× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 52dff3f98c4dcca3c63c6ead708c69038d40eb857fffe1356d04e823030bdb41
File name: Protection_ID.eXe
Detection ratio: 1 / 56
Analysis date: 2014-12-25 07:57:44 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Microsoft VirTool:Win32/Obfuscator.AX 20141225
Ad-Aware 20141225
AegisLab 20141225
Yandex 20141224
AhnLab-V3 20141224
ALYac 20141225
Antiy-AVL 20141225
Avast 20141225
AVG 20141225
Avira (no cloud) 20141224
AVware 20141224
Baidu-International 20141225
BitDefender 20141225
Bkav 20141224
ByteHero 20141225
CAT-QuickHeal 20141224
ClamAV 20141225
CMC 20141218
Comodo 20141225
Cyren 20141225
DrWeb 20141225
Emsisoft 20141225
ESET-NOD32 20141225
F-Prot 20141225
F-Secure 20141225
Fortinet 20141225
GData 20141225
Ikarus 20141225
Jiangmin 20141224
K7AntiVirus 20141224
K7GW 20141224
Kaspersky 20141225
Kingsoft 20141225
Malwarebytes 20141225
McAfee 20141225
McAfee-GW-Edition 20141224
eScan 20141225
NANO-Antivirus 20141225
Norman 20141225
nProtect 20141224
Panda 20141224
Qihoo-360 20141225
Rising 20141225
Sophos 20141225
SUPERAntiSpyware 20141224
Symantec 20141225
Tencent 20141225
TheHacker 20141224
TotalDefense 20141224
TrendMicro 20141225
TrendMicro-HouseCall 20141225
VBA32 20141224
VIPRE 20141225
ViRobot 20141225
Zillya 20141224
Zoner 20141223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © [PiD Team] 2002-2014

Publisher ProtectionID Team
Product PiD Team's Protection ID v0.6.6.7
Original name Protection_ID.eXe
Internal name [PiD Team] Protection ID v0.6.6.7
File version 0.6.6.7
Description PiD Team's Protection ID
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-25 07:57:13
Entry Point 0x0000D268
Number of sections 10
PE sections
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AccessCheck
InitializeAcl
RegCreateKeyExA
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
RegFlushKey
RegOpenKeyA
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
ImpersonateSelf
RegEnumKeyExW
OpenThreadToken
GetUserNameA
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
RevertToSelf
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
ImageList_Create
Ord(17)
ImageList_GetIcon
ImageList_AddIcon
FindTextA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
CreatePen
TextOutA
GetPixel
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
SetBkMode
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateDCA
MoveToEx
GetStockObject
GetPath
SelectClipRgn
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetFileTime
GetTempPathA
WideCharToMultiByte
LocalFree
WriteFile
GetCommandLineA
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
ExitProcess
FlushFileBuffers
RemoveDirectoryA
lstrcmpiW
GetPriorityClass
LoadLibraryExA
SetThreadPriority
MultiByteToWideChar
GetSystemPowerStatus
FlushInstructionCache
FindNextChangeNotification
SetFilePointer
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetPriorityClass
GlobalMemoryStatus
FindCloseChangeNotification
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
EnterCriticalSection
lstrcmpiA
SetEvent
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
ExitThread
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GlobalLock
GetTempFileNameW
FindFirstFileA
ResetEvent
GetComputerNameA
FindNextFileA
TerminateProcess
GetProcAddress
GetProcessAffinityMask
CreateFileW
CreateEventA
CreateFileA
LeaveCriticalSection
GetLastError
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetEnvironmentStringsA
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetModuleFileNameA
FindFirstChangeNotificationW
CreateProcessW
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
SetThreadAffinityMask
GetCurrentThread
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetVolumeInformationA
GetVersion
CreateProcessA
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
OpenEventA
VirtualAlloc
VariantClear
VariantInit
SHGetFileInfoA
SHAddToRecentDocs
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
RedrawWindow
CharLowerBuffA
DrawStateA
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
EndPaint
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
SendMessageW
SendMessageA
GetClientRect
SetMenuDefaultItem
EnumDisplaySettingsA
IsClipboardFormatAvailable
ClientToScreen
LoadImageA
GetMenuItemInfoA
GetMenuStringA
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
ShowWindow
SetClassLongA
DrawFrameControl
SetDlgItemInt
EnableWindow
LockWindowUpdate
GetDlgItemTextA
IsWindowEnabled
CreatePopupMenu
SetClipboardData
EnableMenuItem
InvertRect
GetWindowLongA
SetTimer
FillRect
GetSysColorBrush
IsWindowUnicode
DestroyWindow
SetFocus
PostMessageA
BeginPaint
GetScrollPos
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
CheckDlgButton
SetWindowTextA
DrawFocusRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
GetScrollRange
EndDialog
FindWindowA
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
AppendMenuA
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
FrameRect
DeleteMenu
InvalidateRect
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
PE exports
Number of PE resources by type
RT_ICON 146
RT_GROUP_ICON 140
RT_DIALOG 52
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 341
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.6.6.7

UninitializedDataSize
10240

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
1510400

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright [PiD Team] 2002-2014

FileVersion
0.6.6.7

TimeStamp
2014:12:25 08:57:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
[PiD Team] Protection ID v0.6.6.7

FileAccessDate
2015:01:01 08:58:08+01:00

ProductVersion
0.6.6.7

FileDescription
PiD Team's Protection ID

OSVersion
4.0

FileCreateDate
2015:01:01 08:58:08+01:00

OriginalFilename
Protection_ID.eXe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
[PiD Team] (CDKiller/TippeX)

CodeSize
460800

ProductName
PiD Team's Protection ID v0.6.6.7

ProductVersionNumber
0.6.6.7

EntryPoint
0xd268

ObjectFileType
Executable application

Build
0.6.6.7

File identification
MD5 98d3ea8c15ed57a1680947b48a0ef63b
SHA1 b2815e9b32d729c712355704be5f828bbb11daa6
SHA256 52dff3f98c4dcca3c63c6ead708c69038d40eb857fffe1356d04e823030bdb41
ssdeep
24576:9952kb0F4mM/kbzLn9wTJB8T8pgMTt9PCctxVOU0CAMX4nd:NlirM/kbnnSTJWop/IAx4IA8y

authentihash 2fa7a7c4f26bb39a5d2999b08a652ecb7726a09eeebe19a2ea7f3066356d10e0
imphash 413562afc9cc4d93433481fea2627abe
File size 1.1 MB ( 1201560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (73.3%)
Win32 Dynamic Link Library (generic) (11.6%)
Win32 Executable (generic) (7.9%)
Generic Win/DOS Executable (3.5%)
DOS Executable Generic (3.5%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-25 07:57:44 UTC ( 2 years, 6 months ago )
Last submission 2014-12-25 07:57:44 UTC ( 2 years, 6 months ago )
File names Protection_ID.eXe
[PiD Team] Protection ID v0.6.6.7
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.