× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc2e70d7deaac4e2d85851e2b7c484565b20ba329e4a27ff3611175372eadc96
File name: srsrsr.png
Detection ratio: 15 / 56
Analysis date: 2016-11-30 02:54:33 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Fsysna!c 20161130
Antiy-AVL Trojan/Win32.Fsysna 20161130
Avira (no cloud) TR/ATRAPS.etbhc 20161130
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161129
Bkav HW32.Packed.DFAD 20161129
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
DrWeb Trojan.Inject2.36621 20161130
ESET-NOD32 a variant of Win32/Injector.DIEZ 20161130
Sophos ML virtool.win32.vbinject.ug 20161128
Kaspersky Trojan.Win32.Fsysna.eceb 20161130
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20161130
Qihoo-360 HEUR/QVM03.0.7FFF.Malware.Gen 20161130
Rising Trojan.Fsysna!8.5F2-3zMK5TLrCIM (cloud) 20161130
Sophos AV Mal/Generic-S 20161130
Symantec Heur.AdvML.B 20161130
Ad-Aware 20161130
AhnLab-V3 20161129
Alibaba 20161129
ALYac 20161130
Arcabit 20161130
Avast 20161130
AVG 20161129
AVware 20161130
BitDefender 20161130
CAT-QuickHeal 20161129
ClamAV 20161130
CMC 20161129
Comodo 20161130
Cyren 20161130
Emsisoft 20161130
F-Prot 20161130
F-Secure 20161130
Fortinet 20161130
GData 20161130
Ikarus 20161129
Jiangmin 20161130
K7AntiVirus 20161129
K7GW 20161130
Kingsoft 20161130
Malwarebytes 20161129
McAfee 20161130
Microsoft 20161130
eScan 20161130
NANO-Antivirus 20161130
nProtect 20161130
Panda 20161129
SUPERAntiSpyware 20161130
Tencent 20161130
TheHacker 20161126
TrendMicro 20161130
TrendMicro-HouseCall 20161130
Trustlook 20161130
VBA32 20161129
VIPRE 20161130
ViRobot 20161129
WhiteArmor 20161125
Yandex 20161128
Zillya 20161129
Zoner 20161130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
that offers professional

Product that offers professional
Original name 7anv54Fa.exe
Internal name 7anv54Fa
File version 1.00.0065
Description Cu to?ii avem un prieten care intarzie la fotbal - Duration: 22 seconds. Junimea. 18,984 views; 3 weeks ago. 0:06. Play next; Play now .
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-29 08:11:44
Entry Point 0x0000214C
Number of sections 3
PE sections
Overlays
MD5 a87fbf79beaaca3e88052010a72150a9
File type data
Offset 151552
Size 206045
Entropy 7.99
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(617)
EVENT_SINK_Release
__vbaGenerateBoundsError
_allmul
__vbaStrMove
_adj_fdivr_m64
__vbaGet3
_adj_fprem
__vbaVarLateMemSt
__vbaLenBstr
__vbaAryMove
__vbaResume
_adj_fpatan
__vbaStrVarCopy
EVENT_SINK_AddRef
__vbaVarIndexLoad
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
Ord(578)
__vbaVar2Vec
__vbaCyVar
__vbaExitProc
Ord(100)
__vbaUI1I2
_CItan
__vbaFreeVar
__vbaObjSetAddref
_adj_fdiv_r
__vbaAryConstruct2
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(711)
Ord(606)
__vbaStrCopy
__vbaAryLock
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI4Str
__vbaFileClose
__vbaObjSet
__vbaAryUnlock
__vbaVarMove
_CIlog
_CIatan
__vbaNew2
__vbaErrorOverflow
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
Ord(685)
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaVarCopy
__vbaFreeStrList
__vbaI2I4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.65

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x214c

OriginalFileName
7anv54Fa.exe

MIMEType
application/octet-stream

LegalCopyright
that offers professional

FileVersion
1.00.0065

TimeStamp
2016:11:29 09:11:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7anv54Fa

ProductVersion
1.00.0065

FileDescription
Cu to?ii avem un prieten care intarzie la fotbal - Duration: 22 seconds. Junimea. 18,984 views; 3 weeks ago. 0:06. Play next; Play now .

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FlasH Oklahoma with statewide

CodeSize
135168

ProductName
that offers professional

ProductVersionNumber
1.0.0.65

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2e3a4bbd6064cc756d6a3093f83d7385
SHA1 c650f4133613215d53cf60b5bbfcf99699d7b5a2
SHA256 dc2e70d7deaac4e2d85851e2b7c484565b20ba329e4a27ff3611175372eadc96
ssdeep
6144:5Xq6r75hLga89oj/DnQY/cbO2BPE+lF4aoZnLOo+ow:zF1ga89G/azBPEkLoBlpw

authentihash f55b58ac1e4f66cb6aa65cae9d6130f2260dcd04dc75b47aa6e3d4dcc4abd52f
imphash c50f6890840c09004b5a3311829b7bb1
File size 349.2 KB ( 357597 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-30 00:45:48 UTC ( 2 years, 4 months ago )
Last submission 2016-12-16 16:45:03 UTC ( 2 years, 4 months ago )
File names srsrsr.png
scpsis.vir.HSvir
7anv54Fa
scpsis.exe
srsrsr.e_xe
7anv54Fa.exe
scewys.exe.2648.dr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.