× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de7d69bc8c76f8474ef7026622489f3d464d6355e6d4a6dac46956bc8d8bec5f
File name: DE7D69BC8C76F8474EF7026622489F3D464D6355E6D4A6DAC46956BC8D8BEC5F
Detection ratio: 29 / 55
Analysis date: 2016-02-10 07:59:17 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3025787 20160210
AegisLab Virus.W32.Cryptor!c 20160210
AhnLab-V3 Trojan/Win32.Cryptolocker 20160209
ALYac Trojan.GenericKD.3025787 20160209
Arcabit Trojan.Generic.D2E2B7B 20160210
AVG Win32/Cryptor 20160210
Avira (no cloud) TR/Crypt.Xpack.441828 20160210
BitDefender Trojan.GenericKD.3025787 20160210
DrWeb Trojan.PWS.Siggen1.46238 20160210
Emsisoft Trojan.GenericKD.3025787 (B) 20160210
ESET-NOD32 a variant of Win32/Injector.CRQX 20160210
F-Secure Trojan.GenericKD.3025787 20160210
Fortinet W32/Deshacop.BUQ!tr 20160210
GData Trojan.GenericKD.3025787 20160210
Ikarus Trojan.Crypt.XPACK 20160210
K7AntiVirus Trojan ( 004dd6b31 ) 20160210
K7GW Trojan ( 004dd6b31 ) 20160210
Kaspersky Trojan.Win32.Deshacop.buq 20160210
Malwarebytes Ransom.TorrentLocker.Generic 20160210
McAfee Packed-GL!FD931A4CF39C 20160210
McAfee-GW-Edition BehavesLike.Win32.Downloader.dh 20160210
Microsoft Ransom:Win32/Teerac 20160210
eScan Trojan.GenericKD.3025787 20160210
nProtect Trojan.GenericKD.3025787 20160205
Panda Generic Suspicious 20160208
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160210
Sophos AV Mal/Generic-S 20160210
TrendMicro TROJ_GEN.R047C0DB716 20160210
VIPRE Trojan.Win32.Generic!BT 20160210
Yandex 20160209
Alibaba 20160204
Antiy-AVL 20160210
Avast 20160210
Baidu-International 20160209
Bkav 20160204
ByteHero 20160210
CAT-QuickHeal 20160210
ClamAV 20160210
CMC 20160205
Comodo 20160210
Cyren 20160210
F-Prot 20160210
Jiangmin 20160210
NANO-Antivirus 20160210
Rising 20160210
SUPERAntiSpyware 20160210
Symantec 20160209
Tencent 20160210
TheHacker 20160210
TotalDefense 20160210
TrendMicro-HouseCall 20160210
VBA32 20160209
ViRobot 20160210
Zillya 20160209
Zoner 20160210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-02-20 19:37:29
Entry Point 0x00013716
Number of sections 4
PE sections
PE imports
SetMetaRgn
GetCharABCWidthsW
GetTextMetricsW
SetMapMode
GetWindowOrgEx
CreateMetaFileA
PolyPolyline
ResizePalette
SetTextAlign
GetCharABCWidthsA
CombineRgn
PlayMetaFile
GetROP2
GetViewportOrgEx
GetObjectType
CreateMetaFileW
PlayEnhMetaFileRecord
SetColorAdjustment
CopyEnhMetaFileW
GetRasterizerCaps
SetWorldTransform
SetPixelV
IntersectClipRect
CopyEnhMetaFileA
OffsetWindowOrgEx
CreateEllipticRgn
SetColorSpace
EqualRgn
GetPolyFillMode
GetDIBits
ExtCreateRegion
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
Escape
SwapBuffers
EnumICMProfilesA
ScaleViewportExtEx
BeginPath
CloseFigure
Pie
GetCharacterPlacementA
SetWindowExtEx
EnumICMProfilesW
ExtCreatePen
GetFontData
SetWinMetaFileBits
GetBkColor
SetRectRgn
CreateFontA
GetTextCharsetInfo
DeleteEnhMetaFile
PathToRegion
CreateFontIndirectW
RectInRegion
SetStretchBltMode
EnumFontsW
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
FillRgn
CreateRectRgnIndirect
LPtoDP
GetEnhMetaFileW
EnumFontsA
UpdateColors
GetBitmapBits
PolyDraw
OffsetViewportOrgEx
GetCharacterPlacementW
CreateDiscardableBitmap
SetMetaFileBitsEx
GetRegionData
BitBlt
EnumFontFamiliesA
GetICMProfileW
GetLogColorSpaceA
CreateEnhMetaFileW
GetOutlineTextMetricsA
SetAbortProc
EnumFontFamiliesExW
SelectPalette
StrokePath
ResetDCW
ScaleWindowExtEx
CloseEnhMetaFile
SetROP2
ExtEscape
AbortDoc
LineTo
GetNearestPaletteIndex
UpdateICMRegKeyA
EnumEnhMetaFile
CancelDC
GetTextColor
PtVisible
CreatePolyPolygonRgn
GetMapMode
PolyPolygon
SetViewportExtEx
SetGraphicsMode
GetPixelFormat
GetWindowExtEx
SetBitmapBits
PatBlt
CreatePen
OffsetClipRgn
AnimatePalette
EnumMetaFile
GetMetaRgn
GetClipBox
Rectangle
GetObjectA
GetMetaFileBitsEx
DeleteDC
EndDoc
StrokeAndFillPath
GetSystemPaletteEntries
GetWorldTransform
GetCharWidthW
StartPage
GetObjectW
CreateDCW
GetCharWidthA
GetEnhMetaFileDescriptionW
CreateHatchBrush
CreateDIBPatternBrushPt
OffsetRgn
RectVisible
DeleteColorSpace
GetPath
PlayEnhMetaFile
ExtTextOutA
GdiFlush
RoundRect
GetTextAlign
EndPage
GetTextExtentPoint32A
GetWinMetaFileBits
RealizePalette
GetEnhMetaFileHeader
SetWindowOrgEx
SelectObject
GetTextExtentPoint32W
StartDocA
EndPath
Polygon
CreateHalftonePalette
GetRgnBox
CreateICW
SetDeviceGammaRamp
MaskBlt
GetEnhMetaFilePaletteEntries
ModifyWorldTransform
GetGlyphOutlineA
GetDeviceGammaRamp
RestoreDC
GetPixel
GetTextExtentExPointW
FillPath
GetBkMode
SetTextColor
DPtoLP
ExtFloodFill
GetCurrentObject
MoveToEx
DrawEscape
SetViewportOrgEx
AbortPath
SetArcDirection
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
RemoveFontResourceA
GetClipRgn
GetEnhMetaFilePixelFormat
Ellipse
RemoveFontResourceW
CreateSolidBrush
Polyline
CombineTransform
StartDocW
CreateCompatibleBitmap
GetStartupInfoA
GetModuleHandleA
Ord(324)
Ord(3825)
Ord(5265)
Ord(3147)
Ord(2124)
Ord(1775)
Ord(4425)
Ord(1073)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(3136)
Ord(2982)
Ord(4353)
Ord(3079)
Ord(3262)
Ord(4234)
Ord(5241)
Ord(1576)
Ord(1089)
Ord(2055)
Ord(5065)
Ord(5307)
Ord(1069)
Ord(3798)
Ord(1012)
Ord(3259)
Ord(1000)
Ord(3081)
Ord(2648)
Ord(1022)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(4837)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(3597)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(4486)
Ord(1099)
Ord(641)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(1027)
Ord(3749)
Ord(5300)
Ord(2512)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(5731)
_mbsset
__p__fmode
_HUGE
_j0
__CxxFrameHandler
_acmdln
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
fmod
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
IsCharLowerA
Number of PE resources by type
RT_DIALOG 10
RT_RCDATA 6
RT_ICON 3
RT_GROUP_ICON 3
PY24I1Hs 1
MCo75 1
RT_VERSION 1
owBNQdC73p 1
RT_MENU 1
v83O6qSH 1
h3sK852 1
Number of PE resources by language
NEUTRAL 29
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.145.12.206

UninitializedDataSize
0

LanguageCode
Unknown (HEIG)

FileFlagsMask
0x003f

CharacterSet
Unknown (HTENED)

InitializedDataSize
126976

EntryPoint
0x13716

MIMEType
application/octet-stream

LegalCopyright
2014 (C) 2016

FileVersion
Developmentally 0,155,151,162

TimeStamp
2005:02:20 20:37:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Detergent

ProductVersion
0,188,2,187

FileDescription
Decree Igloo Diesels

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
iPass Incorporated

CodeSize
77824

ProductName
Grooms Detail

ProductVersionNumber
0.123.92.67

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fd931a4cf39c37e3f9c2d6bce26e3345
SHA1 b9229239a9a703f506e12cbe385cf39fd90d98e3
SHA256 de7d69bc8c76f8474ef7026622489f3d464d6355e6d4a6dac46956bc8d8bec5f
ssdeep
6144:97eQNTEMSGgpJUsrQK6iwCnh0Yz8BJlo:kQ11UJU3Wzh0zVo

authentihash 381f90354e6f501d847034abc5b56bf2b470aa122f14574ed634b9a136772129
imphash 01223344c0c6c81b2639f868d9f6ae61
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-02 11:08:01 UTC ( 3 years, 2 months ago )
Last submission 2016-02-02 11:08:01 UTC ( 3 years, 2 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!