× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e166d66b7a160e3b5d3db380b356553746ef0c1c06547db4271faf5d7b2f5266
File name: Surprise for playful boy.scr
Detection ratio: 9 / 46
Analysis date: 2013-08-25 03:07:29 UTC ( 7 months, 4 weeks ago )
Antivirus Result Update
AVG Generic34.BITB 20130824
ESET-NOD32 a variant of Win32/Injector.ALMI 20130824
Fortinet W32/Blocker.CDDR!tr 20130825
Ikarus Trojan-Ransom.Win32.PornoAsset 20130824
Kaspersky Trojan-Ransom.Win32.Blocker.cddr 20130825
Malwarebytes Trojan.Ransom.PARPE 20130825
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20130825
Sophos Mal/Generic-S 20130825
TrendMicro-HouseCall TROJ_NOSECUR.BMH 20130824
Agnitum 20130824
AhnLab-V3 20130824
AntiVir 20130824
Antiy-AVL 20130824
Avast 20130825
BitDefender 20130825
ByteHero 20130814
CAT-QuickHeal 20130824
ClamAV 20130825
Commtouch 20130825
Comodo 20130825
DrWeb 20130825
Emsisoft 20130825
F-Prot 20130825
F-Secure 20130825
GData 20130825
Jiangmin 20130824
K7AntiVirus 20130823
K7GW 20130823
Kingsoft 20130723
McAfee 20130825
MicroWorld-eScan 20130825
Microsoft 20130824
NANO-Antivirus 20130825
Norman 20130824
PCTools 20130824
Panda 20130824
Rising 20130823
SUPERAntiSpyware 20130824
Symantec 20130825
TheHacker 20130824
TotalDefense 20130823
TrendMicro 20130825
VBA32 20130824
VIPRE 20130825
ViRobot 20130825
nProtect 20130823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Authenticode signature block
Description ????? ?????
Packers identified
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0005A001
Number of sections 10
PE sections
PE imports
RegQueryValueExA
GetProcAddress
GetModuleHandleA
LoadLibraryA
CoUninitialize
GetErrorInfo
VariantChangeTypeEx
MessageBoxA
GetKeyboardType
Number of PE resources by type
RT_ICON 8
RT_STRING 6
RT_VERSION 1
RT_GROUP_ICON 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH UK 9
NEUTRAL 7
RUSSIAN 1
Compressed bundles
File identification
MD5 98f0663892b2f369b1ceda324ce3e3b2
SHA1 d1b7ac634b777762b2b0526122320d29835a9909
SHA256 e166d66b7a160e3b5d3db380b356553746ef0c1c06547db4271faf5d7b2f5266
ssdeep
6144:afZswz4xLD4efFtYgeEa1Mr8hemcmo/X//foHcPssVGt5iLk2o2jeUHK+Kom/ER5:afGw41FiNXlePolswt8LRjBKZXC4LQt

File size 504.3 KB ( 516444 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.5%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe aspack

VirusTotal metadata
First submission 2013-08-23 17:06:00 UTC ( 7 months, 4 weeks ago )
Last submission 2013-08-25 03:07:29 UTC ( 7 months, 4 weeks ago )
File names Surprise for playful boy.scr
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!