× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e5b79cfb3f3114a0cc9d85e199ffb38cf745202c754a361548a36ec61a6b88a
File name: Protection_ID.eXe
Detection ratio: 1 / 56
Analysis date: 2014-12-27 12:15:01 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Microsoft VirTool:Win32/Obfuscator.AX 20141227
Ad-Aware 20141227
AegisLab 20141227
Yandex 20141227
AhnLab-V3 20141227
ALYac 20141227
Antiy-AVL 20141227
Avast 20141227
AVG 20141227
Avira (no cloud) 20141227
AVware 20141227
Baidu-International 20141227
BitDefender 20141227
Bkav 20141226
ByteHero 20141227
CAT-QuickHeal 20141227
ClamAV 20141227
CMC 20141218
Comodo 20141227
Cyren 20141227
DrWeb 20141227
Emsisoft 20141227
ESET-NOD32 20141227
F-Prot 20141227
F-Secure 20141227
Fortinet 20141227
GData 20141227
Ikarus 20141227
Jiangmin 20141226
K7AntiVirus 20141226
K7GW 20141226
Kaspersky 20141227
Kingsoft 20141227
Malwarebytes 20141227
McAfee 20141227
McAfee-GW-Edition 20141227
eScan 20141227
NANO-Antivirus 20141227
Norman 20141227
nProtect 20141226
Panda 20141227
Qihoo-360 20141227
Rising 20141227
Sophos AV 20141227
SUPERAntiSpyware 20141227
Symantec 20141227
Tencent 20141227
TheHacker 20141227
TotalDefense 20141227
TrendMicro 20141227
TrendMicro-HouseCall 20141227
VBA32 20141226
VIPRE 20141227
ViRobot 20141227
Zillya 20141226
Zoner 20141226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © [PiD Team] 2002-2014

Publisher ProtectionID Team
Product PiD Team's Protection ID v0.6.6.7
Original name Protection_ID.eXe
Internal name [PiD Team] Protection ID v0.6.6.7
File version 0.6.6.7
Description PiD Team's Protection ID
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-27 12:14:01
Entry Point 0x00009FC8
Number of sections 10
PE sections
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AccessCheck
InitializeAcl
RegCreateKeyExA
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
RegFlushKey
RegOpenKeyA
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
ImpersonateSelf
RegEnumKeyExW
OpenThreadToken
GetUserNameA
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
RevertToSelf
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
ImageList_Create
Ord(17)
ImageList_GetIcon
ImageList_AddIcon
FindTextA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
CreatePen
TextOutA
GetPixel
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
SetBkMode
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateDCA
MoveToEx
GetStockObject
GetPath
SelectClipRgn
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetFileTime
GetTempPathA
WideCharToMultiByte
LocalFree
WriteFile
GetCommandLineA
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
ExitProcess
FlushFileBuffers
RemoveDirectoryA
lstrcmpiW
GetPriorityClass
LoadLibraryExA
SetThreadPriority
MultiByteToWideChar
GetSystemPowerStatus
FlushInstructionCache
FindNextChangeNotification
SetFilePointer
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetPriorityClass
GlobalMemoryStatus
FindCloseChangeNotification
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
EnterCriticalSection
lstrcmpiA
SetEvent
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
ExitThread
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GlobalLock
GetTempFileNameW
FindFirstFileA
ResetEvent
GetComputerNameA
FindNextFileA
TerminateProcess
GetProcAddress
GetProcessAffinityMask
CreateFileW
CreateEventA
CreateFileA
LeaveCriticalSection
GetLastError
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetEnvironmentStringsA
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetModuleFileNameA
FindFirstChangeNotificationW
CreateProcessW
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
SetThreadAffinityMask
GetCurrentThread
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetVolumeInformationA
GetVersion
CreateProcessA
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
OpenEventA
VirtualAlloc
VariantClear
VariantInit
SHGetFileInfoA
SHAddToRecentDocs
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
RedrawWindow
CharLowerBuffA
DrawStateA
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
EndPaint
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
SendMessageW
SendMessageA
GetClientRect
SetMenuDefaultItem
EnumDisplaySettingsA
IsClipboardFormatAvailable
ClientToScreen
LoadImageA
GetMenuItemInfoA
GetMenuStringA
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
ShowWindow
SetClassLongA
DrawFrameControl
SetDlgItemInt
EnableWindow
LockWindowUpdate
GetDlgItemTextA
IsWindowEnabled
CreatePopupMenu
SetClipboardData
EnableMenuItem
InvertRect
GetWindowLongA
SetTimer
FillRect
GetSysColorBrush
IsWindowUnicode
DestroyWindow
SetFocus
PostMessageA
BeginPaint
GetScrollPos
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
CheckDlgButton
SetWindowTextA
DrawFocusRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
GetScrollRange
EndDialog
FindWindowA
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
AppendMenuA
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
FrameRect
DeleteMenu
InvalidateRect
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
PE exports
Number of PE resources by type
RT_ICON 146
RT_GROUP_ICON 140
RT_DIALOG 52
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 341
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.6.6.7

UninitializedDataSize
10240

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
1510400

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright [PiD Team] 2002-2014

FileVersion
0.6.6.7

TimeStamp
2014:12:27 13:14:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
[PiD Team] Protection ID v0.6.6.7

FileAccessDate
2015:01:03 13:15:34+01:00

ProductVersion
0.6.6.7

FileDescription
PiD Team's Protection ID

OSVersion
4.0

FileCreateDate
2015:01:03 13:15:34+01:00

OriginalFilename
Protection_ID.eXe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
[PiD Team] (CDKiller/TippeX)

CodeSize
460800

ProductName
PiD Team's Protection ID v0.6.6.7

ProductVersionNumber
0.6.6.7

EntryPoint
0x9fc8

ObjectFileType
Executable application

Build
0.6.6.7

File identification
MD5 4f206fcdc142784b54a9be7f4a42b106
SHA1 6f1df27b877154d4e8ea1b5bd7e8ce0e25331cbb
SHA256 0e5b79cfb3f3114a0cc9d85e199ffb38cf745202c754a361548a36ec61a6b88a
ssdeep
24576:/J5K58c2EDc87WEpdyr1J14LTYOU8mQT5448dVtriwnEU0CAMX4nw:nKmcQSWEpdMziTYemQl4bNHEIA8/

authentihash 89f74b9217b945acf54afe6a7c0a2876a3bb4451bf6910410c7dcd77570b267f
imphash 413562afc9cc4d93433481fea2627abe
File size 1.1 MB ( 1201560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-27 12:15:01 UTC ( 2 years, 11 months ago )
Last submission 2014-12-27 12:15:01 UTC ( 2 years, 11 months ago )
File names Protection_ID.eXe
[PiD Team] Protection ID v0.6.6.7
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.