× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 030d3ceab4298ed0e9a9cbce2209ce1d1af3f5292a294c181e2e78d4d11b7c73
File name: 2ec355ee12ed2356c33efb25d63117bb.virus
Detection ratio: 31 / 56
Analysis date: 2016-11-18 20:10:36 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.19709677 20161118
ALYac Trojan.Generic.19709677 20161118
Antiy-AVL Trojan[Backdoor]/Win32.Vawtrak 20161118
Arcabit Trojan.Generic.D12CBEED 20161118
Avast Win32:Trojan-gen 20161118
AVG PSW.Generic13.QXJ 20161118
Avira (no cloud) TR/Crypt.Xpack.owboa 20161118
AVware Trojan.Win32.Generic!BT 20161118
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161118
BitDefender Trojan.Generic.19709677 20161118
Bkav HW32.Packed.4B28 20161117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Emsisoft Trojan.Generic.19709677 (B) 20161118
ESET-NOD32 Win32/PSW.Papras.EJ 20161118
F-Secure Trojan.Generic.19709677 20161118
GData Trojan.Generic.19709677 20161118
Sophos ML virus.win32.sality.at 20161018
K7AntiVirus Password-Stealer ( 004cfc431 ) 20161118
K7GW Password-Stealer ( 004cfc431 ) 20161118
Kaspersky Backdoor.Win32.Vawtrak.fz 20161118
McAfee Artemis!2EC355EE12ED 20161118
McAfee-GW-Edition BehavesLike.Win32.Ramnit.ch 20161118
Microsoft Backdoor:Win32/Vawtrak.E 20161118
eScan Trojan.Generic.19709677 20161118
Panda Trj/GdSda.A 20161118
Qihoo-360 HEUR/QVM20.1.385E.Malware.Gen 20161118
Sophos AV Mal/Generic-S 20161118
Symantec Trojan.Gen 20161118
TrendMicro TROJ_GEN.R00JC0DKI16 20161118
TrendMicro-HouseCall TROJ_GEN.R00JC0DKI16 20161118
VIPRE Trojan.Win32.Generic!BT 20161118
AegisLab 20161118
AhnLab-V3 20161118
Alibaba 20161118
CAT-QuickHeal 20161118
ClamAV 20161118
CMC 20161118
Comodo 20161118
Cyren 20161118
DrWeb 20161118
F-Prot 20161118
Fortinet 20161118
Ikarus 20161118
Jiangmin 20161118
Kingsoft 20161118
Malwarebytes 20161118
NANO-Antivirus 20161118
nProtect 20161118
Rising 20161118
SUPERAntiSpyware 20161118
Tencent 20161118
TheHacker 20161117
TotalDefense 20161118
VBA32 20161118
ViRobot 20161118
Yandex 20161118
Zillya 20161118
Zoner 20161118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2015 Fortinet Inc. All rights reserved.

Product FortiClient Helper
Original name FCHelper.exe
Internal name FCHelper
File version 5.4.0.0780
Description FortiClient System Helper
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-10 20:51:49
Entry Point 0x00004C92
Number of sections 8
PE sections
PE imports
CryptDuplicateHash
GetCurrentHwProfileW
ConvertSidToStringSidA
AllocateLocallyUniqueId
GetLastError
GetNamedPipeInfo
RemoveDirectoryW
GlobalGetAtomNameW
GetExitCodeThread
ExitProcess
DisableThreadLibraryCalls
VirtualProtect
RemoveDirectoryA
VirtualQuery
DeleteVolumeMountPointW
GetDateFormatA
AddConsoleAliasA
GetWindowsDirectoryW
AddAtomA
GetDateFormatW
SetFileValidData
GetCurrentDirectoryA
GetSystemDefaultLCID
MultiByteToWideChar
GetStartupInfoW
VDMOperationStarted
SetThreadAffinityMask
GetUserDefaultLCID
GetConsoleAliasesA
AddAtomW
EnumCalendarInfoW
GetTempFileNameW
SetConsoleTitleW
GetSystemDirectoryW
GetModuleHandleA
lstrcmpA
GetDiskFreeSpaceW
ReadFile
HeapValidate
CloseHandle
BindIoCompletionCallback
LocalFree
CreateFileW
FatalExit
ChangeTimerQueueTimer
GetLongPathNameA
GetCurrentThread
GetProcessTimes
CloseConsoleHandle
GetCurrencyFormatW
GetTimeFormatA
IntersectRect
LoadMenuA
GetFocus
GetClipboardOwner
GetCaretPos
LoadMenuW
GetClipboardViewer
IsWindow
GetWindowRect
IsWindowUnicode
AppendMenuW
LoadCursorFromFileW
GetWindow
GetMenuDefaultItem
CreatePopupMenu
GetMenu
GetClassLongW
LoadStringW
GetKeyboardLayoutList
GetMenuItemCount
GetSubMenu
GetTopWindow
GetDesktopWindow
IsRectEmpty
FindWindowExW
GetWindowLongW
_access_s
Number of PE resources by type
REGISTRY 5
TYPELIB 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.4.0.780

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
137216

EntryPoint
0x4c92

OriginalFileName
FCHelper.exe

MIMEType
application/octet-stream

LegalCopyright
2015 Fortinet Inc. All rights reserved.

FileVersion
5.4.0.0780

TimeStamp
2014:02:10 21:51:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FCHelper

ProductVersion
5.4.0.0780

FileDescription
FortiClient System Helper

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fortinet Inc.

CodeSize
79872

ProductName
FortiClient Helper

ProductVersionNumber
5.4.0.780

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2ec355ee12ed2356c33efb25d63117bb
SHA1 a9b668c60567c3bf811d3bee9a21a314d2f9fb72
SHA256 030d3ceab4298ed0e9a9cbce2209ce1d1af3f5292a294c181e2e78d4d11b7c73
ssdeep
3072:EUfItG1DhwxiWVt11nbfaLQG32svKJxa41fL9ZoETRJc02:EXtG1Dhwdr11jaLN3psxa41fJrRJc

authentihash 748f56013040edbd36336c9039f8d92bdb3673975eb5d363cb312f6880a89405
imphash 047df6f79785b7fbfd73fe389849755b
File size 182.0 KB ( 186368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-18 20:10:36 UTC ( 2 years, 3 months ago )
Last submission 2016-11-18 20:10:36 UTC ( 2 years, 3 months ago )
File names 2ec355ee12ed2356c33efb25d63117bb.virus
FCHelper
FCHelper.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!