× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bef0b15c8ae11deef3cf98134d804628574d45364cb385b0ea212c80667f752d
File name: FakeSignv.0.2.exe
Detection ratio: 0 / 56
Analysis date: 2015-09-03 19:10:25 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150903
AegisLab 20150903
Yandex 20150901
AhnLab-V3 20150903
Alibaba 20150902
ALYac 20150903
Antiy-AVL 20150903
Arcabit 20150903
Avast 20150903
AVG 20150903
Avira (no cloud) 20150903
AVware 20150901
Baidu-International 20150903
BitDefender 20150903
Bkav 20150903
ByteHero 20150903
CAT-QuickHeal 20150903
ClamAV 20150903
CMC 20150902
Comodo 20150903
Cyren 20150903
DrWeb 20150903
Emsisoft 20150903
ESET-NOD32 20150903
F-Prot 20150903
F-Secure 20150903
Fortinet 20150903
GData 20150903
Ikarus 20150903
Jiangmin 20150902
K7AntiVirus 20150903
K7GW 20150903
Kaspersky 20150903
Kingsoft 20150903
Malwarebytes 20150903
McAfee 20150903
McAfee-GW-Edition 20150903
Microsoft 20150903
eScan 20150903
NANO-Antivirus 20150903
nProtect 20150903
Panda 20150903
Qihoo-360 20150903
Rising 20150902
Sophos AV 20150903
SUPERAntiSpyware 20150903
Symantec 20150902
Tencent 20150903
TheHacker 20150903
TrendMicro 20150903
TrendMicro-HouseCall 20150903
VBA32 20150903
VIPRE 20150903
ViRobot 20150903
Zillya 20150903
Zoner 20150903
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-03 18:30:51
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Replace
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Add
GetOpenFileNameA
GetSaveFileNameA
GetObjectA
CreateDCA
DeleteDC
SelectObject
GetTextExtentPoint32A
BitBlt
GetStockObject
CreateBitmap
CreateCompatibleBitmap
SetPixel
CreateSolidBrush
GetDIBits
DeleteObject
SetStretchBltMode
SetBkColor
CreateDIBSection
CreateCompatibleDC
GetObjectType
StretchBlt
SetTextColor
GetLastError
HeapFree
EnterCriticalSection
ReadFile
GetFileAttributesA
GlobalFree
GetDriveTypeA
HeapDestroy
GetTickCount
TlsAlloc
GetVersionExA
VirtualProtect
GlobalUnlock
LoadLibraryA
GlobalSize
HeapAlloc
GetCurrentProcess
GetCurrentProcessId
ReleaseSemaphore
WaitForMultipleObjects
GlobalLock
GetCurrentThread
GetModuleHandleA
CreateSemaphoreA
CreateThread
TlsFree
SetFilePointer
DeleteCriticalSection
FindFirstFileA
WriteFile
CloseHandle
DuplicateHandle
HeapReAlloc
GetProcAddress
FreeLibrary
InitializeCriticalSection
HeapCreate
GlobalAlloc
FindClose
TlsGetValue
Sleep
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
SetLastError
LeaveCriticalSection
strncmp
malloc
tolower
fabs
floor
ceil
memset
fclose
strcat
free
strcmp
memmove
strcpy
sprintf
memcmp
_stricmp
strlen
memcpy
strncpy
OleUninitialize
CoInitialize
OleInitialize
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
DragQueryFileA
MapWindowPoints
RedrawWindow
TranslateAcceleratorA
GetForegroundWindow
GetParent
GetMessageA
SetPropA
EnumWindows
SetFocus
RegisterWindowMessageA
DefWindowProcA
ShowWindow
GetPropA
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
UnregisterClassA
PostMessageA
MoveWindow
EnumChildWindows
IntersectRect
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
SetActiveWindow
GetDC
GetKeyState
ReleaseDC
RemovePropA
SetWindowTextA
DefFrameProcA
DestroyIcon
DrawFocusRect
IsWindowVisible
SendMessageA
GetClientRect
ScreenToClient
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
RegisterClassA
DestroyAcceleratorTable
GetSysColorBrush
CallWindowProcA
GetClassNameA
GetFocus
MsgWaitForMultipleObjects
GetActiveWindow
GetWindowTextA
CreateAcceleratorTableA
IsChild
DestroyWindow
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:09:03 19:30:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
43520

LinkerVersion
2.5

EntryPoint
0x1000

InitializedDataSize
12288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7ed3831c6424e2fc0e113b23024e811a
SHA1 c00ffcdce9833df4c0d05dda1720f2217cc792b6
SHA256 bef0b15c8ae11deef3cf98134d804628574d45364cb385b0ea212c80667f752d
ssdeep
768:nTUtJnFK6Cokdk8u7ux6hySzZXAzSN2jYn+39aRYTY0+L8+MNM4Of7YdAceRdO:ItbK9o1BukERYkmXVfMP4dO

authentihash 3d1404bf1d1097edfb69ead2267cdac53171c0f06e88f7b03dde7c5665616756
imphash 2bb6480e84f08579bb5bcf131030ff8a
File size 54.0 KB ( 55296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (43.2%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.8%)
Win16/32 Executable Delphi generic (6.8%)
Generic Win/DOS Executable (6.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-03 19:10:25 UTC ( 2 years, 11 months ago )
Last submission 2015-09-03 19:10:25 UTC ( 2 years, 11 months ago )
File names FakeSignv.0.2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs