× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca74bad5b2fc7e369a33b42cb805efdc66b816c8d37819cc27445e4296127cf7
File name: bolletta_285137.exe
Detection ratio: 1 / 56
Analysis date: 2015-09-08 06:02:16 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Rising PE:Malware.FakePDF@CV!1.9E05[F1] 20150906
Ad-Aware 20150908
AegisLab 20150907
Yandex 20150907
AhnLab-V3 20150908
Alibaba 20150902
ALYac 20150908
Antiy-AVL 20150908
Arcabit 20150905
Avast 20150908
AVG 20150908
Avira (no cloud) 20150908
AVware 20150901
Baidu-International 20150907
BitDefender 20150908
Bkav 20150907
ByteHero 20150908
CAT-QuickHeal 20150908
ClamAV 20150908
CMC 20150902
Comodo 20150908
Cyren 20150908
DrWeb 20150908
Emsisoft 20150908
ESET-NOD32 20150908
F-Prot 20150908
F-Secure 20150908
Fortinet 20150908
GData 20150908
Ikarus 20150908
Jiangmin 20150907
K7AntiVirus 20150908
K7GW 20150908
Kaspersky 20150908
Kingsoft 20150908
Malwarebytes 20150907
McAfee 20150908
McAfee-GW-Edition 20150907
Microsoft 20150908
eScan 20150908
NANO-Antivirus 20150908
nProtect 20150907
Panda 20150907
Qihoo-360 20150908
Sophos AV 20150907
SUPERAntiSpyware 20150908
Symantec 20150907
Tencent 20150908
TheHacker 20150907
TrendMicro 20150908
TrendMicro-HouseCall 20150908
VBA32 20150907
VIPRE 20150907
ViRobot 20150908
Zillya 20150908
Zoner 20150908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-12-29 00:39:53
Entry Point 0x0002F956
Number of sections 4
PE sections
Overlays
MD5 d67049c04b19a5a59f519728a472cf6c
File type data
Offset 593920
Size 171561
Entropy 7.96
PE imports
RegUnLoadKeyA
RegConnectRegistryW
RegRestoreKeyW
IsValidSid
GetSidIdentifierAuthority
GetSidLengthRequired
LsaNtStatusToWinError
GetAce
LookupSecurityDescriptorPartsW
EqualSid
BackupEventLogA
RegDeleteKeyW
RegDeleteValueA
UnlockServiceDatabase
EnumServicesStatusA
GetStartupInfoA
GetModuleHandleA
LoadLibraryW
CreateDirectoryA
GetVersionExW
EnumResourceTypesW
Ord(324)
Ord(3825)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(5302)
Ord(4425)
Ord(4627)
Ord(3597)
Ord(1168)
Ord(4853)
Ord(6375)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(4353)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(3081)
Ord(2648)
Ord(5714)
Ord(2446)
Ord(3830)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(5300)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5731)
Ord(1727)
Ord(4486)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(1089)
Ord(641)
Ord(3738)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(4673)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(4079)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
EnableWindow
GetPriorityClipboardFormat
Number of PE resources by type
RT_ICON 12
RT_ACCELERATOR 8
RT_GROUP_ICON 4
RT_DIALOG 3
RT_MENU 3
RT_VERSION 1
Number of PE resources by language
ENGLISH ARABIC QATAR 11
HUNGARIAN DEFAULT 10
POLISH DEFAULT 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

FileOS
Win32

TimeStamp
2005:12:29 01:39:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
192512

LinkerVersion
6.0

FileSubtype
0

ProductVersionNumber
0.231.195.30

FileTypeExtension
exe

InitializedDataSize
397312

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileVersionNumber
0.131.1.199

EntryPoint
0x2f956

UninitializedDataSize
0

ObjectFileType
Executable application

File identification
MD5 ee379fdab96a485d6a8ea12cbe948e9e
SHA1 f5eca5295406d1e6dd029d9df26fafd5bb92f8cd
SHA256 ca74bad5b2fc7e369a33b42cb805efdc66b816c8d37819cc27445e4296127cf7
ssdeep
12288:pMjYhZS6dzO85RbqMG9MbQ0QE7JHRUJOJhdBkgk96yJ/Ijnzf:pvzdzqMG9MbbJHRUohdBOhBM

authentihash 9a968f584f1398bdf034545677fee059b2d6d220137a8e3272c6298c7affd5f7
imphash d75afbc6b4becbcf9e6d215ee2bce2fd
File size 747.5 KB ( 765481 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-08 06:02:16 UTC ( 3 years, 6 months ago )
Last submission 2015-09-16 19:36:58 UTC ( 3 years, 6 months ago )
File names bolletta_285137.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs