× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f64434efd243e1a099ed4dee008286caebfcf407b245f72c5ec59222995702f4
File name: 5518707_304019782967678_137153936323931_76888_135985994_ser‮gpj.scr
Detection ratio: 12 / 43
Analysis date: 2012-03-08 20:04:50 UTC ( 5 years, 4 months ago ) View latest
Antivirus Result Update
CAT-QuickHeal (Suspicious) - DNAScan 20120308
Comodo UnclassifiedMalware 20120308
Emsisoft Worm.Win32.VBNA!IK 20120308
Ikarus Worm.Win32.VBNA 20120308
K7AntiVirus Riskware 20120308
Microsoft Backdoor:Win32/Fynloski.A 20120308
NOD32 probably a variant of Win32/Injector.OAP 20120308
Panda Trj/CI.A 20120308
Symantec WS.Reputation.1 20120308
TrendMicro BKDR_ZAPCHAST.SG 20120308
TrendMicro-HouseCall BKDR_ZAPCHAST.SG 20120308
VIPRE Trojan.Win32.Generic!BT 20120308
AhnLab-V3 20120308
AntiVir 20120308
Antiy-AVL 20120305
Avast 20120308
AVG 20120308
BitDefender 20120308
ByteHero 20120307
ClamAV 20120308
Commtouch 20120308
DrWeb 20120308
eSafe 20120308
eTrust-Vet 20120308
F-Prot 20120308
F-Secure 20120308
Fortinet 20120308
GData 20120308
Jiangmin 20120301
Kaspersky 20120308
McAfee 20120307
McAfee-GW-Edition 20120308
Norman 20120308
nProtect 20120308
PCTools 20120228
Prevx 20120308
Rising 20120308
Sophos AV 20120308
SUPERAntiSpyware 20120308
TheHacker 20120308
VBA32 20120307
ViRobot 20120308
VirusBuster 20120308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-07 06:40:20
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 420c735601d1d8af8910433969894c76
File type application/x-rar
Offset 763392
Size 264681
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL DEFAULT 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:12:07 07:40:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0xb3c1

InitializedDataSize
689664

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 bb52415e659df7786b68d741a7a20162
SHA1 1f0b1ff86832f3686687e92a2a1d2e05571b6f93
SHA256 f64434efd243e1a099ed4dee008286caebfcf407b245f72c5ec59222995702f4
ssdeep
24576:9xaVxr5BvcoxBEHjqMTCJlnGSzsqc5ufiVyeWgF0i0/Y2dmVSBnTLeLJ:90s5WblnTLeLJ

authentihash 6e1326c711eea6b4d138bf66cd86b3e79255b7be5b7c6310143b76ace898e7c1
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 1004.0 KB ( 1028073 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-03-08 20:04:50 UTC ( 5 years, 4 months ago )
Last submission 2016-10-04 17:49:04 UTC ( 9 months, 3 weeks ago )
File names 0309-2362
(1).scr
07
Uztuby.exe
bb52415e659df7786b68d741a7a20162.PE_
bb52415e659df7786b68d741a7a20162.scr
5518707_304019782967678_137153936323931_76888_135985994_ser
950e8b52-e88d-435b-ba3c-2388923652bc
764cb40a-cf29-4452-9b2d-b7f9de7ea7c1
BB52415E659DF7786B68D741A7A20162
bb52415e659df7786b68d741a7a20162
594a56ec-2103-4868-9e29-7a5f0d90a67b
virussign.com_bb52415e659df7786b68d741a7a20162.scr
file-3659343_scr
5518707_304019782967678_137153936323931_76888_135985994_ser‮gpj.scr
5518707_304019782967678_137153936323931_76888_135985994_ser.exe_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!