× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf8f3cd568c449d06786092be1b41eccf2da6b7f9b37b17d2263589cec6cc3c3
File name: parcelon13.exe
Detection ratio: 15 / 63
Analysis date: 2017-07-06 02:02:57 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170705
CrowdStrike Falcon (ML) malicious_confidence_96% (D) 20170420
Endgame malicious (high confidence) 20170629
ESET-NOD32 Win32/TrojanDownloader.Zurgop.CO 20170705
Sophos ML heuristic 20170607
Kaspersky UDS:DangerousObject.Multi.Generic 20170705
Qihoo-360 HEUR/QVM10.1.4A81.Malware.Gen 20170706
Rising Malware.Heuristic!ET#93% (rdm+) 20170706
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Troj/Mdrop-HYH 20170705
Symantec Trojan.Smoaler 20170705
TrendMicro Mal_SageCrypt-1h 20170706
TrendMicro-HouseCall Mal_SageCrypt-1h 20170706
Webroot W32.Trojan.Gen 20170706
ZoneAlarm by Check Point Backdoor.Win32.Androm.npdt 20170706
Ad-Aware 20170706
AegisLab 20170706
AhnLab-V3 20170705
Alibaba 20170706
ALYac 20170706
Antiy-AVL 20170705
Arcabit 20170705
Avast 20170705
AVG 20170705
Avira (no cloud) 20170705
AVware 20170705
BitDefender 20170705
Bkav 20170705
CAT-QuickHeal 20170705
ClamAV 20170705
CMC 20170705
Comodo 20170706
Cyren 20170705
DrWeb 20170705
Emsisoft 20170705
F-Prot 20170705
F-Secure 20170705
Fortinet 20170629
GData 20170706
Ikarus 20170705
Jiangmin 20170706
K7AntiVirus 20170705
K7GW 20170706
Kingsoft 20170706
Malwarebytes 20170706
MAX 20170705
McAfee 20170706
McAfee-GW-Edition 20170705
Microsoft 20170705
eScan 20170706
NANO-Antivirus 20170706
nProtect 20170706
Palo Alto Networks (Known Signatures) 20170706
Panda 20170705
SUPERAntiSpyware 20170706
Symantec Mobile Insight 20170705
Tencent 20170706
TheHacker 20170704
TotalDefense 20170705
Trustlook 20170706
VBA32 20170705
VIPRE 20170705
ViRobot 20170705
WhiteArmor 20170627
Yandex 20170705
Zillya 20170705
Zoner 20170706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) Jumping Bytes

Product DecodersPackets
Original name DecodersPackets.exe
File version 7.7.74.984
Description Flex Rivenstorage Medical Cllabrating Audition
Comments Flex Rivenstorage Medical Cllabrating Audition
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-03 15:03:32
Entry Point 0x00004A60
Number of sections 4
PE sections
PE imports
GetTraceLoggerHandle
AVIGetFromClipboard
SetMapMode
CreateEllipticRgn
GetSystemPaletteEntries
SetDCPenColor
SetViewportOrgEx
CreateSolidBrush
BitBlt
SelectClipRgn
DeleteObject
GetIpNetTable
GetIpForwardTable
GetIpAddrTable
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
DecodePointer
GetCurrentProcessId
lstrcatA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetFileType
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
HeapSetInformation
EnumSystemLanguageGroupsA
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
lstrcpyA
InterlockedDecrement
Sleep
FormatMessageA
TlsSetValue
ExitProcess
OutputDebugStringA
InterlockedIncrement
SetLastError
LeaveCriticalSection
SetupDiGetClassDevsA
ShellExecuteA
PathUnquoteSpacesA
PathFindExtensionA
MapWindowPoints
SetFocus
GetParent
BeginPaint
OffsetRect
SetCaretPos
DestroyMenu
PostQuitMessage
DefWindowProcA
FindWindowA
SetClassLongA
SetWindowPos
GetSystemMetrics
AppendMenuA
GetWindowRect
EndPaint
CallWindowProcA
SystemParametersInfoA
CreatePopupMenu
ShowCaret
LoadStringA
SendMessageA
GetClientRect
GetDlgItem
ClientToScreen
SetRect
MonitorFromRect
GetDCEx
LoadCursorA
TrackPopupMenu
FillRect
LockWindowUpdate
EnableWindow
GetMonitorInfoA
CreateEnvironmentBlock
GetThemeInt
WTSQuerySessionInformationA
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
OleGetClipboard
PdhCollectQueryData
Number of PE resources by type
RT_DIALOG 11
BIN 6
RT_ICON 6
RT_STRING 4
RT_MENU 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_BITMAP 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 35
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Flex Rivenstorage Medical Cllabrating Audition

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.7.74.984

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
139264

EntryPoint
0x4a60

OriginalFileName
DecodersPackets.exe

MIMEType
application/octet-stream

LegalCopyright
(C) Jumping Bytes

FileVersion
7.7.74.984

TimeStamp
2017:07:03 16:03:32+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

ProductVersion
7.7.74.984

FileDescription
Flex Rivenstorage Medical Cllabrating Audition

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Jumping Bytes

CodeSize
54784

ProductName
DecodersPackets

ProductVersionNumber
7.7.74.984

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 90a6d582f52046e15cf5db88ebc64b41
SHA1 b573664b3aea85d02bcf6b3aa2355314b812ed1a
SHA256 cf8f3cd568c449d06786092be1b41eccf2da6b7f9b37b17d2263589cec6cc3c3
ssdeep
3072:HNRoZatg/YkseorMHwpWBE7BlYWNEEpGRhXpR7GzJm:HNRsatuYkRs071d

authentihash 9087431ec39b024be3c02deb8c91bdd45827eeb7377e8028423a23e99eb360cd
imphash ad160568dfe9a69345d42234f2c7ec65
File size 190.5 KB ( 195072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-06 02:02:57 UTC ( 1 year, 9 months ago )
Last submission 2017-11-13 07:07:19 UTC ( 1 year, 5 months ago )
File names parcelon13.exe
DecodersPackets.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Searched windows
Runtime DLLs