b305e6096c532fa
imphash e2c1f18f75da1944b68774c16f2adcef
File size 2.4 MB ( 2466314 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-07-19 17:25:31 UTC ( 10 months, 1 week ago )
Last submission 2019-02-16 20:14:46 UTC ( 3 months ago )
File names finanscozum.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs