× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe3d7ee9488120db3d68950dbab9cf47d3a790952cb09378578c8a0382dc6048
File name: Bolletta.exe
Detection ratio: 13 / 54
Analysis date: 2016-03-08 21:14:32 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20160308
AhnLab-V3 Trojan/Win32.Cryptolocker 20160308
Avira (no cloud) TR/Crypt.XPACK.Gen3 20160308
Bkav HW32.Packed.90E2 20160308
DrWeb Trojan.Encoder.761 20160308
ESET-NOD32 a variant of Win32/Injector.CTYH 20160308
Fortinet W32/Kryptik.EQAX!tr 20160308
Ikarus Trojan-Ransom.TeslaCrypt 20160308
Kaspersky UDS:DangerousObject.Multi.Generic 20160308
McAfee Artemis!3F2772175651 20160308
McAfee-GW-Edition BehavesLike.Win32.VBObfus.hh 20160308
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160308
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160308
Ad-Aware 20160308
Yandex 20160308
Alibaba 20160308
ALYac 20160308
Arcabit 20160308
Avast 20160308
AVG 20160308
AVware 20160308
Baidu 20160225
Baidu-International 20160308
BitDefender 20160308
ByteHero 20160308
CAT-QuickHeal 20160308
ClamAV 20160308
CMC 20160307
Comodo 20160308
Cyren 20160308
Emsisoft 20160308
F-Prot 20160308
F-Secure 20160308
GData 20160308
Jiangmin 20160308
K7AntiVirus 20160308
K7GW 20160308
Malwarebytes 20160308
Microsoft 20160308
eScan 20160308
NANO-Antivirus 20160308
nProtect 20160308
Panda 20160308
Sophos AV 20160308
Symantec 20160308
Tencent 20160308
TheHacker 20160307
TrendMicro 20160308
TrendMicro-HouseCall 20160308
VBA32 20160306
VIPRE 20160308
ViRobot 20160308
Zillya 20160306
Zoner 20160308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-02-20 01:19:01
Entry Point 0x0000E6A6
Number of sections 4
PE sections
PE imports
GetStartupInfoA
FileTimeToSystemTime
GetModuleHandleA
GetCPInfoExA
Ord(324)
Ord(3825)
Ord(1092)
Ord(3147)
Ord(2124)
Ord(1775)
Ord(3830)
Ord(4627)
Ord(3597)
Ord(1039)
Ord(1168)
Ord(4853)
Ord(3136)
Ord(2982)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(4353)
Ord(3798)
Ord(1035)
Ord(3259)
Ord(3081)
Ord(2648)
Ord(1091)
Ord(5280)
Ord(4407)
Ord(2446)
Ord(6374)
Ord(4079)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(1083)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(1085)
Ord(2976)
Ord(2985)
Ord(4998)
Ord(2385)
Ord(815)
Ord(1005)
Ord(4486)
Ord(5300)
Ord(1098)
Ord(4698)
Ord(1063)
Ord(5163)
Ord(3922)
Ord(1068)
Ord(5277)
Ord(2514)
Ord(1027)
Ord(3749)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(5731)
Ord(1060)
Ord(5265)
__p__fmode
_aexit_rtn
_acmdln
_mbsnccnt
_adjust_fdiv
__setusermatherr
_locking
_mbclen
_setmbcp
abs
_j0
__getmainargs
_initterm
_controlfp
_onexit
__p__commode
fgetws
__set_app_type
CloseWindow
Number of PE resources by type
RT_ICON 19
RT_GROUP_ICON 14
RT_BITMAP 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 24
JAPANESE DEFAULT 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.40.138.167

UninitializedDataSize
0

LanguageCode
Unknown (WAKE)

FileFlagsMask
0x003f

CharacterSet
Unknown (D)

InitializedDataSize
479232

EntryPoint
0xe6a6

MIMEType
application/octet-stream

LegalCopyright
2015 (C) 2017

FileVersion
0.156.90.128

TimeStamp
2006:02:20 02:19:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sequent

ProductVersion
0.97.52.205

FileDescription
Smashing Whee Sonority

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SAP AG, Walldorf

CodeSize
57344

ProductName
Tacking Yelled

ProductVersionNumber
0.44.203.122

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3f2772175651c8baae642577c199cdda
SHA1 9a1fa0b267bd38e548482c3f96ee5bf77f5405d5
SHA256 fe3d7ee9488120db3d68950dbab9cf47d3a790952cb09378578c8a0382dc6048
ssdeep
12288:tZC8j+mZMZco8KZn9LPkcP4RlX2f13okykbdyJkTMR9yurW:C7N7jn9LPkcP4O93ocbXTMRl

authentihash ca3a0211e0d2ccc687894c35dfcf9f9c0887c099bc4fe33e85fe8e1ec9cc9c34
imphash 627fb4fed922324df3e2eb9c39c90a22
File size 528.0 KB ( 540672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-08 12:27:03 UTC ( 2 years, 11 months ago )
Last submission 2017-03-11 00:21:22 UTC ( 1 year, 11 months ago )
File names Bolletta.exe
enokocav.exe
fe3d7ee9488120db3d68950dbab9cf47d3a790952cb09378578c8a0382dc6048.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs