× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea62d16f13d14eeda2bdefd7cfebf7c77a9a3bb11a5886440cfc669a6f9ff629
File name: Fax_00491175.scr
Detection ratio: 5 / 57
Analysis date: 2015-05-19 12:20:54 UTC ( 4 years ago ) View latest
Antivirus Result Update
ByteHero Virus.Win32.Heur.c 20150519
K7GW Trojan ( 700001211 ) 20150519
McAfee Downloader-FAUU!A6AA82995F4C 20150519
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150519
Tencent Trojan.Win32.Qudamah.Gen.2 20150519
Ad-Aware 20150519
AegisLab 20150519
Yandex 20150518
AhnLab-V3 20150518
Alibaba 20150519
ALYac 20150519
Antiy-AVL 20150519
Avast 20150519
AVG 20150519
Avira (no cloud) 20150519
AVware 20150519
Baidu-International 20150519
BitDefender 20150519
Bkav 20150519
CAT-QuickHeal 20150519
ClamAV 20150519
CMC 20150518
Comodo 20150519
Cyren 20150519
DrWeb 20150519
Emsisoft 20150519
ESET-NOD32 20150519
F-Prot 20150519
F-Secure 20150519
Fortinet 20150519
GData 20150519
Ikarus 20150519
Jiangmin 20150518
K7AntiVirus 20150519
Kaspersky 20150519
Kingsoft 20150519
Malwarebytes 20150519
McAfee-GW-Edition 20150519
Microsoft 20150519
eScan 20150519
NANO-Antivirus 20150519
Norman 20150519
nProtect 20150519
Panda 20150518
Rising 20150519
Sophos AV 20150519
SUPERAntiSpyware 20150519
Symantec 20150519
TheHacker 20150518
TotalDefense 20150524
TrendMicro 20150519
TrendMicro-HouseCall 20150519
VBA32 20150519
VIPRE 20150519
ViRobot 20150519
Zillya 20150518
Zoner 20150518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-10-28 22:08:58
Entry Point 0x00001000
Number of sections 6
PE sections
Overlays
MD5 393a0fa0f348fb03871ab93726057ddc
File type MMDF mailbox
Offset 50688
Size 512
Entropy 0.00
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1997:10:28 23:08:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
3.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x1000

InitializedDataSize
86016

SubsystemVersion
5.0

ImageVersion
4.0

OSVersion
6.1

UninitializedDataSize
438272

Compressed bundles
File identification
MD5 a6aa82995f4cb2bd29cdddedd3572461
SHA1 be4a4b17197db25979c3e854141028ecddbeb265
SHA256 ea62d16f13d14eeda2bdefd7cfebf7c77a9a3bb11a5886440cfc669a6f9ff629
ssdeep
768:R57iAeWzfLlaFqVe+MfszKe9dMMs7HTr/j2/Bz//P2YP6il5:R57iA9Bsqg+JFdMMs/mBP6ib

authentihash 0095d35af5cfd9e2448ae517a1aaca5cde3dca33b53023cb4f7337bd3d2ef4ac
File size 50.0 KB ( 51200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-05-19 12:00:05 UTC ( 4 years ago )
Last submission 2015-08-13 15:22:34 UTC ( 3 years, 9 months ago )
File names a6aa82995f4cb2bd29cdddedd3572461.scr
Fax_00491175.scr
Fax_00491175.scr
Fax_00491175_scr
a6aa82995f4cb2bd29cdddedd3572461.exe
Fax_00491175vcr
Fax_00491175.bin
Fax_00491175_SCR.bin
a6aa82995f4cb2bd29cdddedd3572461
EA62D16F13D14EEDA2BDEFD7CFEBF7C77A9A3BB11A5886440CFC669A6F9FF629.EXE
Fax_00491175.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs