× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f471ecfbf65fb636ac92abd20778c669ec190398b2c09a9dbfe7650a8dc22af1
File name: 777_government_777_1.exe
Detection ratio: 2 / 50
Analysis date: 2014-03-25 13:13:16 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Malwarebytes Trojan.Agent.ED 20140325
Qihoo-360 Malware.QVM19.Gen 20140325
Ad-Aware 20140325
AegisLab 20140325
Yandex 20140325
AhnLab-V3 20140324
AntiVir 20140325
Antiy-AVL 20140324
Avast 20140325
AVG 20140325
Baidu-International 20140325
BitDefender 20140325
Bkav 20140325
ByteHero 20140325
CAT-QuickHeal 20140325
ClamAV 20140325
CMC 20140319
Commtouch 20140325
Comodo 20140325
DrWeb 20140325
Emsisoft 20140325
ESET-NOD32 20140325
F-Prot 20140325
F-Secure 20140325
Fortinet 20140325
GData 20140325
Ikarus 20140325
Jiangmin 20140325
K7AntiVirus 20140324
K7GW 20140324
Kaspersky 20140325
Kingsoft 20130829
McAfee 20140325
McAfee-GW-Edition 20140325
Microsoft 20140325
eScan 20140325
NANO-Antivirus 20140325
Norman 20140325
nProtect 20140325
Panda 20140324
Rising 20140325
Sophos AV 20140325
SUPERAntiSpyware 20140324
Symantec 20140325
TheHacker 20140325
TotalDefense 20140325
TrendMicro 20140325
TrendMicro-HouseCall 20140325
VBA32 20140325
VIPRE 20140325
ViRobot 20140325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT 7Z, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-06-02 22:50:56
Entry Point 0x0000505A
Number of sections 4
PE sections
PE imports
SetPixel
Ellipse
GetModuleFileNameW
CreateFileW
GetStartupInfoW
CreateFileA
GetModuleFileNameA
GetModuleHandleW
Ord(3820)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(402)
Ord(4298)
Ord(5298)
Ord(4462)
Ord(2980)
Ord(6371)
Ord(2374)
Ord(6113)
Ord(5237)
Ord(4073)
Ord(4128)
Ord(6048)
Ord(5996)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(4422)
Ord(5236)
Ord(4523)
Ord(5208)
Ord(5727)
Ord(2093)
Ord(3744)
Ord(4148)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(4717)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(2119)
Ord(641)
Ord(3917)
Ord(3449)
Ord(2388)
Ord(5256)
Ord(338)
Ord(5099)
Ord(289)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(4381)
Ord(1165)
Ord(2486)
Ord(617)
Ord(825)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(5251)
Ord(4401)
Ord(2874)
Ord(540)
Ord(4335)
Ord(4692)
Ord(5649)
Ord(4431)
Ord(1767)
Ord(2371)
Ord(975)
Ord(4480)
Ord(4229)
Ord(401)
Ord(823)
Ord(4240)
Ord(529)
Ord(4269)
Ord(1937)
Ord(4537)
Ord(1851)
Ord(4958)
Ord(813)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(5468)
Ord(5250)
Ord(2875)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(554)
Ord(2047)
Ord(2109)
Ord(2619)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(3864)
Ord(4268)
Ord(3053)
Ord(796)
Ord(1850)
Ord(5095)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(4158)
Ord(4606)
Ord(800)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(3346)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(1089)
Ord(4421)
Ord(2383)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4451)
Ord(5273)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(1658)
Ord(324)
Ord(560)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5239)
Ord(5096)
Ord(1720)
Ord(4075)
Ord(4147)
Ord(652)
Ord(5094)
Ord(4420)
Ord(1131)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(2546)
Ord(4583)
Ord(5280)
Ord(6617)
Ord(807)
Ord(561)
Ord(4292)
Ord(411)
Ord(3054)
Ord(6372)
Ord(3131)
Ord(2375)
Ord(4154)
Ord(5059)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(613)
Ord(976)
Ord(2437)
Ord(296)
Ord(2356)
Ord(4418)
Ord(5286)
Ord(4690)
Ord(5098)
__p__fmode
malloc
__wgetmainargs
_ftol
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_controlfp
_wcmdln
_adjust_fdiv
__CxxFrameHandler
__p__commode
_initterm
_exit
__set_app_type
EnableWindow
GetClientRect
UpdateWindow
InvalidateRect
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1970:06:02 23:50:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2415939585

LinkerVersion
2.0

FileAccessDate
2014:03:25 14:14:03+01:00

EntryPoint
0x505a

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
0.0

FileCreateDate
2014:03:25 14:14:03+01:00

UninitializedDataSize
65536

File identification
MD5 87562e21fdbf67a70770f263c9991b71
SHA1 da894d814bcc8c36cad618846b52bf637f0c7f1b
SHA256 f471ecfbf65fb636ac92abd20778c669ec190398b2c09a9dbfe7650a8dc22af1
ssdeep
6144:IlAkDxy747G3JbQa6kVrkU9ypnzW17k0YcKy3F2Jf+KLAiM:IlAkoR6IrkU9QnzW17kGKYK0

imphash 5a01dab06b5f649e8c0339c51f29339a
File size 291.3 KB ( 298297 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-25 13:13:16 UTC ( 4 years, 8 months ago )
Last submission 2014-03-25 13:13:16 UTC ( 4 years, 8 months ago )
File names 777_government_777_1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!