× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f36625c93426b0f1dbb137ada8629ace76f73de61499a03ed1e0e1acbe7cdf3e
File name: GOLAYA-SEXY.exe
Detection ratio: 7 / 46
Analysis date: 2013-01-31 11:58:45 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Bicololo.A 20130131
Ikarus Trojan.Win32.Meredrop 20130131
Jiangmin Trojan/StartPage.bim 20121221
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20130131
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20130131
Norman Bicololo.PT 20130131
TrendMicro-HouseCall TROJ_GEN.F47V0131 20130131
Yandex 20130130
AhnLab-V3 20130131
AntiVir 20130131
Antiy-AVL 20130131
Avast 20130131
AVG 20130131
BitDefender 20130131
ByteHero 20130123
CAT-QuickHeal 20130131
ClamAV 20130131
Commtouch 20130131
Comodo 20130131
DrWeb 20130131
Emsisoft 20130131
eSafe 20130131
F-Prot 20130131
F-Secure 20130131
Fortinet 20130131
GData 20130131
K7AntiVirus 20130130
Kingsoft 20130131
Malwarebytes 20130131
McAfee 20130131
Microsoft 20130131
eScan 20130131
NANO-Antivirus 20130131
nProtect 20130131
Panda 20130131
PCTools 20130131
Rising 20130131
Sophos AV 20130131
SUPERAntiSpyware 20130131
Symantec 20130131
TheHacker 20130129
TotalDefense 20130131
TrendMicro 20130131
VBA32 20130130
VIPRE 20130131
ViRobot 20130131
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
ringoo ho kjsaq

Publisher ringoo ho kjsaq
File version 4tobi 4roro uvidet
Description nada rano vsavat 4tobi 4roro uvidet Installation
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00017D64
Number of sections 8
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
GetUserNameA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
FDIDestroy
FDICreate
FDICopy
ImageList_SetBkColor
ImageList_Draw
ImageList_Create
InitCommonControls
SetDIBits
AddFontResourceA
OffsetRgn
SaveDC
CreateFontIndirectA
CombineRgn
SetStretchBltMode
GetPixel
GetObjectA
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
SetPixel
CreateSolidBrush
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
MoveToEx
GetStockObject
CreateBrushIndirect
GetDIBits
ExtSelectClipRgn
SetBrushOrgEx
CreateCompatibleDC
StretchBlt
StretchDIBits
SetROP2
CreateRectRgn
SelectObject
GetTextExtentPoint32A
CreateCompatibleBitmap
SetWindowOrgEx
SetBkColor
DeleteObject
SetRectRgn
GetLastError
HeapFree
DosDateTimeToFileTime
GetUserDefaultLangID
FileTimeToSystemTime
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
ExitProcess
CreateDirectoryA
GetVersionExA
RemoveDirectoryA
GetFileSize
RtlUnwind
LoadLibraryA
WinExec
GetDiskFreeSpaceA
GetDateFormatA
FileTimeToLocalFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
OpenProcess
SetFileTime
ExpandEnvironmentStringsA
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
GetShortPathNameA
GetCommandLineA
GetProcAddress
GetProcessHeap
GetFullPathNameA
GetFileTime
SetFilePointer
GetTempPathA
RaiseException
CloseHandle
WideCharToMultiByte
GetModuleHandleA
ReadFile
DeleteFileA
WriteFile
GetCurrentProcess
FindFirstFileA
GetTimeFormatA
GetComputerNameA
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
GetVersion
SetFileAttributesA
GetExitCodeProcess
TerminateProcess
GetModuleFileNameA
GlobalAlloc
LocalFileTimeToFileTime
FindClose
TlsGetValue
Sleep
FormatMessageA
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
GetCurrentThread
SetCurrentDirectoryA
CompareStringA
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
OleInitialize
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
EnableWindow
GetWindowRgn
SetPropA
BeginPaint
OffsetRect
GetCapture
CheckRadioButton
KillTimer
RemovePropA
PostQuitMessage
DefWindowProcA
ShowWindow
GetPropA
SetWindowPos
FindWindowA
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
DispatchMessageA
ScreenToClient
PostMessageA
DrawIcon
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
wvsprintfA
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
GetDC
GetKeyState
GetCursorPos
ReleaseDC
WaitMessage
GetClassInfoA
DestroyIcon
CreateWindowExA
DeleteMenu
SetParent
CopyImage
IsWindowVisible
IsZoomed
EnumWindows
SendMessageA
GetWindowTextA
GetClientRect
GetDCEx
CharLowerBuffA
IsIconic
RegisterClassA
GetClassLongA
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
DrawTextA
ClientToScreen
FillRect
GetUpdateRgn
ValidateRect
CallWindowProcA
GetSystemMenu
GetFocus
EndPaint
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
timeKillEvent
timeSetEvent
Number of PE resources by type
RT_ICON 9
RT_RCDATA 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 12
RUSSIAN 2
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
107008

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4tobi 4roro uvidet

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
nada rano vsavat 4tobi 4roro uvidet Installation

OSVersion
4.0

FileOS
Win32

LegalCopyright
ringoo ho kjsaq

MachineType
Intel 386 or later, and compatibles

CompanyName
ringoo ho kjsaq

CodeSize
93696

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x17d64

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 50fc267b0b04b2544bbdfee404cee1b1
SHA1 074a49ee75ddac23c0a4d7d74e0cdec90978bb0c
SHA256 f36625c93426b0f1dbb137ada8629ace76f73de61499a03ed1e0e1acbe7cdf3e
ssdeep
3072:mBAp5XhKpN4eOyVTGfhEClj8jTk+0hu/MEPmWBMmvtGEcKJy9HnuthV9h+f2C8w2:dbXE9OiTGfhEClq9KEpp

File size 203.7 KB ( 208610 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (59.5%)
Win32 Executable Delphi generic (20.2%)
Win32 Executable Generic (11.7%)
Win16/32 Executable Delphi generic (2.8%)
Generic Win/DOS Executable (2.7%)
Tags
peexe bobsoft

VirusTotal metadata
First submission 2013-01-31 08:18:05 UTC ( 4 years, 11 months ago )
Last submission 2013-02-03 12:09:55 UTC ( 4 years, 11 months ago )
File names GOLAYA-RUSSKAYA.exe
aa
faHhoJG.vsd
GOLAYA-TOPLESS.exe
RUSSKAYA-GOLAYA.exe
GOLAYA-PHOTO.exe
50fc267b0b04b2544bbdfee404cee1b1
GOLAYA-DEVOCHKA.exe
GOLAYA-SEXY.exe
264b2dafc5738286f342ad40b111e9b1e119dd13
PHOTO-DEVOCHKA.exe
PHOTO-GOLAYA.exe
GOLAYA-BABE.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections