× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01d934d41965248241ab941ef3a8b75314637e0aa50ce506cc76b67f506be901
File name: a.exe
Detection ratio: 14 / 61
Analysis date: 2017-04-21 00:49:35 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Generic.pak!cobra 20170421
Baidu Win32.Trojan.Kryptik.anp 20170420
Comodo TrojWare.Win32.MalPack.PKB 20170420
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Endgame malicious (high confidence) 20170419
ESET-NOD32 a variant of Win32/Kryptik.CJUE 20170420
Sophos ML generic.a 20170413
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.jm 20170420
Qihoo-360 HEUR/QVM20.1.9E52.Malware.Gen 20170421
SentinelOne (Static ML) static engine - malicious 20170330
Symantec ML.Attribute.HighConfidence 20170420
TrendMicro-HouseCall Ransom_HPCERBER.SMONT3 20170421
VIPRE Trojan.Win32.Generic.pak!cobra 20170421
Webroot Trojan.Dropper.Gen 20170421
Ad-Aware 20170421
AegisLab 20170420
AhnLab-V3 20170420
Alibaba 20170420
ALYac 20170420
Antiy-AVL 20170420
Arcabit 20170421
Avast 20170420
AVG 20170420
Avira (no cloud) 20170420
BitDefender 20170420
Bkav 20170420
CAT-QuickHeal 20170420
ClamAV 20170420
CMC 20170420
Cyren 20170420
DrWeb 20170421
Emsisoft 20170420
F-Prot 20170421
F-Secure 20170421
Fortinet 20170421
GData 20170421
Ikarus 20170420
Jiangmin 20170420
K7AntiVirus 20170420
K7GW 20170420
Kaspersky 20170421
Kingsoft 20170421
Malwarebytes 20170420
McAfee 20170421
Microsoft 20170421
eScan 20170421
NANO-Antivirus 20170420
nProtect 20170421
Palo Alto Networks (Known Signatures) 20170421
Panda 20170420
Rising None
Sophos AV 20170420
SUPERAntiSpyware 20170421
Symantec Mobile Insight 20170420
Tencent 20170421
TheHacker 20170420
TrendMicro 20170420
Trustlook 20170421
VBA32 20170420
ViRobot 20170420
WhiteArmor 20170409
Yandex 20170420
Zillya 20170418
ZoneAlarm by Check Point 20170421
Zoner 20170421
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2006-2010 Christian Ghisler

Internal name Totalcmd-udmin
File version 1, 0, 0, 5
Description Total Commander udministrator Tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-21 22:59:18
Entry Point 0x00065070
Number of sections 4
PE sections
Overlays
MD5 c9e5b2613f442c5eab5d9d0bac743c2d
File type data
Offset 650752
Size 50682
Entropy 0.21
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyW
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW
InitCommonControlsEx
GetEnhMetaFileA
SetMetaRgn
GetPixelFormat
GetCharABCWidthsFloatW
UpdateICMRegKeyW
GetSystemPaletteEntries
CreateMetaFileA
GdiArtificialDecrementDriver
GetNearestColor
GetBkMode
SaveDC
SetVirtualResolution
ResizePalette
GetCharABCWidthsFloatA
GdiIsMetaFileDC
GetBkColor
SetStretchBltMode
SetLayoutWidth
DeleteEnhMetaFile
UnrealizeObject
GdiPlayScript
GetLayout
CreateMetaFileW
GetDeviceCaps
CreateCompatibleDC
DeleteDC
GdiGetBatchLimit
SetBkMode
SetLayout
GetSystemPaletteUse
StretchBlt
EndDoc
GetTextMetricsA
ChoosePixelFormat
EngDeleteClip
CreateHalftonePalette
CreateDIBSection
GdiComment
FONTOBJ_pvTrueTypeFontFile
RealizePalette
SetTextColor
GetTextExtentPointW
AbortPath
GetObjectA
OffsetRgn
SetPaletteEntries
StartFormPage
FrameRgn
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
GetAspectRatioFilterEx
GetEUDCTimeStamp
SetArcDirection
GdiDeleteLocalDC
EngCreateDeviceSurface
StretchDIBits
SwapBuffers
CloseEnhMetaFile
CreateBitmapIndirect
ScaleViewportExtEx
AbortDoc
CreateFontIndirectExA
GdiPlayJournal
GetTextCharacterExtra
CloseMetaFile
GetEnhMetaFileHeader
GetPaletteEntries
CreateSolidBrush
Polyline
DeleteMetaFile
CancelDC
SelectObject
GetTextColor
GdiCreateLocalEnhMetaFile
BeginPath
DeleteObject
CreateCompatibleBitmap
SetSystemPaletteUse
Toolhelp32ReadProcessMemory
QueueUserAPC
GetCommandLineW
GetCurrentProcess
LocalAlloc
lstrcatA
_llseek
GetThreadContext
QueryDosDeviceA
InterlockedExchange
_lopen
GetSystemTimeAsFileTime
GetFullPathNameA
GetExitCodeProcess
LocalFree
HeapLock
GetLogicalDriveStringsA
LoadResource
GlobalHandle
FormatMessageA
OutputDebugStringA
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetConsoleCtrlHandler
CancelDeviceWakeupRequest
UnhandledExceptionFilter
EnumCalendarInfoW
DeleteTimerQueueTimer
_lclose
CreateSemaphoreW
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
GlobalAlloc
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
HeapFree
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
GetStartupInfoA
GetFileSize
GetPrivateProfileIntA
SetCommMask
_hread
GlobalLock
_lread
GetProcessHeap
GlobalReAlloc
lstrcmpA
lstrcpyA
MapUserPhysicalPagesScatter
CreateFileMappingA
GetProcAddress
CreateFileA
GetLastError
GetConsoleAliasesLengthA
lstrlenA
GlobalFree
GlobalUnlock
WaitForSingleObjectEx
WinExec
OpenFile
Module32FirstW
AddConsoleAliasA
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCompressedFileSizeW
InterlockedCompareExchange
GetCurrentThread
MapViewOfFile
GetModuleHandleA
GlobalFlags
PulseEvent
CloseHandle
lstrcpynA
GetVersion
FreeResource
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
SetThreadPriority
FindResourceA
VirtualAlloc
ShellAboutA
SHQueryRecycleBinW
SHEmptyRecycleBinW
SHChangeNotify
ShellExecuteW
CheckEscapesW
SHInvokePrinterCommandW
ExtractIconExW
SHGetFileInfo
SHGetInstanceExplorer
FindExecutableW
SHInvokePrinterCommandA
SHEmptyRecycleBinA
ExtractAssociatedIconA
SHGetSpecialFolderPathW
SHGetDataFromIDListA
StrChrIA
StrCmpNIW
StrStrIA
RedrawWindow
GetMessagePos
GetInputState
ChangeDisplaySettingsA
PostQuitMessage
GetWindowContextHelpId
DrawStateW
LoadBitmapA
SetWindowPos
DeregisterShellHookWindow
GetClipboardViewer
OemToCharBuffA
DispatchMessageA
EndPaint
OpenIcon
VkKeyScanA
GetMessageTime
VkKeyScanW
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
EndMenu
AnyPopup
SendMessageA
DialogBoxParamA
InSendMessage
CopyIcon
GetActiveWindow
UnhookWindowsHook
EnumClipboardFormats
GetWindowTextLengthW
GetWindowTextA
GetMenuContextHelpId
DestroyWindow
DdeSetQualityOfService
GetMessageA
GetParent
UpdateWindow
DdeCmpStringHandles
GetMenuState
ShowWindow
GetListBoxInfo
EnableWindow
CharUpperW
GetDlgItemTextA
PeekMessageA
TranslateMessage
LoadStringA
GetQueueStatus
CharLowerA
DrawMenuBar
IsCharLowerW
IsIconic
RegisterClassA
GetWindowLongA
CreateWindowExA
GetKeyboardLayout
FillRect
EnumThreadWindows
CharNextA
SetFocus
CharPrevA
MapVirtualKeyA
GetOpenClipboardWindow
PostMessageA
BeginPaint
GetMouseMovePointsEx
GetClipboardOwner
RegisterWindowMessageA
DefWindowProcA
IsGUIThread
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
SetCapture
ReleaseCapture
GetMessageExtraInfo
CharLowerW
SetWindowLongA
GetProcessWindowStation
CreatePopupMenu
ShowCaret
CreateMenu
GetDlgItem
LoadCursorA
LoadIconA
CountClipboardFormats
GetDesktopWindow
ReuseDDElParam
SetForegroundWindow
DialogBoxIndirectParamA
WindowFromDC
GetCaretBlinkTime
DrawTextA
EndDialog
GetShellWindow
FindWindowA
MessageBeep
CheckMenuItem
GetLastInputInfo
SetMenu
MessageBoxIndirectA
MoveWindow
MessageBoxA
DestroyCursor
MessageBoxExW
LoadCursorFromFileW
GetSysColor
GetKeyState
DestroyIcon
GetKeyNameTextA
IsWindowVisible
SetCursorPos
WinHelpA
DeleteMenu
InvalidateRect
wsprintfA
IsCharUpperA
SetWindowTextA
TranslateAccelerator
SendMessageTimeoutW
wsprintfW
CloseClipboard
GetKeyboardType
LookupIconIdFromDirectory
SetCursor
_purecall
__p__fmode
malloc
sscanf
_acmdln
_ftol
fclose
isdigit
fopen
_cexit
_itoa
_c_exit
wcscpy
isalnum
floor
wcslen
exit
_XcptFilter
realloc
__setusermatherr
rand
_adjust_fdiv
sprintf
_except_handler3
__p__commode
free
atoi
atol
__getmainargs
calloc
_controlfp
strstr
memmove
_ltoa
isspace
_strnicmp
_initterm
_exit
_CIacos
__set_app_type
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN SWISS 7
PE resources
ExifTool file metadata
CharacterSet
ASCII

