× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4c10c0d8d567a4247ad636664ba42a4cd2a7c6ce8ff484532e061f24666b28d
File name: 08b7059fc9b007353d2b835a85407d116840be41
Detection ratio: 3 / 55
Analysis date: 2015-11-29 03:11:45 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20151128
Malwarebytes Trojan.Crypt 20151129
Qihoo-360 QVM07.1.Malware.Gen 20151129
Ad-Aware 20151129
AegisLab 20151128
Yandex 20151128
AhnLab-V3 20151128
Alibaba 20151127
ALYac 20151129
Antiy-AVL 20151129
Arcabit 20151129
Avast 20151129
AVG 20151129
Avira (no cloud) 20151128
AVware 20151129
Baidu-International 20151128
BitDefender 20151129
Bkav 20151128
ByteHero 20151129
CAT-QuickHeal 20151128
ClamAV 20151129
CMC 20151127
Comodo 20151129
Cyren 20151129
DrWeb 20151129
Emsisoft 20151129
F-Prot 20151129
F-Secure 20151128
Fortinet 20151128
GData 20151129
Ikarus 20151128
Jiangmin 20151128
K7AntiVirus 20151129
K7GW 20151128
Kaspersky 20151129
McAfee 20151129
McAfee-GW-Edition 20151128
Microsoft 20151128
eScan 20151129
NANO-Antivirus 20151129
nProtect 20151127
Panda 20151128
Rising 20151128
Sophos AV 20151129
SUPERAntiSpyware 20151129
Symantec 20151128
TheHacker 20151127
TotalDefense 20151128
TrendMicro 20151129
TrendMicro-HouseCall 20151129
VBA32 20151129
VIPRE 20151129
ViRobot 20151128
Zillya 20151127
Zoner 20151129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-12-05 03:37:18
Entry Point 0x00015C0A
Number of sections 4
PE sections
Overlays
MD5 72ffd04474a00e89f5ef4f2dd6313bf5
File type data
Offset 245760
Size 2143
Entropy 6.19
PE imports
SetSecurityDescriptorDacl
GetSidSubAuthority
BuildExplicitAccessWithNameA
GetFileSecurityA
MakeSelfRelativeSD
DuplicateToken
BuildImpersonateTrusteeA
GetSecurityDescriptorSacl
SetTokenInformation
GetPrivateObjectSecurity
RegOpenKeyExA
MapGenericMask
ImageList_SetOverlayImage
Ord(6)
ImageList_ReplaceIcon
ImageList_SetDragCursorImage
ImageList_DragShowNolock
SetWinMetaFileBits
AddFontResourceA
CreateRectRgnIndirect
SetMetaFileBitsEx
GlobalSize
CompareStringW
GetStartupInfoA
GetCommandLineW
CreateProcessA
GlobalDeleteAtom
GetPrivateProfileStringA
GetProcessShutdownParameters
GetSystemInfo
GetModuleHandleA
GlobalFree
GetLargestConsoleWindowSize
GetOEMCP
GetCurrentProcess
GetTempPathW
GetSystemDefaultLangID
GetThreadLocale
GlobalAlloc
GetThreadPriorityBoost
GetShortPathNameA
GetCurrentThread
LZStart
__p__fmode
_acmdln
_adjust_fdiv
_eof
__p__commode
scanf
_getdrive
isgraph
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
LPSAFEARRAY_UserSize
CreateIconFromResourceEx
CreateIconFromResource
PrintDlgA
GetSaveFileNameA
ChooseFontA
Number of PE resources by type
RT_DIALOG 9
RT_ICON 5
RT_GROUP_ICON 5
Struct(111) 1
Jd0w0 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 11
TAMIL DEFAULT 11
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.173.131.63

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4362240

EntryPoint
0x15c0a

OriginalFileName
Trendier.exe

MIMEType
application/octet-stream

LegalCopyright
Severing (C) 2017

FileVersion
0,36,29,244

TimeStamp
2007:12:05 04:37:18+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,60,15,112

FileDescription
Rewind

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
InFocus AS

CodeSize
86016

FileSubtype
0

ProductVersionNumber
0.151.146.170

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 562fb91ef33da8fd63d118d4d21e0b06
SHA1 08b7059fc9b007353d2b835a85407d116840be41
SHA256 e4c10c0d8d567a4247ad636664ba42a4cd2a7c6ce8ff484532e061f24666b28d
ssdeep
3072:4e0Fu+xTtahfcA+lY8i358HIct+QjyFnIQjGiAk8VPOuOpLBxr/EJDgXQngW:9xU0b60PFjG/kGOuOpLB9/Y3

authentihash b36424efd23fd09a6a70e0e53fae68aba80aaf8e7bdf0fbc3267db9619963133
imphash 35431ef057192d0ef025f1a00bb72bca
File size 242.1 KB ( 247903 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-29 03:11:45 UTC ( 3 years, 2 months ago )
Last submission 2015-11-29 03:11:45 UTC ( 3 years, 2 months ago )
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00JC0DL115.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections