× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cde3818cd9ca51efbee700a75e63ce19c3da364c96afe07d7ca01e66f6f7d3ac
File name: Electronic Ticket.exe
Detection ratio: 10 / 46
Analysis date: 2013-04-10 00:15:30 UTC ( 1 year ago ) View latest
Antivirus Result Update
AVG Agent.8.AJ 20130409
DrWeb BackDoor.Kuluoz.4 20130410
Emsisoft Trojan.Win32.Agent.AMN (A) 20130410
Fortinet W32/Zortob.BB!tr 20130410
Kaspersky Trojan-Downloader.Win32.Dofoil.pha 20130409
Malwarebytes Trojan.Krypt 20130409
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20130410
Panda Suspicious file 20130409
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert[ZBot] 20130410
Sophos Mal/Weelsof-D 20130410
Agnitum 20130409
AhnLab-V3 20130409
AntiVir 20130409
Antiy-AVL 20130409
Avast 20130410
BitDefender 20130410
ByteHero 20130405
CAT-QuickHeal 20130409
ClamAV 20130409
Commtouch 20130409
Comodo 20130409
ESET-NOD32 20130409
F-Prot 20130409
F-Secure 20130410
GData 20130410
Ikarus 20130409
Jiangmin 20130409
K7AntiVirus 20130409
Kingsoft 20130408
McAfee 20130410
MicroWorld-eScan 20130410
Microsoft 20130410
NANO-Antivirus 20130409
Norman 20130409
PCTools 20130409
Rising 20130409
Symantec 20130410
TheHacker 20130409
TotalDefense 20130409
TrendMicro 20130410
TrendMicro-HouseCall 20130410
VBA32 20130408
VIPRE 20130410
ViRobot 20130409
eSafe 20130407
nProtect 20130409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-10 05:33:49
Link date 6:33 AM 4/10/2013
Entry Point 0x0000382E
Number of sections 5
PE sections
PE imports
CreateFontIndirectW
PatBlt
SetStretchBltMode
SaveDC
CreateFontIndirectA
CreateRectRgnIndirect
GetClipBox
GetObjectA
LineTo
DeleteDC
RestoreDC
SetBkMode
SetWindowOrgEx
GetObjectW
BitBlt
CreateDIBSection
RealizePalette
SetTextColor
CreateSolidBrush
ExtTextOutW
CreateBitmap
MoveToEx
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
ExtTextOutA
ExtSelectClipRgn
CreateCompatibleDC
StretchBlt
GetStretchBltMode
ExtCreatePen
SetBkColor
CreateCompatibleBitmap
CreatePenIndirect
InitializeCriticalSectionAndSpinCount
GetPriorityClass
SetFilePointerEx
GetEnvironmentStrings
GetFileType
HeapCreate
GetCurrentProcessId
GetModuleHandleA
lstrcmpA
GetVersionExW
IsDebuggerPresent
GetTickCount
GetStartupInfoW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetCommandLineA
GetModuleHandleW
SetLastError
GetCurrentThread
_adjust_fdiv
__wgetmainargs
__p__fmode
__p__commode
__setusermatherr
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
_except_handler3
_exit
__set_app_type
_initterm
_wcmdln
GetCapture
Ord(263)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
61952

FileOS
Win32

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2013:04:10 06:33:49+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 1

SubsystemVersion
5.0

OSVersion
5.0

OriginalFilename
Sybjov.exe

LegalCopyright
1, 0, 0, 1

MachineType
Intel 386 or later, and compatibles

CompanyName
Wnyuoclb

CodeSize
7680

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x382e

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f17ee7f9a0ec3d7577a148ae79955d6a
SHA1 b7173b92044e301624136ddc4fd9550939c8a049
SHA256 cde3818cd9ca51efbee700a75e63ce19c3da364c96afe07d7ca01e66f6f7d3ac
ssdeep
768:1ddzXjEfqDid+QXsrB+e91FnNIT8vaZc:bdzXjzGUhrBD5nqy

File size 27.5 KB ( 28160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-09 19:17:33 UTC ( 1 year ago )
Last submission 2013-04-19 16:13:10 UTC ( 12 months ago )
File names Electronic Ticket.exe
file-5357181_exe
vti-rescan
Postal-Receipt.exe
Postal-Receipt.exe0
f17ee7f9a0ec3d7577a148ae79955d6a
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!