× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f0264619456d20cc36afba2c18f65cb7ba06b518421a3ce336b144622a111359
File name: 388707_304019782967678_1371539363240931_76888_135985994_ser‮gpj.scr
Detection ratio: 15 / 43
Analysis date: 2012-03-08 20:03:28 UTC ( 5 years, 8 months ago ) View latest
Antivirus Result Update
CAT-QuickHeal (Suspicious) - DNAScan 20120308
Comodo UnclassifiedMalware 20120308
Emsisoft Worm.Win32.VBNA!IK 20120308
eSafe Win32.Injector.Oap 20120308
Ikarus Worm.Win32.VBNA 20120308
K7AntiVirus Riskware 20120308
McAfee Artemis!2838BF29FE88 20120307
Microsoft Backdoor:Win32/Fynloski.A 20120308
NOD32 probably a variant of Win32/Injector.OAP 20120308
Norman W32/Suspicious_Gen4.QPRU 20120308
Panda Trj/CI.A 20120308
Symantec WS.Reputation.1 20120308
TrendMicro BKDR_ZAPCHAST.SG 20120308
TrendMicro-HouseCall BKDR_ZAPCHAST.SG 20120308
VIPRE Trojan.Win32.Generic!BT 20120308
AhnLab-V3 20120308
AntiVir 20120308
Antiy-AVL 20120305
Avast 20120308
AVG 20120308
BitDefender 20120308
ByteHero 20120307
ClamAV 20120308
Commtouch 20120308
DrWeb 20120308
eTrust-Vet 20120308
F-Prot 20120308
F-Secure 20120308
Fortinet 20120308
GData 20120308
Jiangmin 20120301
Kaspersky 20120308
McAfee-GW-Edition 20120308
nProtect 20120308
PCTools 20120228
Prevx 20120308
Rising 20120308
Sophos AV 20120308
SUPERAntiSpyware 20120308
TheHacker 20120308
VBA32 20120307
ViRobot 20120308
VirusBuster 20120308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command RAR
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-07 06:40:20
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 646b96c9b9eae1bb73e670bb12b1ae74
File type application/x-rar
Offset 584704
Size 319335
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 3
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL DEFAULT 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:12:07 07:40:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0xb3c1

InitializedDataSize
510976

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 2838bf29fe88edfd70d1cee4b8551c74
SHA1 aa532e16fe61bd5facab84374adb0402997bff11
SHA256 f0264619456d20cc36afba2c18f65cb7ba06b518421a3ce336b144622a111359
ssdeep
24576:+xaVxr51GPLXUTyqt9eqdNdmVSBnTLeLZ:+HLXct9e2NlnTLeLZ

authentihash 2526cd41b5cc080b15d5cc8f83809ad12935d4dcc5f34dabf4248f00b5d4ecb5
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 882.9 KB ( 904039 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-02-23 20:32:33 UTC ( 5 years, 8 months ago )
Last submission 2016-10-04 17:49:12 UTC ( 1 year, 1 month ago )
File names 2838bf29fe88edfd70d1cee4b8551c74.PE_
9_NOT_DETECTED.exe
6639a0cf-7752-4549-af13-4d56d5db7cd2
aa532e16fe61bd5facab84374adb0402997bff11
05
2838BF29FE88EDFD70D1CEE4B8551C74
388707_304019782967678_1371539363240931_76888_135985994_ser‮gpj.scr
fef6d3c6-f95d-4da1-aaff-4e5d8b4906eb
388707_304019782967678_1371539363240931_76888_135985994_ser
2838bf29fe88edfd70d1cee4b8551c74
vti-rescan
file-3826791_
1371539363240931_76888_135985994_ser.gpj.scr
3b9f8586-5656-41f0-abdd-6faf7b83b563
53944e34-ed95-42f3-80de-de7ec299bab1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!