× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cdb7b330cc3919f29a517cbf46ac5e1fd4a2554003a5ba4a74fd1dff616be817
File name: PostalReceipt.exe
Detection ratio: 41 / 46
Analysis date: 2013-04-23 06:37:39 UTC ( 12 months ago )
Antivirus Result Update
AVG Downloader.Generic13.WTY 20130423
Agnitum Trojan.DL.Zortob!HScL7Ih7HXc 20130422
AhnLab-V3 Win-Trojan/Wildcoe.32768 20130422
AntiVir TR/Graftor.62708.1 20130423
Avast Win32:Trojan-gen 20130423
BitDefender Trojan.Agent.AYWT 20130423
CAT-QuickHeal TrojanDownloader.Kuluoz.afx.cw3 20130423
Commtouch W32/Kuluoz.VNDL-3956 20130423
Comodo TrojWare.Win32.Trojan.Agent.Gen 20130423
DrWeb BackDoor.Kuluoz.3 20130423
ESET-NOD32 Win32/TrojanDownloader.Zortob.B 20130422
Emsisoft Trojan.Agent.AYWT (B) 20130423
F-Prot W32/Kuluoz.I 20130423
F-Secure Trojan.Agent.AYWT 20130423
Fortinet W32/Kuluoz.AFX!tr.dldr 20130423
GData Trojan.Agent.AYWT 20130423
Ikarus Trojan-Downloader.Win32.Kuluoz 20130423
Jiangmin TrojanDownloader.Kuluoz.fx 20130423
K7AntiVirus Riskware 20130422
K7GW Riskware 20130422
Kaspersky Trojan-Downloader.Win32.Kuluoz.afx 20130423
Kingsoft Win32.Malware.Generic.a.(kcloud) 20130422
Malwarebytes Email.FakeMS 20130423
McAfee Downloader.a!d2h 20130423
McAfee-GW-Edition Downloader.a!d2h 20130423
MicroWorld-eScan Trojan.Agent.AYWT 20130423
Microsoft TrojanDownloader:Win32/Kuluoz.B 20130423
NANO-Antivirus Trojan.Win32.Kuluoz.bghnwg 20130423
Norman Troj_Generic.GIABB 20130422
PCTools Trojan.Smoaler 20130423
Panda Trj/OCJ.C 20130422
Sophos Mal/EncPk-ABL 20130423
Symantec Trojan.Smoaler!gen4 20130423
TheHacker Posible_Worm32 20130422
TotalDefense Win32/Kuluoz.EJ 20130422
TrendMicro TROJ_KULUOZ.GA 20130423
TrendMicro-HouseCall TROJ_KULUOZ.GA 20130423
VBA32 BScope.Trojan-Dropper.8612 20130422
VIPRE Trojan.Win32.Generic!BT 20130423
ViRobot Trojan.Win32.A.Downloader.32768.CCD[UPX] 20130423
nProtect Trojan-Downloader/W32.Kuluoz.32768.B 20130423
Antiy-AVL 20130423
ByteHero 20130418
ClamAV 20130423
SUPERAntiSpyware 20130423
eSafe 20130418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-28 07:33:00
Entry Point 0x00022350
Number of sections 3
PE sections
PE imports
RegCreateKeyA
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DeleteMenu
Ord(269)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:12:28 08:33:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
7.1

FileAccessDate
2013:04:23 07:41:00+01:00

EntryPoint
0x22350

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2013:04:23 07:41:00+01:00

UninitializedDataSize
106496

Compressed bundles
File identification
MD5 25c3f5406f88bc64d3652f2446cd39be
SHA1 b951ea96d4bf451c5f1e8ba6f14dbe1b361be767
SHA256 cdb7b330cc3919f29a517cbf46ac5e1fd4a2554003a5ba4a74fd1dff616be817
ssdeep
768:Uy5Eu1m5ACV2P0V04jZXbIEtL3OXo62IWXDL:bFoV4ijFhtOtrKf

File size 32.0 KB ( 32768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (8.7%)
Generic Win/DOS Executable (2.6%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-12-28 08:58:11 UTC ( 1 year, 3 months ago )
Last submission 2013-02-06 11:33:55 UTC ( 1 year, 2 months ago )
File names 25c3f5406f88bc64d3652f2446cd39be
1373502.malware
file-4989923_exe
25c3f5406f88bc64d3652f2446cd39be.exe
CV .exe
smona_cdb7b330cc3919f29a517cbf46ac5e1fd4a2554003a5ba4a74fd1dff616be817.bin
PostalReceipt.exe
822546.malware
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!