Antivirus scan for 030d3ceab4298ed0e9a9cbce2209ce1d1af3f5292a294c181e2e78d4d11b7c73 at 2016-11-18 20:10:36 UTC

Antivirus	Result	Update
Ad-Aware	Trojan.Generic.19709677	20161118
ALYac	Trojan.Generic.19709677	20161118
Antiy-AVL	Trojan[Backdoor]/Win32.Vawtrak	20161118
Arcabit	Trojan.Generic.D12CBEED	20161118
Avast	Win32:Trojan-gen	20161118
AVG	PSW.Generic13.QXJ	20161118
Avira (no cloud)	TR/Crypt.Xpack.owboa	20161118
AVware	Trojan.Win32.Generic!BT	20161118
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9999	20161118
BitDefender	Trojan.Generic.19709677	20161118
Bkav	HW32.Packed.4B28	20161117
CrowdStrike Falcon (ML)	malicious_confidence_100% (D)	20161024
Emsisoft	Trojan.Generic.19709677 (B)	20161118
ESET-NOD32	Win32/PSW.Papras.EJ	20161118
F-Secure	Trojan.Generic.19709677	20161118
GData	Trojan.Generic.19709677	20161118
Sophos ML	virus.win32.sality.at	20161018
K7AntiVirus	Password-Stealer ( 004cfc431 )	20161118
K7GW	Password-Stealer ( 004cfc431 )	20161118
Kaspersky	Backdoor.Win32.Vawtrak.fz	20161118
McAfee	Artemis!2EC355EE12ED	20161118
McAfee-GW-Edition	BehavesLike.Win32.Ramnit.ch	20161118
Microsoft	Backdoor:Win32/Vawtrak.E	20161118
eScan	Trojan.Generic.19709677	20161118
Panda	Trj/GdSda.A	20161118
Qihoo-360	HEUR/QVM20.1.385E.Malware.Gen	20161118
Sophos AV	Mal/Generic-S	20161118
Symantec	Trojan.Gen	20161118
TrendMicro	TROJ_GEN.R00JC0DKI16	20161118
TrendMicro-HouseCall	TROJ_GEN.R00JC0DKI16	20161118
VIPRE	Trojan.Win32.Generic!BT	20161118
AegisLab		20161118
AhnLab-V3		20161118
Alibaba		20161118
CAT-QuickHeal		20161118
ClamAV		20161118
CMC		20161118
Comodo		20161118
Cyren		20161118
DrWeb		20161118
F-Prot		20161118
Fortinet		20161118
Ikarus		20161118
Jiangmin		20161118
Kingsoft		20161118
Malwarebytes		20161118
NANO-Antivirus		20161118
nProtect		20161118
Rising		20161118
SUPERAntiSpyware		20161118
Tencent		20161118
TheHacker		20161117
TotalDefense		20161118
VBA32		20161118
ViRobot		20161118
Yandex		20161118
Zillya		20161118
Zoner		20161118

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Product FortiClient Helper

Original name FCHelper.exe

Internal name FCHelper

File version 5.4.0.0780

Description FortiClient System Helper

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2014-02-10 20:51:49

Entry Point 0x00004C92

Number of sections 8

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 78920 79872 7.50 587b81d259a0cfbf598ce15c901bf7dc

.rdata 86016 17286 18432 4.37 54a958a2f435ba25aa379af01c14342f

.data 106496 44128 12288 4.08 8e71f14df78f128837caae2c5fc1ab1c

NT6CSO 151552 20137 20480 7.45 796f7166f47a6e54439794d49cedd897

UPX1 172032 11860 12288 7.35 63dd12421a05ea2cedb513febe6a081d

.CRT 184320 16590 18432 7.16 c92c912bd0989bc47cd915b69cff3d7e

UPX0 204800 10678 12288 6.98 495e26c547725b693f1bd98c9a239164

.rsrc 217088 9336 10240 4.77 67586990f48a60b17880abbcbe2f14f0

PE imports

Number of PE resources by type

REGISTRY 5

TYPELIB 1

RT_STRING 1

RT_VERSION 1

Number of PE resources by language

ENGLISH US 8

PE resources

53ebceeca789d04f3a601bc3a4968f59d542cc9c6405b679cebe373da105d5bb ASCII text

58d18df507d4f88348ba341281314520bab09f29bcd600602b291dd439dc0df8 ASCII text

66c1ba7adcda7c986c7e770304d63e4d629b252ad456ecc4c384179f13bc240a ASCII text

6a60af0f928d1d4635686c022838fdd5c8818a211fb0471728d1ebcd882a2acb data

703085c7067d11097e89ac830b069f42dabe5ef9e03887e66e74a38fbdf84309 ASCII text

7f9ba5165c8926f16bdbbbdd2f0c4ab6fe3f1e04a2db1f097e811dc5a950f285 data

ef555b9b30881212a8ee1dd3cce37f6edb377eb9e8f53811cef6c00a6fb08036 ASCII text

f0d18ee88c93006f8208cc1e2a46d74140992e312f35583eb266746096dd1533 ASCII text

ExifTool file metadata

SubsystemVersion

5.0

LinkerVersion

14.0

ImageVersion

0.0

FileSubtype

FileVersionNumber

5.4.0.780

UninitializedDataSize

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

CharacterSet

Unicode

InitializedDataSize

137216

EntryPoint

0x4c92

OriginalFileName

FCHelper.exe

MIMEType

application/octet-stream

LegalCopyright

FileVersion

5.4.0.0780

TimeStamp

2014:02:10 21:51:49+01:00

FileType

Win32 EXE

PEType

PE32

InternalName

FCHelper

ProductVersion

5.4.0.0780

FileDescription

FortiClient System Helper

OSVersion

5.0

FileOS

Windows NT 32-bit

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

Fortinet Inc.

CodeSize

79872

ProductName

FortiClient Helper

ProductVersionNumber

5.4.0.780

FileTypeExtension

exe

ObjectFileType

Executable application

File identification

MD5 2ec355ee12ed2356c33efb25d63117bb

SHA1 a9b668c60567c3bf811d3bee9a21a314d2f9fb72

SHA256 030d3ceab4298ed0e9a9cbce2209ce1d1af3f5292a294c181e2e78d4d11b7c73

ssdeep

3072:EUfItG1DhwxiWVt11nbfaLQG32svKJxa41fL9ZoETRJc02:EXtG1Dhwdr11jaLN3psxa41fJrRJc

authentihash 748f56013040edbd36336c9039f8d92bdb3673975eb5d363cb312f6880a89405

imphash 047df6f79785b7fbfd73fe389849755b

File size 182.0 KB ( 186368 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Executable MS Visual C++ (generic) (41.0%) Win64 Executable (generic) (36.3%) Win32 Dynamic Link Library (generic) (8.6%) Win32 Executable (generic) (5.9%) OS/2 Executable (generic) (2.6%)

VirusTotal metadata

First submission 2016-11-18 20:10:36 UTC ( 2 years, 3 months ago )

Last submission 2016-11-18 20:10:36 UTC ( 2 years, 3 months ago )

File names

2ec355ee12ed2356c33efb25d63117bb.virus
FCHelper
FCHelper.exe

SHA256:	030d3ceab4298ed0e9a9cbce2209ce1d1af3f5292a294c181e2e78d4d11b7c73
File name:	2ec355ee12ed2356c33efb25d63117bb.virus
Detection ratio:	31 / 56
Analysis date:	2016-11-18 20:10:36 UTC ( 2 years, 3 months ago ) View latest

Ciphered bundle