× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3fcb768695cce88e49f70159fb39830a327f8485de134a841a6ab509903b7bd1
File name: Protection_ID.eXe
Detection ratio: 1 / 56
Analysis date: 2014-12-24 21:49:52 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Microsoft VirTool:Win32/Obfuscator.AX 20141224
Ad-Aware 20141224
AegisLab 20141224
Yandex 20141224
AhnLab-V3 20141224
ALYac 20141224
Antiy-AVL 20141224
Avast 20141224
AVG 20141224
Avira (no cloud) 20141224
AVware 20141224
Baidu-International 20141224
BitDefender 20141224
Bkav 20141224
ByteHero 20141224
CAT-QuickHeal 20141224
ClamAV 20141224
CMC 20141218
Comodo 20141224
Cyren 20141224
DrWeb 20141224
Emsisoft 20141224
ESET-NOD32 20141224
F-Prot 20141224
F-Secure 20141224
Fortinet 20141224
GData 20141224
Ikarus 20141224
Jiangmin 20141224
K7AntiVirus 20141224
K7GW 20141224
Kaspersky 20141224
Kingsoft 20141224
Malwarebytes 20141224
McAfee 20141224
McAfee-GW-Edition 20141224
eScan 20141224
NANO-Antivirus 20141224
Norman 20141224
nProtect 20141224
Panda 20141224
Qihoo-360 20141224
Rising 20141224
Sophos 20141224
SUPERAntiSpyware 20141224
Symantec 20141224
Tencent 20141224
TheHacker 20141224
TotalDefense 20141224
TrendMicro 20141224
TrendMicro-HouseCall 20141224
VBA32 20141224
VIPRE 20141224
ViRobot 20141224
Zillya 20141224
Zoner 20141223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © [PiD Team] 2002-2014

Product PiD Team's Protection ID v0.6.6.7
Original name Protection_ID.eXe
Internal name [PiD Team] Protection ID v0.6.6.7
File version 0.6.6.7
Description PiD Team's Protection ID
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 12:31 PM 5/22/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-24 21:48:24
Entry Point 0x0000D1AC
Number of sections 10
PE sections
Overlays
MD5 b902d826f37ed176b9313e5746f7c6cf
File type data
Offset 1187840
Size 4504
Entropy 7.38
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AccessCheck
InitializeAcl
RegCreateKeyExA
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
RegFlushKey
RegOpenKeyA
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
ImpersonateSelf
RegEnumKeyExW
OpenThreadToken
GetUserNameA
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
RevertToSelf
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
ImageList_Create
Ord(17)
ImageList_GetIcon
ImageList_AddIcon
FindTextA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
CreatePen
TextOutA
GetPixel
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
SetBkMode
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateDCA
MoveToEx
GetStockObject
GetPath
SelectClipRgn
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetFileTime
GetTempPathA
WideCharToMultiByte
LocalFree
WriteFile
GetCommandLineA
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
ExitProcess
FlushFileBuffers
RemoveDirectoryA
lstrcmpiW
GetPriorityClass
LoadLibraryExA
SetThreadPriority
MultiByteToWideChar
GetSystemPowerStatus
FlushInstructionCache
FindNextChangeNotification
SetFilePointer
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetPriorityClass
GlobalMemoryStatus
FindCloseChangeNotification
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
EnterCriticalSection
lstrcmpiA
SetEvent
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
ExitThread
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GlobalLock
GetTempFileNameW
FindFirstFileA
ResetEvent
GetComputerNameA
FindNextFileA
TerminateProcess
GetProcAddress
GetProcessAffinityMask
CreateFileW
CreateEventA
CreateFileA
LeaveCriticalSection
GetLastError
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetEnvironmentStringsA
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetModuleFileNameA
FindFirstChangeNotificationW
CreateProcessW
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
SetThreadAffinityMask
GetCurrentThread
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetVolumeInformationA
GetVersion
CreateProcessA
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
OpenEventA
VirtualAlloc
VariantClear
VariantInit
SHGetFileInfoA
SHAddToRecentDocs
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
RedrawWindow
CharLowerBuffA
DrawStateA
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
EndPaint
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
SendMessageW
SendMessageA
GetClientRect
SetMenuDefaultItem
EnumDisplaySettingsA
IsClipboardFormatAvailable
ClientToScreen
LoadImageA
GetMenuItemInfoA
GetMenuStringA
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
ShowWindow
SetClassLongA
DrawFrameControl
SetDlgItemInt
EnableWindow
LockWindowUpdate
GetDlgItemTextA
IsWindowEnabled
CreatePopupMenu
SetClipboardData
EnableMenuItem
InvertRect
GetWindowLongA
SetTimer
FillRect
GetSysColorBrush
IsWindowUnicode
DestroyWindow
SetFocus
PostMessageA
BeginPaint
GetScrollPos
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
CheckDlgButton
SetWindowTextA
DrawFocusRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
GetScrollRange
EndDialog
FindWindowA
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
AppendMenuA
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
FrameRect
DeleteMenu
InvalidateRect
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
PE exports
Number of PE resources by type
RT_ICON 146
RT_GROUP_ICON 140
RT_DIALOG 52
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 341
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.6.6.7

UninitializedDataSize
10240

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
1506304

EntryPoint
0xd1ac

OriginalFileName
Protection_ID.eXe

MIMEType
application/octet-stream

LegalCopyright
Copyright [PiD Team] 2002-2014

FileVersion
0.6.6.7

TimeStamp
2014:12:24 22:48:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
[PiD Team] Protection ID v0.6.6.7

ProductVersion
0.6.6.7

FileDescription
PiD Team's Protection ID

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
[PiD Team] (CDKiller/TippeX)

CodeSize
455680

ProductName
PiD Team's Protection ID v0.6.6.7

ProductVersionNumber
0.6.6.7

FileTypeExtension
exe

ObjectFileType
Executable application

Build
0.6.6.7

File identification
MD5 8b23b9f8e3583a06db77e233bb77ce43
SHA1 e7ee51681b209fb38858360ff250dc90bcaf6ea3
SHA256 3fcb768695cce88e49f70159fb39830a327f8485de134a841a6ab509903b7bd1
ssdeep
24576:szYepr+qJMFyq4j/vLlmVlTK5SyTx56hvbU0CAMX4nk:DWrzMFyq4TmTK1Tx56FbIA8T

authentihash 917a827693215fda1dc27e391b43bdc33a86b9f0ebfa5f1bf813e1eb21f938e9
imphash 413562afc9cc4d93433481fea2627abe
File size 1.1 MB ( 1192344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (73.3%)
Win32 Dynamic Link Library (generic) (11.6%)
Win32 Executable (generic) (7.9%)
Generic Win/DOS Executable (3.5%)
DOS Executable Generic (3.5%)
Tags
peexe via-tor overlay

VirusTotal metadata
First submission 2014-12-24 21:49:52 UTC ( 2 years, 4 months ago )
Last submission 2017-05-22 11:31:41 UTC ( 7 hours, 47 minutes ago )
File names [PiD Team] Protection ID v0.6.6.7
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
MALWARE_ (7)
WinRAR.exe
3FCB768695CCE88E49F70159FB39830A327F8485DE134A841A6AB509903B7BD1.dat
protection_id.exe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.exe
ProtectionID scanner v6.6.7.exe
Prot.exe
file-7848963_eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXes
PID.exe
Protection_ID.eXe
Protection ID v0.6.6.7.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0C1C0DEP16.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.