× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e166d66b7a160e3b5d3db380b356553746ef0c1c06547db4271faf5d7b2f5266
File name: Surprise for playful boy.scr
Detection ratio: 9 / 46
Analysis date: 2013-08-25 03:07:29 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
AVG Generic34.BITB 20130824
ESET-NOD32 a variant of Win32/Injector.ALMI 20130824
Fortinet W32/Blocker.CDDR!tr 20130825
Ikarus Trojan-Ransom.Win32.PornoAsset 20130824
Kaspersky Trojan-Ransom.Win32.Blocker.cddr 20130825
Malwarebytes Trojan.Ransom.PARPE 20130825
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20130825
Sophos Mal/Generic-S 20130825
TrendMicro-HouseCall TROJ_NOSECUR.BMH 20130824
Agnitum 20130824
AhnLab-V3 20130824
AntiVir 20130824
Antiy-AVL 20130824
Avast 20130825
BitDefender 20130825
ByteHero 20130814
CAT-QuickHeal 20130824
ClamAV 20130825
Commtouch 20130825
Comodo 20130825
DrWeb 20130825
Emsisoft 20130825
F-Prot 20130825
F-Secure 20130825
GData 20130825
Jiangmin 20130824
K7AntiVirus 20130823
K7GW 20130823
Kingsoft 20130723
McAfee 20130825
MicroWorld-eScan 20130825
Microsoft 20130824
NANO-Antivirus 20130825
Norman 20130824
PCTools 20130824
Panda 20130824
Rising 20130823
SUPERAntiSpyware 20130824
Symantec 20130825
TheHacker 20130824
TotalDefense 20130823
TrendMicro 20130825
VBA32 20130824
VIPRE 20130825
ViRobot 20130825
nProtect 20130823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Description ????? ?????
Packers identified
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Link date 11:22 PM 6/19/1992
Entry Point 0x0005A001
Number of sections 10
PE sections
PE imports
RegQueryValueExA
GetProcAddress
GetModuleHandleA
LoadLibraryA
CoUninitialize
GetErrorInfo
VariantChangeTypeEx
MessageBoxA
GetKeyboardType
Number of PE resources by type
RT_ICON 8
RT_STRING 6
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH UK 9
NEUTRAL 7
RUSSIAN 1
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
301568

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:11:06 19:34:50+01:00

SubsystemVersion
4.0

OSVersion
1.0

FileCreateDate
2014:11:06 19:34:50+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
41472

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x5a001

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 98f0663892b2f369b1ceda324ce3e3b2
SHA1 d1b7ac634b777762b2b0526122320d29835a9909
SHA256 e166d66b7a160e3b5d3db380b356553746ef0c1c06547db4271faf5d7b2f5266
ssdeep
6144:afZswz4xLD4efFtYgeEa1Mr8hemcmo/X//foHcPssVGt5iLk2o2jeUHK+Kom/ER5:afGw41FiNXlePolswt8LRjBKZXC4LQt

authentihash a28dd2677b9a8a6ea7b3bb73d5f0b65ed5ce4170e0d31617455b73966437b704
imphash 847f3825f8802be64e6934f863c58dc6
File size 504.3 KB ( 516444 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.5%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe aspack

VirusTotal metadata
First submission 2013-08-23 17:06:00 UTC ( 1 year, 10 months ago )
Last submission 2013-08-25 03:07:29 UTC ( 1 year, 10 months ago )
File names Surprise for playful boy.scr
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Runtime DLLs