× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eada7765c8e95fe41a6453efbf160c8ab892b88f5ff1541ca7a4fa72bc26dd3b
File name: Adres_Degisikligi_Form.exe
Detection ratio: 1 / 56
Analysis date: 2015-09-08 12:04:05 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150908
Ad-Aware 20150908
AegisLab 20150908
Yandex 20150907
AhnLab-V3 20150908
Alibaba 20150902
ALYac 20150908
Antiy-AVL 20150908
Arcabit 20150905
Avast 20150908
AVG 20150908
Avira (no cloud) 20150908
AVware 20150901
Baidu-International 20150908
BitDefender 20150908
Bkav 20150908
ByteHero 20150908
CAT-QuickHeal 20150908
ClamAV 20150908
CMC 20150908
Comodo 20150908
Cyren 20150908
DrWeb 20150908
Emsisoft 20150908
ESET-NOD32 20150908
F-Prot 20150908
F-Secure 20150908
Fortinet 20150908
GData 20150908
Ikarus 20150908
Jiangmin 20150907
K7AntiVirus 20150908
K7GW 20150908
Kingsoft 20150908
Malwarebytes 20150908
McAfee 20150908
McAfee-GW-Edition 20150907
Microsoft 20150908
eScan 20150908
NANO-Antivirus 20150908
nProtect 20150908
Panda 20150908
Qihoo-360 20150908
Rising 20150906
Sophos AV 20150908
SUPERAntiSpyware 20150908
Symantec 20150907
Tencent 20150908
TheHacker 20150907
TrendMicro 20150908
TrendMicro-HouseCall 20150908
VBA32 20150907
VIPRE 20150908
ViRobot 20150908
Zillya 20150908
Zoner 20150908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-08-07 07:29:05
Entry Point 0x0000E976
Number of sections 4
PE sections
Overlays
MD5 acaf0d711c736cc91c186f2d6c43f1d4
File type data
Offset 479232
Size 170275
Entropy 7.97
PE imports
LookupPrivilegeValueA
CreatePrivateObjectSecurity
OpenServiceA
QueryServiceConfigA
SetPrivateObjectSecurity
OpenBackupEventLogW
IsTokenRestricted
AbortSystemShutdownW
LookupSecurityDescriptorPartsW
GetLengthSid
GetServiceKeyNameA
DeleteService
GetSecurityInfo
GetAclInformation
RegQueryValueExW
GetExplicitEntriesFromAclA
LookupAccountNameA
RegReplaceKeyA
LsaClose
QueryServiceStatus
RegConnectRegistryW
AddAccessAllowedAce
OpenEventLogA
ObjectPrivilegeAuditAlarmA
SetServiceObjectSecurity
RegisterEventSourceA
SetTokenInformation
ChangeServiceConfig2A
QueryServiceConfig2W
RegOpenKeyExA
SetFileSecurityA
LsaRetrievePrivateData
LsaEnumerateAccountRights
LsaEnumerateAccountsWithUserRight
BuildTrusteeWithNameW
LsaLookupNames
GetNamedSecurityInfoW
GetAuditedPermissionsFromAclW
GetSecurityDescriptorControl
ImpersonateSelf
RegEnumKeyExW
AccessCheck
LsaAddAccountRights
ReadEventLogW
BuildTrusteeWithNameA
AddAuditAccessAce
RegOverridePredefKey
SetSecurityInfo
NotifyChangeEventLog
ReadEventLogA
RevertToSelf
RegSaveKeyA
GetServiceDisplayNameW
RegSetValueExW
EnumDependentServicesW
ReportEventW
QueryServiceLockStatusW
RegEnumValueA
BackupEventLogW
SetThreadToken
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
Ord(3)
PropertySheetA
ImageList_BeginDrag
ImageList_Replace
FlatSB_SetScrollInfo
ImageList_SetImageCount
FlatSB_GetScrollRange
PropertySheetW
Ord(17)
Ord(5)
ImageList_SetDragCursorImage
InitCommonControlsEx
ImageList_DragMove
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
Ord(15)
FlatSB_ShowScrollBar
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_SetOverlayImage
_TrackMouseEvent
DestroyPropertySheetPage
FlatSB_EnableScrollBar
Ord(6)
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_GetImageInfo
ImageList_DragEnter
ImageList_Add
ImageList_Duplicate
InitializeFlatSB
ImageList_LoadImageW
ImageList_LoadImageA
CreatePropertySheetPageW
FlatSB_GetScrollPos
ImageList_DragShowNolock
CreatePropertySheetPageA
ImageList_Remove
Ord(16)
Ord(14)
ImageList_Copy
Ord(8)
ImageList_EndDrag
GetDIBColorTable
CreatePolygonRgn
DeleteEnhMetaFile
TextOutW
GetWindowOrgEx
SetBitmapBits
GetEnhMetaFileDescriptionA
GetGlyphOutlineW
GetCurrentPositionEx
FloodFill
SetICMProfileA
ResizePalette
Arc
AddFontResourceA
MaskBlt
GetEnhMetaFileW
CreateEnhMetaFileW
CreateICA
EnumFontsA
GetPixel
GetGlyphOutlineA
PaintRgn
GdiGetBatchLimit
GetSystemPaletteEntries
GetCharWidthW
GetStretchBltMode
StartPage
GetRegionData
FillPath
CreateMetaFileA
GdiComment
GetICMProfileW
CreateHatchBrush
FixBrushOrgEx
GetLogColorSpaceA
SelectObject
FillRgn
CreateEllipticRgn
FrameRgn
CreateBitmap
MoveToEx
CreatePalette
DrawEscape
GetPath
GetPolyFillMode
CreatePenIndirect
UnrealizeObject
SetArcDirection
ResetDCW
SetTextAlign
RectVisible
CreateCompatibleDC
PolyBezierTo
StretchBlt
EqualRgn
DeleteObject
GetCharWidthFloatA
CreateColorSpaceA
PolyTextOutW
GetTextExtentPoint32A
SetWindowExtEx
GetEnhMetaFileHeader
CreateBrushIndirect
CreateSolidBrush
GetKerningPairsA
WidenPath
ExtCreatePen
GetClipRgn
SetWinMetaFileBits
BeginPath
CreateFontA
SetRectRgn
DeleteMetaFile
FreeEnvironmentStringsA
GetDiskFreeSpaceA
GetModuleHandleA
LoadLibraryW
GetNamedPipeHandleStateA
GetLargestConsoleWindowSize
GetStartupInfoA
GetProcessTimes
EndUpdateResourceA
GetExpandedNameA
Ord(1775)
Ord(3825)
Ord(3147)
Ord(4080)
Ord(6375)
Ord(324)
Ord(3830)
Ord(4627)
Ord(2385)
Ord(3597)
Ord(3738)
Ord(4853)
Ord(2124)
Ord(6376)
Ord(3136)
Ord(2982)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(2055)
Ord(4234)
Ord(4353)
Ord(4079)
Ord(3081)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(2648)
Ord(5714)
Ord(2446)
Ord(4407)
Ord(4078)
Ord(641)
Ord(3346)
Ord(5289)
Ord(2396)
Ord(4622)
Ord(561)
Ord(5065)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(5261)
Ord(1576)
Ord(1727)
Ord(4486)
Ord(4425)
Ord(2554)
Ord(2985)
Ord(815)
Ord(1089)
Ord(1168)
Ord(5277)
Ord(2725)
Ord(4698)
Ord(4998)
Ord(3922)
Ord(2976)
Ord(5163)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(4673)
Ord(5731)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5302)
Ord(4465)
Ord(5300)
_except_handler3
_setmbcp
_acmdln
__CxxFrameHandler
__p__fmode
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
VarDecFromUI4
CreateStdDispatch
VarUI1FromBool
VarMul
VarCyNeg
VarCyCmp
SysAllocString
LPSAFEARRAY_UserUnmarshal
OleSavePictureFile
VarCyFromI2
VarCyFromI1
SafeArrayGetElemsize
VarImp
ClearCustData
VarDecSub
SafeArrayAccessData
VarDecMul
VarUI1FromUI4
LPSAFEARRAY_UserMarshal
VarI1FromUI1
VarPow
VarR8FromI1
VarR8FromI4
VARIANT_UserFree
VarI1FromI2
VarCySub
CreateTypeLib2
VarDecAdd
VarBstrFromBool
OleLoadPictureEx
VarUI4FromDec
SafeArrayGetRecordInfo
VariantTimeToSystemTime
SafeArrayCreate
VarUI1FromI2
VarBstrFromDisp
VarDecFromR4
SysReAllocString
VarDateFromStr
VarCat
VarDecFromI2
VarUI4FromR4
VarFix
VarI4FromCy
SafeArrayPutElement
VarDecFromI4
VarI4FromR4
VarCyFix
VarI2FromR8
OleLoadPicturePath
VarFormat
VarEqv
VarDateFromBool
VarI1FromDec
VariantInit
VarDateFromR4
CreateDispTypeInfo
VarI2FromUI1
GetRecordInfoFromGuids
VarR4FromDisp
SafeArrayAllocDescriptorEx
VarCyFromDec
GetRecordInfoFromTypeInfo
VarBoolFromI2
DosDateTimeToVariantTime
VarFormatFromTokens
VarInt
VarR4CmpR8
VarR8FromDate
VarFormatCurrency
VarCyAbs
SafeArrayCreateVector
SafeArrayGetVartype
VarR8Round
SysAllocStringLen
VarR4FromDate
VarCyFromDisp
RegisterActiveObject
VARIANT_UserSize
VarI4FromDisp
VarCyFromR4
VarI2FromDate
VarR4FromUI2
VarR4FromI1
VarR8Pow
VarR4FromI2
CreateTypeLib
SafeArrayGetIID
VarI1FromBool
SafeArrayAllocData
VarBstrFromI1
UnRegisterTypeLib
VariantCopyInd
VarI4FromUI4
LHashValOfNameSys
VarWeekdayName
VarUI4FromDate
VarBoolFromDec
VarCyFromStr
VarFormatNumber
SafeArrayCopyData
VarI2FromCy
VarUI1FromDec
VarUI4FromStr
VarDecFromBool
SafeArrayRedim
RegisterTypeLib
VarUI1FromDate
VarDecInt
SysReAllocStringLen
VarBstrFromR4
VarI2FromUI4
VarCyInt
SafeArrayGetDim
VarBstrFromR8
SysStringLen
VarOr
GetActiveObject
VarDecNeg
VarUI1FromStr
VarUI4FromUI1
RevokeActiveObject
VarUI2FromR4
VarI4FromStr
VarI2FromI4
VarBstrFromUI1
VarBstrFromUI2
VarDecFromCy
VarI1FromCy
VarDateFromI1
SafeArrayUnlock
VarDecCmpR8
VarDateFromI2
VarDateFromI4
VarNeg
VarR8FromUI1
SafeArrayCreateEx
VarR8FromUI2
VarI1FromDate
SafeArrayGetElement
VarCyFromDate
VarBoolFromUI1
VarMonthName
VarBoolFromUI2
VarBoolFromUI4
VarUI2FromI4
VarI1FromR4
VarR4FromUI4
VarDecFromDate
VarR4FromUI1
VarDateFromDec
VarI4FromUI2
BSTR_UserSize
DispGetParam
VarAdd
VarUI4FromCy
VarNot
VarR8FromCy
VarCyFromUI4
VarFormatPercent
VarDiv
VarI1FromStr
VarFormatDateTime
VarDateFromUI4
VarUI2FromCy
EnableWindow
DdeUninitialize
Number of PE resources by type
RT_ICON 13
RT_ACCELERATOR 13
RT_DIALOG 6
RT_GROUP_ICON 4
RT_MENU 3
RT_VERSION 1
Number of PE resources by language
ARABIC LEBANON 18
ENGLISH ZIMBABWE 12
ENGLISH AUS 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

