× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 003c91f4cc1b64e35b18a0f51015716e2d62509bfe188442587c9cfe744c2245
File name: e4234120767fd3fc670e44a05101604d
Detection ratio: 20 / 53
Analysis date: 2014-05-25 15:23:47 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BDEI 20140525
AhnLab-V3 Dropper/Win32.Necurs 20140525
AntiVir TR/Crypt.ZPACK.83284 20140525
Avast Win32:Dropper-gen [Drp] 20140525
AVG PSW.Generic12.ANLE 20140525
BitDefender Trojan.Agent.BDEI 20140525
Emsisoft Trojan.Agent.BDEI (B) 20140525
ESET-NOD32 Win32/Spy.Zbot.ABS 20140525
F-Secure Trojan.Agent.BDEI 20140525
Fortinet W32/Zbot.SXEJ!tr 20140525
GData Trojan.Agent.BDEI 20140525
Ikarus Trojan.Crypt 20140525
Kaspersky Trojan-Spy.Win32.Zbot.sxej 20140525
Malwarebytes Spyware.Zbot.VXGen 20140525
McAfee Artemis!E4234120767F 20140525
McAfee-GW-Edition Artemis!E4234120767F 20140525
Microsoft PWS:Win32/Zbot 20140525
eScan Trojan.Agent.BDEI 20140525
Sophos AV Mal/Generic-S 20140525
TrendMicro-HouseCall TROJ_GEN.F47V0524 20140525
AegisLab 20140525
Yandex 20140525
Antiy-AVL 20140525
Baidu-International 20140525
Bkav 20140523
ByteHero 20140525
CAT-QuickHeal 20140525
ClamAV 20140525
CMC 20140525
Commtouch 20140525
Comodo 20140524
DrWeb 20140525
F-Prot 20140525
Jiangmin 20140525
K7AntiVirus 20140523
K7GW 20140523
Kingsoft 20140525
NANO-Antivirus 20140525
Norman 20140525
nProtect 20140525
Panda 20140525
Qihoo-360 20140525
Rising 20140525
SUPERAntiSpyware 20140525
Symantec 20140525
Tencent 20140525
TheHacker 20140525
TotalDefense 20140525
TrendMicro 20140525
VBA32 20140523
VIPRE 20140525
ViRobot 20140525
Zillya 20140524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014 CleanSoftSolutions Ltd

Publisher CleanSoftSolutions Ltd
Product Provide WNF Image Utility
Original name provwnf
Internal name prov wnf utility
File version 4.6.0.1
Description Provide WNF Image Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-23 16:05:52
Entry Point 0x000024DC
Number of sections 6
PE sections
PE imports
CreatePatternBrush
CreateFontIndirectA
SetBkMode
CreatePalette
GetStockObject
SetDCBrushColor
CreateSolidBrush
CreateBitmap
DeleteObject
Rectangle
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
CreatePipe
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
DeleteCriticalSection
EncodePointer
GetProcessHeap
SetStdHandle
CompareStringW
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
lstrcmpA
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
ConvertDefaultLocale
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
WriteConsoleW
InterlockedIncrement
GetErrorInfo
ExtractIconA
GetMessageA
GetForegroundWindow
CreateDialogIndirectParamW
UpdateWindow
BeginPaint
DefWindowProcW
GetNextDlgGroupItem
SetWindowPos
GetWindowThreadProcessId
SendDlgItemMessageA
ShowScrollBar
DispatchMessageA
EndPaint
TranslateMessage
GetSysColor
GetDC
RegisterClassExA
GetDlgCtrlID
SendMessageW
LoadStringA
GetSystemMetrics
LoadBitmapW
SendMessageA
GetDlgItem
SetScrollPos
InvalidateRect
CreateWindowExA
LoadCursorA
LoadIconA
IsDlgButtonChecked
GetWindowTextLengthW
EnableWindow
GetWindowTextA
DestroyWindow
timeEndPeriod
timeGetTime
timeBeginPeriod
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.6.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
180224

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014 CleanSoftSolutions Ltd

FileVersion
4.6.0.1

TimeStamp
2014:05:23 17:05:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
prov wnf utility

FileAccessDate
2014:05:29 15:52:17+01:00

ProductVersion
4.6.0.1

FileDescription
Provide WNF Image Utility

OSVersion
5.1

FileCreateDate
2014:05:29 15:52:17+01:00

OriginalFilename
provwnf

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CleanSoftSolutions Ltd

CodeSize
48128

ProductName
Provide WNF Image Utility

ProductVersionNumber
4.6.0.1

EntryPoint
0x24dc

ObjectFileType
Executable application

File identification
MD5 e4234120767fd3fc670e44a05101604d
SHA1 00f60558de6c3b4d7d2cb721795597886a4dc9a8
SHA256 003c91f4cc1b64e35b18a0f51015716e2d62509bfe188442587c9cfe744c2245
ssdeep
6144:Lb6PUjiJnuAO3adAOu/c3WlaEDX3KLRg6SK+9s:LGPKiJnNaaGOum0a8CCPK+

imphash 5a485a9e975bd96c5d7c2614322d4f6a
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-24 19:31:10 UTC ( 4 years, 10 months ago )
Last submission 2014-05-25 15:23:47 UTC ( 4 years, 10 months ago )
File names e4234120767fd3fc670e44a05101604d
provwnf
prov wnf utility
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications