× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06be011cffe4be84b34cf13eee4cd75442fb9cc0f3956f2ff0cfd95ea2c5d9b0
File name: 1.exe
Detection ratio: 7 / 67
Analysis date: 2018-08-23 07:52:50 UTC ( 9 months ago ) View latest
Antivirus Result Update
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180823
McAfee-GW-Edition BehavesLike.Win32.Ransomware.gh 20180823
Palo Alto Networks (Known Signatures) generic.ml 20180823
Symantec ML.Attribute.HighConfidence 20180823
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180823
Ad-Aware 20180823
AegisLab 20180823
AhnLab-V3 20180823
ALYac 20180823
Antiy-AVL 20180823
Arcabit 20180823
Avast 20180823
Avast-Mobile 20180823
AVG 20180823
Avira (no cloud) 20180822
AVware 20180823
Babable 20180822
Baidu 20180820
BitDefender 20180823
Bkav 20180823
CAT-QuickHeal 20180822
ClamAV 20180822
CMC 20180823
Comodo 20180823
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180823
Cyren 20180823
DrWeb 20180823
eGambit 20180823
Emsisoft 20180823
ESET-NOD32 20180823
F-Prot 20180823
F-Secure 20180823
Fortinet 20180823
GData 20180823
Ikarus 20180822
Jiangmin 20180823
K7AntiVirus 20180822
K7GW 20180823
Kingsoft 20180823
Malwarebytes 20180823
MAX 20180823
McAfee 20180823
Microsoft 20180823
eScan 20180823
NANO-Antivirus 20180823
Panda 20180822
Qihoo-360 20180823
Rising 20180823
SentinelOne (Static ML) 20180701
Sophos AV 20180823
SUPERAntiSpyware 20180823
Symantec Mobile Insight 20180822
TACHYON 20180823
Tencent 20180823
TheHacker 20180821
TrendMicro 20180823
TrendMicro-HouseCall 20180823
Trustlook 20180823
VBA32 20180822
VIPRE 20180823
ViRobot 20180823
Webroot 20180823
Yandex 20180822
Zillya 20180822
Zoner 20180822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c). All rights reserved. Cisco Systems

Product Url Dbparametercollection
Original name Url Dbparametercollection .exe
Internal name Url Dbparametercollection
File version 3.6.7.8
Description Italicized Rational Microsoftt
Comments Italicized Rational Microsoftt
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-22 07:27:38
Entry Point 0x000274A4
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
GetOpenFileNameA
GetFileTitleA
ChooseColorA
CertCompareIntegerBlob
CertCompareCertificateName
CreatePolygonRgn
GetWindowExtEx
SetMapMode
PatBlt
CreatePen
GetRgnBox
SaveDC
TextOutA
LineTo
FillRgn
CreateRectRgnIndirect
CombineRgn
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
DeleteObject
BitBlt
SetTextColor
GetObjectA
MoveToEx
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
SwapBuffers
ScaleViewportExtEx
GetBkColor
GetTextExtentPoint32A
SetWindowExtEx
GetTextColor
Escape
GetViewportExtEx
SetViewportExtEx
GetOwnerModuleFromUdpEntry
GetUdpStatistics
GetRTTAndHopCount
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
CommConfigDialogA
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
DeleteFileW
GetProcAddress
GetConsoleScreenBufferInfo
CompareStringW
GetFileSizeEx
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
DuplicateHandle
GlobalLock
GlobalAlloc
GetTimeZoneInformation
CreateFileW
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
SizeofResource
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
FindResourceA
VirtualAlloc
NetServerGetInfo
NetApiBufferFree
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
OleCreateFontIndirect
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
wglGetCurrentDC
UuidToStringA
RpcStringFreeA
UuidCreate
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SHBrowseForFolderA
PathFindExtensionA
PathIsUNCA
PathFindFileNameW
PathFileExistsW
StrToIntA
PathStripToRootA
PathFindFileNameA
PathFindExtensionW
PathCombineW
SetFocus
SetDlgItemTextA
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
SetDlgItemInt
CopyRect
GetMessageTime
SetActiveWindow
GetMenuItemID
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
DestroyCaret
CopyAcceleratorTableA
GetActiveWindow
LoadImageA
GetTopWindow
GetWindowTextA
InvalidateRgn
DestroyWindow
IsRectEmpty
GetParent
UpdateWindow
SetPropA
EqualRect
GetMenuState
CreateCaret
GetClassInfoExA
ShowWindow
GetPropA
GetNextDlgGroupItem
ValidateRect
EnableWindow
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetDlgItemInt
SetClipboardData
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CharNextA
GetSysColorBrush
GetDialogBaseUnits
ReleaseDC
GetCursorPos
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
GetMessageA
SetCapture
BeginPaint
OffsetRect
SetCaretPos
DrawIcon
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
SendInput
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetDesktopWindow
GetSystemMenu
GetDC
SetForegroundWindow
PostThreadMessageA
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
EndDialog
HideCaret
SetWindowContextHelpId
GetCapture
FindWindowA
MessageBeep
DrawTextExA
ShowCaret
GetWindowThreadProcessId
AppendMenuA
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
IsWindowVisible
WinHelpA
UnionRect
SetRect
InvalidateRect
CallWindowProcA
GetClassNameA
GetFocus
wsprintfW
CloseClipboard
ModifyMenuA
SetMenu
SetCursor
IsThemeActive
GetCurrentThemeName
EnumPrintersA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
MakeSureDirectoryPathExists
ImageNtHeader
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoGetClassObject
CreateILockBytesOnHGlobal
CoTaskMemAlloc
Number of PE resources by type
RT_GROUP_CURSOR 10
RT_ICON 8
RT_CURSOR 7
RCDATA 5
UTFILE 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 41
PE resources
Debug information
ExifTool file metadata
CodeSize
253440

SubsystemVersion
5.0

Comments
Italicized Rational Microsoftt

Languages
English

InitializedDataSize
196608

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.6.7.8

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Italicized Rational Microsoftt

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

EntryPoint
0x274a4

OriginalFileName
Url Dbparametercollection .exe

MIMEType
application/octet-stream

LegalCopyright
(c). All rights reserved. Cisco Systems

FileVersion
3.6.7.8

TimeStamp
2018:08:22 08:27:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Url Dbparametercollection

ProductVersion
3.6.7.8

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Cisco Systems

LegalTrademarks
(c). All rights reserved. Cisco Systems

ProductName
Url Dbparametercollection

ProductVersionNumber
3.6.7.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ae1e351a92fa2921219e446d043724fa
SHA1 00c5539e1598103f999771a9d43297e0ac80ca5a
SHA256 06be011cffe4be84b34cf13eee4cd75442fb9cc0f3956f2ff0cfd95ea2c5d9b0
ssdeep
6144:nT4DEoNkLddxBzjV5a96mYNX8A+IlqKQPGFPwZPIOW/IHGYuQcJpS2aqhYGtq:MAxBv/dsA+IlqpDZPdH3fcJpS2aqc

authentihash a8e0dca781dc182dbd8f56c31c16835b29b13897a0b1c5266adc9b1b5122d3f4
imphash 5252df619d5e7b9f0f52d87cd9911a95
File size 440.5 KB ( 451072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-23 05:52:07 UTC ( 9 months ago )
Last submission 2018-08-26 02:08:52 UTC ( 9 months ago )
File names Url Dbparametercollection .exe
1.exe
xmdoc.exe.bin
Url Dbparametercollection
output.113892309.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.