× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5cd3c4c3f9b79533805b3485e53d7f5773ca61a608e3dfca51057d64da7716c
File name: twitt_us.exe
Detection ratio: 4 / 55
Analysis date: 2016-03-17 18:08:19 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.C0E7 20160317
Kaspersky UDS:DangerousObject.Multi.Generic 20160317
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160317
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160317
Ad-Aware 20160317
AegisLab 20160317
Yandex 20160316
AhnLab-V3 20160317
Alibaba 20160317
ALYac 20160317
Antiy-AVL 20160317
Arcabit 20160317
Avast 20160317
AVG 20160317
AVware 20160317
Baidu 20160317
Baidu-International 20160317
BitDefender 20160317
ByteHero 20160317
CAT-QuickHeal 20160317
ClamAV 20160317
CMC 20160316
Comodo 20160317
Cyren 20160317
DrWeb 20160317
Emsisoft 20160317
ESET-NOD32 20160317
F-Prot 20160317
F-Secure 20160317
Fortinet 20160317
GData 20160317
Ikarus 20160317
Jiangmin 20160317
K7AntiVirus 20160317
K7GW 20160317
Malwarebytes 20160317
McAfee 20160317
McAfee-GW-Edition 20160317
Microsoft 20160316
eScan 20160317
NANO-Antivirus 20160317
nProtect 20160317
Panda 20160317
Sophos AV 20160317
SUPERAntiSpyware 20160317
Symantec 20160317
Tencent 20160317
TheHacker 20160315
TrendMicro 20160317
TrendMicro-HouseCall 20160317
VBA32 20160317
VIPRE 20160317
ViRobot 20160317
Zillya 20160317
Zoner 20160317
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-14 02:28:21
Entry Point 0x00023690
Number of sections 4
PE sections
PE imports
ImageList_SetBkColor
DestroyPropertySheetPage
ImageList_Merge
Ord(16)
Ord(14)
Ord(8)
GetObjectA
SwapBuffers
GetNearestPaletteIndex
CreateDIBPatternBrushPt
CreateEllipticRgn
GetSystemPaletteEntries
MoveToEx
ResizePalette
SetWorldTransform
GetTextColor
SymGetModuleInfo
StackWalk
GetTimestampForLoadedLibrary
SymRegisterCallback
ImagehlpApiVersionEx
ImageGetDigestStream
BackupWrite
QueryDosDeviceA
GetModuleHandleA
GetDefaultCommConfigW
ConnectNamedPipe
VarDateFromI1
LPSAFEARRAY_UserSize
VarCySub
VarR4FromDec
VarR4FromI4
VarBstrFromUI2
VarDecFromR8
VarR8FromBool
SafeArrayGetRecordInfo
VarR4FromDisp
SafeArrayAccessData
VarDecNeg
DispInvoke
VarI1FromUI1
OleLoadPictureFile
VarBstrFromR8
VarDecFromBool
VarUI2FromCy
VarAdd
VarDateFromUI2
RasEnumDevicesW
RasEditPhonebookEntryA
RasDialW
RasGetProjectionInfoW
RasValidateEntryNameW
RasGetErrorStringA
RasSetEntryPropertiesW
RasHangUpA
RasEnumEntriesA
FtpFindFirstFileA
InternetSetCookieA
HttpOpenRequestA
HttpSendRequestExW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
RetrieveUrlCacheEntryFileW
GetUrlCacheEntryInfoW
HttpEndRequestA
HttpOpenRequestW
InternetGetCookieW
GopherOpenFileW
InternetSetFilePointer
InternetDial
GopherFindFirstFileA
InternetLockRequestFile
FtpRenameFileW
InternetWriteFile
FtpGetFileW
InternetCreateUrlW
GopherGetLocatorTypeW
InternetCheckConnectionA
RetrieveUrlCacheEntryFileA
InternetCheckConnectionW
InternetCreateUrlA
FtpSetCurrentDirectoryW
InternetSetOptionA
GopherGetAttributeW
HttpSendRequestW
InternetOpenUrlW
DeleteUrlCacheEntry
InternetOpenW
waveOutSetVolume
midiOutGetErrorTextW
OpenDriver
midiOutShortMsg
waveInGetDevCapsA
mmioFlush
mmioSeek
midiOutGetVolume
midiInReset
waveOutGetID
PlaySoundW
mciSetYieldProc
waveOutRestart
midiStreamClose
waveInGetNumDevs
midiStreamProperty
midiStreamRestart
mmioRead
waveOutUnprepareHeader
mciSendCommandW
mixerClose
waveOutGetErrorTextA
midiInPrepareHeader
PrintDlgA
GetFileTitleA
OleRun
CoIsHandlerConnected
CoRegisterSurrogate
OleFlushClipboard
IsAccelerator
OleRegGetMiscStatus
OleCreateStaticFromData
OleDoAutoConvert
HWND_UserUnmarshal
ReadFmtUserTypeStg
StgOpenPropStg
OleDuplicateData
CoIsOle1Class
CoRevokeMallocSpy
SNB_UserMarshal
CLIPFORMAT_UserFree
HBITMAP_UserSize
OleCreateLinkFromDataEx
HPALETTE_UserMarshal
RevokeDragDrop
CoUnmarshalInterface
CoTaskMemFree
StgIsStorageFile
StgCreateDocfileOnILockBytes
GetRunningObjectTable
HACCEL_UserUnmarshal
StringFromCLSID
CoFreeAllLibraries
OleCreateLink
CoReleaseMarshalData
OleGetIconOfClass
Number of PE resources by type
RT_MENU 8
RT_ICON 2
RT_GROUP_ICON 2
RT_DIALOG 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
TATAR DEFAULT 16
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
208896

ImageVersion
0.0

FileVersionNumber
0.9.247.185

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Convert.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
164, 118, 49, 205

TimeStamp
2004:12:14 03:28:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Discoursing

ProductVersion
206, 250, 117, 2

FileDescription
Enslave

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
FS2YOU

CodeSize
143360

FileSubtype
0

ProductVersionNumber
0.8.217.0

EntryPoint
0x23690

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 df349df91be35f8b0696c206317a8019
SHA1 65f7b114802f8c32dd72a34f88edbbbd2f675dd4
SHA256 d5cd3c4c3f9b79533805b3485e53d7f5773ca61a608e3dfca51057d64da7716c
ssdeep
6144:45MW/12morHy6QawafZsidfse87j2qz1CXmXKHUTICBSZ:gpEsaBsidferz1aQKHUElZ

authentihash 1e37f7f3e642f9cba803c77aba458b99632ad16c541c5f2acdc3effb505ad582
imphash fa8ba4fedd04e9adaebefa46a79dda0e
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-17 17:24:49 UTC ( 3 years, 1 month ago )
Last submission 2018-10-09 13:41:37 UTC ( 6 months, 2 weeks ago )
File names TWITT_US[1].EXE
map.php
lZUH3B.zip
ojidsfc.exe
twitt_us.exe.norun
VirusShare_df349df91be35f8b0696c206317a8019
twitt_us.exe
map.php.bin
twitt_us.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications