× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3964366878f58bd4edb62fd7d17ca1578a6a2918c40fa123d99b4c81701ee59
File name: PostalReceipt1.exe
Detection ratio: 36 / 45
Analysis date: 2013-01-31 21:05:36 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
Yandex Trojan.DL.Kuluoz!Y+IKFGFYBSQ 20130131
AntiVir TR/Dldr.Kuluoz.afl 20130131
Avast Win32:Malware-gen 20130131
AVG Downloader.Generic13.WRS 20130131
BitDefender Trojan.Generic.8523284 20130131
CAT-QuickHeal TrojanDownloader.Kuluoz.afl 20130131
Comodo TrojWare.Win32.Trojan.Agent.Gen 20130131
DrWeb BackDoor.Kuluoz.3 20130131
Emsisoft Trojan.Win32.Agent.AMN (A) 20130131
ESET-NOD32 a variant of Win32/Kryptik.ARGE 20130131
F-Secure Trojan.Generic.8523284 20130131
Fortinet W32/Kuluoz.ABY!tr.dldr 20130131
GData Trojan.Generic.8523284 20130131
Ikarus Trojan-Downloader.Win32.Kuluoz 20130131
K7AntiVirus Trojan-Downloader 20130131
Kaspersky Trojan-Downloader.Win32.Kuluoz.afl 20130131
Kingsoft Win32.TrojDownloader.Kuluoz.a.(kcloud) 20130131
Malwarebytes Trojan.Downloader 20130131
McAfee Downloader.a!d2b 20130131
McAfee-GW-Edition Downloader.a!d2b 20130131
Microsoft TrojanDownloader:Win32/Kuluoz.B 20130131
eScan Trojan.Generic.8523284 20130131
NANO-Antivirus Trojan.Win32.Kuluoz.bdrlwm 20130131
Norman Troj_Generic.GHQOJ 20130131
nProtect Trojan/W32.Small.36352.OD 20130131
Panda Trj/CI.A 20130131
PCTools Trojan.Fakeavlock 20130131
Sophos AV Troj/Agent-ZLL 20130131
SUPERAntiSpyware Trojan.Agent/Gen-Zortob 20130131
Symantec Trojan.Fakeavlock 20130131
TheHacker Posible_Worm32 20130131
TrendMicro TROJ_SPNR.11LS12 20130131
TrendMicro-HouseCall TROJ_SPNR.11LS12 20130131
VBA32 BScope.Trojan-Dropper.8612 20130131
VIPRE Trojan.Win32.Weelsof.d (v) 20130131
ViRobot Trojan.Win32.A.Downloader.36352.IS[UPX] 20130131
Antiy-AVL 20130131
ByteHero 20130131
ClamAV 20130131
Commtouch 20130131
eSafe 20130131
F-Prot 20130131
Jiangmin 20121221
Rising 20130131
TotalDefense 20130131
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-27 04:31:49
Entry Point 0x00021380
Number of sections 3
PE sections
PE imports
RegCreateKeyA
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DestroyIcon
Ord(269)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:12:27 05:31:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x21380

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
102400

Compressed bundles
File identification
MD5 6bb823d87f99da067e284935ca3a8b14
SHA1 6124431a3ac1b1d40053f6585925af540f09d3ae
SHA256 c3964366878f58bd4edb62fd7d17ca1578a6a2918c40fa123d99b4c81701ee59
ssdeep
768:F75Ka+QK2tbaVl+yLP7zdU1j0+toXhAI2YVqW2ms6GcbeHjT00P:F1KqKWbO0yj7z0TGXhL2VX6GcbQPR

authentihash c83dc95cf5642d5ebf923a4b0a73d29cbc80aeb961a85e811a341c17a249eb44
imphash 1628d50132cb55dd0de9d99ff94efe7c
File size 35.5 KB ( 36352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-12-27 12:03:37 UTC ( 6 years, 4 months ago )
Last submission 2013-01-31 21:05:36 UTC ( 6 years, 3 months ago )
File names rrgwtnmd.exe
PostalReceipt1.exe
sxrxkrra.exe
6bb823d87f99da067e284935ca3a8b14
file-4965008_exe
PostalReceipt.exe
vt-upload-L8aO4G
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!