× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec80290064cdcad4d20ac6b610d26f1bc93bc7588815f277b946692a1c9b9f44
File name: REFURBISHMENT 7015295.scr
Detection ratio: 3 / 56
Analysis date: 2015-09-17 12:14:54 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Arcabit Trojan.D 20150917
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150917
Rising PE:Malware.RDM.46!5.34[F1] 20150916
Ad-Aware 20150917
AegisLab 20150917
Yandex 20150916
AhnLab-V3 20150916
Alibaba 20150917
ALYac 20150917
Antiy-AVL 20150917
Avast 20150917
AVG 20150917
Avira (no cloud) 20150917
AVware 20150917
Baidu-International 20150917
BitDefender 20150917
Bkav 20150917
ByteHero 20150917
CAT-QuickHeal 20150916
ClamAV 20150917
CMC 20150916
Comodo 20150917
Cyren 20150917
DrWeb 20150917
Emsisoft 20150917
ESET-NOD32 20150917
F-Prot 20150917
F-Secure 20150917
Fortinet 20150917
GData 20150917
Ikarus 20150917
Jiangmin 20150916
K7AntiVirus 20150917
K7GW 20150917
Kaspersky 20150917
Kingsoft 20150917
Malwarebytes 20150917
McAfee 20150917
McAfee-GW-Edition 20150916
Microsoft 20150917
eScan 20150917
NANO-Antivirus 20150917
nProtect 20150917
Panda 20150917
Sophos AV 20150917
SUPERAntiSpyware 20150917
Symantec 20150916
Tencent 20150917
TheHacker 20150916
TrendMicro 20150917
TrendMicro-HouseCall 20150917
VBA32 20150916
VIPRE 20150917
ViRobot 20150917
Zillya 20150916
Zoner 20150917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-23 10:02:20
Entry Point 0x00003291
Number of sections 3
PE sections
PE imports
GetStartupInfoA
HeapFree
CreateThread
lstrlenA
LoadResource
LockResource
GetCommandLineW
ExitProcess
HeapAlloc
GetLocalTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
FindResourceA
GetModuleHandleA
GetProcessHeap
CommandLineToArgvW
GetMessageA
CreateWindowExA
LoadIconA
DrawTextA
LoadStringA
DispatchMessageA
EndPaint
BeginPaint
PostMessageA
SendMessageA
DefWindowProcA
GetClientRect
TranslateMessage
PostQuitMessage
ShowWindow
DestroyWindow
UpdateWindow
RegisterClassExA
WTSRegisterSessionNotification
WTSVirtualChannelRead
WTSWaitSystemEvent
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DUTCH 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
25600

ImageVersion
0.0

ProductName
PrimeTime Inc. watcher

FileVersionNumber
1.0.2.5

LanguageCode
Manipuri

FileFlagsMask
0x0000

FileDescription
Components PrimeTime Inc.

CharacterSet
Unknown (1690)

LinkerVersion
1.7

FileTypeExtension
exe

OriginalFileName
watcher.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.2.5

TimeStamp
2015:03:23 11:02:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PrimeTime Inc. Components

ProductVersion
1.0.2.5

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Components patcher all 2014-2015 PrimeTime Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
PrimeTime Inc.

CodeSize
10752

FileSubtype
0

ProductVersionNumber
1.0.2.5

EntryPoint
0x3291

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 eb1c6c06ee09d5df871ed4c4016122a8
SHA1 c4bb8189050900a10687ff9d493087e90466e4c7
SHA256 ec80290064cdcad4d20ac6b610d26f1bc93bc7588815f277b946692a1c9b9f44
ssdeep
768:O/P5X1PQrY84ftf/aV8PWqHEjtEZInPiMXTIq6EzUEG3cElDEnrAEEd97cilZEGA:O/h1s6f1zXHEjtEZInPiMXTIq6EzUEG0

authentihash 0e1bd9df32c7d3efcf91b757eb23b76f57155a6b3fb086afa382fb6078818079
imphash e57b96a4193f6a60977e9b656038ba81
File size 36.5 KB ( 37376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-17 11:07:01 UTC ( 3 years, 8 months ago )
Last submission 2015-09-19 11:17:40 UTC ( 3 years, 8 months ago )
File names gli8Va4.dwg
REFURBISHMENT 7015295.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs