× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e7961d0dbe5ea3e20ffb29890fc4c4bcd220688ee6daf60eecbc11ab1a29219
File name: scan purchase orders.exe
Detection ratio: 3 / 56
Analysis date: 2016-05-31 12:36:15 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160530
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20160530
Panda Trj/Genetic.gen 20160531
Ad-Aware 20160531
AegisLab 20160531
AhnLab-V3 20160531
Alibaba 20160531
ALYac 20160531
Antiy-AVL 20160531
Arcabit 20160531
Avast 20160531
AVG 20160531
Avira (no cloud) 20160531
AVware 20160531
Baidu-International 20160531
BitDefender 20160531
Bkav 20160531
CAT-QuickHeal 20160531
ClamAV 20160531
CMC 20160530
Comodo 20160531
Cyren 20160531
DrWeb 20160531
Emsisoft 20160531
ESET-NOD32 20160531
F-Prot 20160531
F-Secure 20160531
Fortinet 20160531
GData 20160531
Ikarus 20160531
Jiangmin 20160531
K7AntiVirus 20160531
K7GW 20160531
Kaspersky 20160531
Kingsoft 20160531
Malwarebytes 20160531
McAfee 20160531
Microsoft 20160531
eScan 20160531
NANO-Antivirus 20160531
nProtect 20160531
Qihoo-360 20160531
Rising 20160531
Sophos AV 20160531
SUPERAntiSpyware 20160531
Symantec 20160531
Tencent 20160531
TheHacker 20160530
TrendMicro 20160531
TrendMicro-HouseCall 20160531
VBA32 20160531
VIPRE 20160531
ViRobot 20160531
Yandex 20160530
Zillya 20160531
Zoner 20160531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Fidusmalernes
Original name Cim.EXE
Internal name Cim
File version 7.04.0006
Description Sleepy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-31 07:45:22
Entry Point 0x00001158
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(546)
Ord(687)
Ord(695)
Ord(685)
Ord(697)
Ord(678)
EVENT_SINK_AddRef
Ord(629)
Ord(714)
Ord(717)
Ord(647)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(540)
Ord(581)
Ord(542)
Ord(519)
Ord(547)
Ord(100)
Ord(606)
EVENT_SINK_Release
Ord(595)
Ord(651)
Ord(610)
Ord(628)
Ord(613)
Ord(672)
Ord(646)
Ord(644)
Ord(588)
Ord(543)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
57344

ImageVersion
7.4

ProductName
Fidusmalernes

FileVersionNumber
7.4.0.6

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Cim.EXE

MIMEType
application/octet-stream

FileVersion
7.04.0006

TimeStamp
2016:05:31 08:45:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cim

ProductVersion
7.04.0006

FileDescription
Sleepy

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Vodamobile

CodeSize
184320

FileSubtype
0

ProductVersionNumber
7.4.0.6

EntryPoint
0x1158

ObjectFileType
Executable application

File identification
MD5 7161bd62cb8e6ac92db4a5523fbe2698
SHA1 a1a5a050982f43059ce3e88df2f53f323d51e729
SHA256 0e7961d0dbe5ea3e20ffb29890fc4c4bcd220688ee6daf60eecbc11ab1a29219
ssdeep
3072:YcUHDg4P4rUJIeLC7Q/VZbh+1Wa9DCuVcACCRs:YcGj4/em7Q/vAkSDCWcACCR

authentihash 211e3a4cba655b19898a9a3ba6a16ea7b2534b71c73db5505db1446ebd5a3fe8
imphash 6004fd05fef1894a6e60380b9f4d2d37
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-31 11:17:21 UTC ( 1 year, 2 months ago )
Last submission 2016-09-27 15:59:56 UTC ( 10 months, 4 weeks ago )
File names scan purchase orders.exe
scan_purchase_orders.exe.bin
Cim.EXE
Cim
orders.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
TCP connections