× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי
SHA256: 66640ac004043169db7ce5665fc7b0bfa3b361b0904cdf7b6248a6476419f0a9
שם קובץ: scanpapyrus.exe
יחס זיהוי: 0 / 51
תאריך ניתוח: 2014-04-26 17:52:43 UTC ( 3 שנים, 6 חודשים לפני )
אנטי־וירוס תוצאה עדכן
Ad-Aware 20140426
AegisLab 20140426
Yandex 20140425
AhnLab-V3 20140426
AntiVir 20140426
Antiy-AVL 20140426
Avast 20140426
AVG 20140426
Baidu-International 20140426
BitDefender 20140426
Bkav 20140426
ByteHero 20140426
CAT-QuickHeal 20140426
ClamAV 20140426
CMC 20140424
Commtouch 20140426
Comodo 20140426
DrWeb 20140426
Emsisoft 20140426
ESET-NOD32 20140426
F-Prot 20140426
F-Secure 20140426
Fortinet 20140426
GData 20140426
Ikarus 20140426
Jiangmin 20140426
K7AntiVirus 20140426
K7GW 20140426
Kaspersky 20140426
Kingsoft 20140426
Malwarebytes 20140426
McAfee 20140426
McAfee-GW-Edition 20140425
Microsoft 20140426
eScan 20140426
NANO-Antivirus 20140426
Norman 20140426
nProtect 20140425
Panda 20140426
Qihoo-360 20140426
Rising 20140426
Sophos AV 20140426
SUPERAntiSpyware 20140426
Symantec 20140426
TheHacker 20140425
TotalDefense 20140426
TrendMicro 20140426
TrendMicro-HouseCall 20140426
VBA32 20140425
VIPRE 20140425
ViRobot 20140426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Publisher ScanPdf.ru
Product ScanPapyrus
File version
Description ScanPapyrus Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, UTF-8, INNO, CAB, INNO, CAB, UTF-8, INNO, CAB, INNO, CAB, UTF-8, INNO, CAB, INNO, CAB, UTF-8, INNO, CAB, INNO, CAB, UTF-8, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, Unicode, INNO, CAB, INNO, CAB, INNO, CAB, INNO, CAB, INNO, INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000A5F8
Number of sections 8
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_ICON 8
RT_STRING 6
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
421376

ImageVersion
6.0

ProductName
ScanPapyrus

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:04:26 18:50:58+01:00

ProductVersion
0.7

FileDescription
ScanPapyrus Setup

OSVersion
1.0

FileCreateDate
2014:04:26 18:50:58+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ScanPdf.ru

CodeSize
40448

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0xa5f8

ObjectFileType
Executable application

File identification
MD5 f981e87681b446b180daac38cce8cafb
SHA1 a47d1ce38a10ff304113a8ba0e9885f4c6a426d1
SHA256 66640ac004043169db7ce5665fc7b0bfa3b361b0904cdf7b6248a6476419f0a9
ssdeep
196608:hX+ipZ7UniScTYvZRBFldaS4AJtT1W7ylmxvRIDI8be4N6/7L/ku:huipZ7JCZRBFldaSLnM7E0vmk8b4L

imphash 884310b1928934402ea6fec1dbd3cf5e
קודל קובץ 10.4 מ"ב ( 10855207 bytes )
סוג קובץ Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.2%)
Windows Screen Saver (9.8%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
Generic Win/DOS Executable (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-26 17:52:43 UTC ( 3 שנים, 6 חודשים לפני )
Last submission 2014-04-26 17:52:43 UTC ( 3 שנים, 6 חודשים לפני )
שמות קבצים scanpapyrus.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
אין תגובות. אף חבר קהילה של VirusTotal הגיב על הפריט הזה. היה הראשון לעשות זאת!

השאר תגובה...

?
פרסם תגובה

אתה לא מחובר. רק משתמשים רשומים יכולים להשאיר תגובה. והתחבר והראה את קולך!

אין הצבעות. אף אחד לא הצביע על קובץ זה. היה הראשון לעשות זאת!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.