CodeSize
411136

UninitializedDataSize
0

InitializedDataSize
238592

ImageVersion
0.0

FileVersionNumber
1.0.0.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Total Commander udministrator Tool

ImageFileCharacteristics
No relocs, Executable, 32-bit

IvateBuild
j%ProductName

LinkerVersion
9.0

EntryPoint
0x65070

MIMEType
application/octet-stream

LegalCopyright
Copyright 2006-2010 Christian Ghisler

FileVersion
1, 0, 0, 5

TimeStamp
2017:04:21 23:59:18+01:00

FileType
Win32 EXE

PEType
PE32

EcialBuild
D

InternalName
Totalcmd-udmin

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ghisler Software GmbH

LegalTrademarks
NOriginalFilename

FileSubtype
0

ProductVersionNumber
1.0.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
PCAP parents
File identification
MD5 f654e1d2c443b7431a1aef39877c0757
SHA1 8345b097d4bf0c95178f29dcb65f366bc4eb3192
SHA256 01d934d41965248241ab941ef3a8b75314637e0aa50ce506cc76b67f506be901
ssdeep
6144:LKZl30feXONU/8uu4UqVta/CnXOxHQSY2ihBFtHmZ3+kGEQNbX9HW3XkeuE:LKYWnD1UqvFMHQnLiZ3kL7w3UK

authentihash f16fb337acc249b27777db0e4fa9157f580cf4164ab26ee2676e49a608086e40
imphash d9ca73613f6c70b64d1760a212efb766
File size 685.0 KB ( 701434 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-21 00:49:35 UTC ( 1 year, 9 months ago )
Last submission 2017-04-27 10:33:52 UTC ( 1 year, 8 months ago )
File names 01d934d41965248241ab941ef3a8b75314637e0aa50ce506cc76b67f506be901.exe
01d934d41965248241ab941ef3a8b75314637e0aa50ce506cc76b67f506be901.exe
Totalcmd-udmin
a.exe
01d934d41965248241ab941ef3a8b75314637e0aa50ce506cc76b67f506be901.exe
01d934d41965248241ab941ef3a8b75314637e0aa50ce506cc76b67f506be901
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs