× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d867df9de257dc788d191636bbaaa05fda376acc44f77bef7556d6daa9ec4c53
File name: POSTDANMARK_Pakkeboksen.ex
Detection ratio: 39 / 55
Analysis date: 2016-02-20 09:40:40 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3039866 20160220
AegisLab Troj.Dropper.Gen!c 20160220
Yandex Backdoor.Androm!mqDh0kGWAG0 20160219
AhnLab-V3 Trojan/Win32.Teerac 20160219
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160220
Arcabit Trojan.Generic.D2E627A 20160220
Avast Win32:Malware-gen 20160220
AVG Inject3.AAWH 20160220
Avira (no cloud) TR/Dropper.Gen 20160220
AVware Trojan.Win32.Generic!BT 20160220
BitDefender Trojan.GenericKD.3039866 20160220
DrWeb Trojan.PWS.Siggen1.46523 20160220
Emsisoft Trojan.GenericKD.3039866 (B) 20160220
ESET-NOD32 a variant of Win32/Injector.CSEF 20160220
F-Secure Trojan.GenericKD.3039866 20160219
Fortinet W32/CSEF!tr 20160220
GData Trojan.GenericKD.3039866 20160220
Ikarus Trojan-Ransom.CryptoWall3 20160220
Jiangmin Backdoor.Androm.dyx 20160220
K7AntiVirus Trojan ( 004de10f1 ) 20160220
K7GW Trojan ( 004de10f1 ) 20160220
Kaspersky Backdoor.Win32.Androm.jdll 20160220
Malwarebytes Ransom.TorrentLocker 20160219
McAfee Ransom-Teerac!E4C566FFAE92 20160220
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.hh 20160220
Microsoft Ransom:Win32/Teerac!rfn 20160220
eScan Trojan.GenericKD.3039866 20160220
NANO-Antivirus Trojan.Win32.Siggen1.eahvpo 20160220
nProtect Trojan.GenericKD.3039866 20160219
Panda Generic Suspicious 20160219
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160220
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160220
Sophos AV Mal/Ransom-EF 20160220
Symantec Trojan.Cryptolocker.H 20160219
Tencent Win32.Backdoor.Androm.Alij 20160220
TrendMicro TROJ_FRS.0NA003BF16 20160220
TrendMicro-HouseCall TROJ_FRS.0NA003BF16 20160220
VIPRE Trojan.Win32.Generic!BT 20160220
Zillya Backdoor.Androm.Win32.32302 20160219
Alibaba 20160219
Baidu-International 20160219
Bkav 20160219
ByteHero 20160220
CAT-QuickHeal 20160220
ClamAV 20160219
CMC 20160219
Comodo 20160220
Cyren 20160220
F-Prot 20160220
SUPERAntiSpyware 20160220
TheHacker 20160217
TotalDefense 20160219
VBA32 20160219
ViRobot 20160220
Zoner 20160220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-30 07:50:35
Entry Point 0x0000E1E0
Number of sections 4
PE sections
Overlays
MD5 ee2783b3712ab69401f430640c22ae87
File type data
Offset 544768
Size 1090
Entropy 6.27
PE imports
CreatePolygonRgn
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
GetBkMode
CreateICW
SetDeviceGammaRamp
LPtoDP
GetClipBox
ModifyWorldTransform
GetDeviceCaps
CreateDCA
DeleteDC
SetMetaFileBitsEx
ScaleViewportExtEx
GetTextExtentExPointW
FillPath
CreateDCW
GetCharWidthA
GetObjectA
GetCurrentObject
RectVisible
GetStockObject
GetCurrentPositionEx
SelectPalette
GetOutlineTextMetricsW
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchBlt
SetStretchBltMode
CloseEnhMetaFile
SetBrushOrgEx
EndPage
GetWinMetaFileBits
EnumEnhMetaFile
ExtCreatePen
SetTextCharacterExtra
GetTextExtentPoint32W
ImmSetOpenStatus
AreFileApisANSI
GetCommTimeouts
GetEnvironmentStrings
DosDateTimeToFileTime
GetCurrentDirectoryW
GetShortPathNameW
GetStartupInfoA
GetModuleHandleA
GetPrivateProfileIntA
GetVolumeInformationW
GetProcessPriorityBoost
Ord(324)
Ord(3825)
Ord(2648)
Ord(3147)
Ord(2124)
Ord(5199)
Ord(3830)
Ord(4627)
Ord(3597)
Ord(4234)
Ord(4853)
Ord(3136)
Ord(1036)
Ord(2982)
Ord(3079)
Ord(3262)
Ord(1064)
Ord(1057)
Ord(5241)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(1010)
Ord(3798)
Ord(3259)
Ord(3081)
Ord(5065)
Ord(4407)
Ord(2446)
Ord(6374)
Ord(4079)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(3346)
Ord(1083)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(1168)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(1043)
Ord(4486)
Ord(5300)
Ord(4698)
Ord(4998)
Ord(3922)
Ord(1068)
Ord(4353)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2512)
Ord(5277)
Ord(4441)
Ord(1003)
Ord(4274)
Ord(1050)
Ord(5261)
Ord(4465)
Ord(1085)
Ord(5731)
__p__fmode
fputc
__CxxFrameHandler
_acmdln
_futime
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
atexit
_rmtmp
__getmainargs
_initterm
_controlfp
atof
_adjust_fdiv
__set_app_type
RasHangUpA
UnionRect
Number of PE resources by type
RT_RCDATA 12
RT_ICON 10
RT_GROUP_ICON 5
RT_DIALOG 2
skEw73221 1
mX0661y 1
N8R4Tm 1
aGQ18 1
R4o71 1
iu2RC5 1
nmsvg1 1
sWct0 1
Gr7W2 1
CqCN2w6 1
RT_VERSION 1
BLdC3Q40M 1
Number of PE resources by language
NEUTRAL 41
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.237.123.16

UninitializedDataSize
0

LanguageCode
Unknown (DIAG)

FileFlagsMask
0x003f

CharacterSet
Unknown (ONALISING)

InitializedDataSize
483328

EntryPoint
0xe1e0

MIMEType
application/octet-stream

LegalCopyright
2010 (C) 2012

FileVersion
0.38.72.211

TimeStamp
2007:01:30 08:50:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Coprocessors

ProductVersion
0.48.250.33

FileDescription
Dampen Elaborate Glasshouse

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Thinking Man Software

CodeSize
57344

ProductName
Giant Gecko

ProductVersionNumber
0.6.3.201

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e4c566ffae92192f53cd6477dfd02fdb
SHA1 dc1b54b06391f512a9eca8461c5eb5469c5ed9b1
SHA256 d867df9de257dc788d191636bbaaa05fda376acc44f77bef7556d6daa9ec4c53
ssdeep
12288:PtpvVvZ+H4N/IGYtWwadKbT+EZCd1Gfr1avghaCeLTZSpkhXZZFCPRvTE:PbdvZ+H4CVYL8T+oYCrUvghxMTZDtFCq

authentihash ec30cdc71e8552fd90be89df25f7f062ca5635c9c9d1ddc1e115c6805ea73050
imphash f1220a917cf558df8c8e43a4dc37729f
File size 533.1 KB ( 545858 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-12 11:17:17 UTC ( 3 years, 2 months ago )
Last submission 2016-08-09 12:43:29 UTC ( 2 years, 8 months ago )
File names POSTDANMARK_Pakkeboksen.exe
ENEL_Bolletta.exe
POSTDANMARK_Pakkeboksen.ex
ufujukap.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0212.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!