FileOS
Win32

TimeStamp
2007:08:07 08:29:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
6.0

FileSubtype
0

ProductVersionNumber
0.113.149.228

FileTypeExtension
exe

InitializedDataSize
417792

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileVersionNumber
0.62.183.17

EntryPoint
0xe976

UninitializedDataSize
0

ObjectFileType
Executable application

File identification
MD5 9d1a8423bbd48ce60bda416c516ad7c2
SHA1 90298a5d791f0678a46e3ac6e1cfbd6e54592654
SHA256 eada7765c8e95fe41a6453efbf160c8ab892b88f5ff1541ca7a4fa72bc26dd3b
ssdeep
12288:DFneDxstQ7VNjrqq6awe8X5yDMvu1XKMNsfPhg7gKBTliRx+Ne7S2:5eDPJNHBD8X5yDMvVMNsfPhgRlloxc2

authentihash 69439f5b9db039a459fd8ab99eda846309d3463fc6cce15a59daa0dec59c8400
imphash 61c930fa60f781f3da6a5168b6361532
File size 634.3 KB ( 649507 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-08 12:04:05 UTC ( 3 years, 6 months ago )
Last submission 2015-09-16 19:37:37 UTC ( 3 years, 6 months ago )
File names Adres_Degisikligi_Form.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs