× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09b1937df3f8313ea5cff2321ba1e533ee48878efb8072aa1105794edbd3b70d
File name: 75.exe
Detection ratio: 4 / 56
Analysis date: 2016-06-04 19:12:15 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Reveton.a (v) 20160604
Qihoo-360 QVM20.1.Malware.Gen 20160604
Rising Malware.Generic!2WCXxLLOseH@2 (Thunder) 20160604
VIPRE Trojan.Win32.Reveton.a (v) 20160604
Ad-Aware 20160604
AegisLab 20160604
AhnLab-V3 20160604
Alibaba 20160603
ALYac 20160604
Antiy-AVL 20160604
Arcabit 20160604
Avast 20160604
AVG 20160604
Avira (no cloud) 20160604
Baidu 20160603
Baidu-International 20160604
BitDefender 20160604
Bkav 20160604
CAT-QuickHeal 20160604
ClamAV 20160604
CMC 20160602
Comodo 20160604
Cyren 20160604
DrWeb 20160604
Emsisoft 20160604
ESET-NOD32 20160604
F-Prot 20160604
F-Secure 20160604
Fortinet 20160604
GData 20160604
Ikarus 20160604
Jiangmin 20160604
K7AntiVirus 20160604
K7GW 20160604
Kaspersky 20160604
Kingsoft 20160604
Malwarebytes 20160604
McAfee 20160604
McAfee-GW-Edition 20160604
Microsoft 20160604
eScan 20160604
NANO-Antivirus 20160604
nProtect 20160603
Panda 20160604
Sophos AV 20160604
SUPERAntiSpyware 20160604
Symantec 20160604
Tencent 20160604
TheHacker 20160604
TrendMicro 20160604
TrendMicro-HouseCall 20160604
VBA32 20160603
ViRobot 20160604
Yandex 20160604
Zillya 20160603
Zoner 20160604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008-2010 Christian Ghisler

Product Ghisler Software GmbH Totalcmd-X64
Original name tcmdx64.exe
Internal name Totalcmd-X64
File version 1, 0, 0, 5
Description Total Commander 32bit->64bit helper tool
Comments Tool used internally by Total Commander, do not start directly!
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-05 19:20:59
Entry Point 0x00002C70
Number of sections 4
PE sections
Overlays
MD5 88ce7ed0bb9af115f0e4fd5056c2f67a
File type data
Offset 727552
Size 316
Entropy 7.38
PE imports
RegQueryValueExW
PolyPolyline
DeleteEnhMetaFile
CreateHalftonePalette
OffsetRgn
SetTextAlign
GdiGetSpoolMessage
EndPath
CreateMetaFileW
DeleteDC
GdiGetBatchLimit
InvertRgn
RemoveFontResourceExA
EndDoc
EngAssociateSurface
FillPath
CreateDCW
GdiInitializeLanguagePack
FONTOBJ_cGetAllGlyphHandles
EndFormPage
CreatePatternBrush
GetColorSpace
DeleteColorSpace
AbortPath
GdiValidateHandle
GdiFlush
CreateCompatibleDC
CloseEnhMetaFile
EndPage
CloseFigure
AbortDoc
CLIPOBJ_ppoGetPath
CloseMetaFile
CancelDC
CreateSolidBrush
GetClipRgn
CopyMetaFileA
BeginPath
DeleteObject
DeleteMetaFile
GetTextCharset
SwitchToFiber
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
ScrollConsoleScreenBufferA
GetDriveTypeA
SetEndOfFile
DebugBreak
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
lstrcatA
UnhandledExceptionFilter
OpenFileMappingA
ExitProcess
SetErrorMode
GetThreadContext
SetFileAttributesA
GetTempPathA
lstrcmpiA
WideCharToMultiByte
GetOverlappedResult
QueryDosDeviceA
InterlockedExchange
FindResourceExW
MoveFileWithProgressW
GetSystemTimeAsFileTime
GetFullPathNameA
SetEvent
LocalFree
WriteFileGather
InitializeCriticalSection
LoadResource
SetLocaleInfoA
FatalExit
FindClose
InterlockedDecrement
QueryDosDeviceW
GetFullPathNameW
QueueUserWorkItem
SetLastError
GetSystemTime
DeviceIoControl
CopyFileW
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
LoadLibraryA
RaiseException
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
GetProfileSectionW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
SetFileAttributesW
InterlockedExchangeAdd
CreateThread
GetSystemDirectoryW
GetExitCodeThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
GetSystemDirectoryA
TerminateProcess
GlobalAlloc
DebugActiveProcess
ReadConsoleW
GetVersion
InterlockedIncrement
CloseHandle
FindFirstFileW
HeapFree
EnterCriticalSection
LoadLibraryW
FindVolumeClose
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
GetVersionExA
lstrcmpiW
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
CreateNamedPipeW
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
CompareStringW
WriteFile
GetBinaryTypeW
RemoveDirectoryW
FindNextFileW
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
IsValidLocale
WaitForMultipleObjects
GlobalLock
EnumSystemLanguageGroupsA
CreateEventW
CreateFileW
CreateEventA
WriteProfileSectionW
GetFileType
CreateFileA
GetCurrentThreadId
GetCurrencyFormatW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetThreadLocale
GlobalUnlock
CreateNamedPipeA
lstrlenW
GetShortPathNameA
CompareFileTime
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetConsoleAliasExesLengthW
SetThreadAffinityMask
CopyFileExW
InterlockedCompareExchange
lstrcpynW
WriteTapemark
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
FindFirstFileA
lstrcpynA
GetACP
GetModuleHandleW
GetFileAttributesExW
SetStdHandle
GetLongPathNameW
UnmapViewOfFile
FindResourceW
GetLongPathNameA
Sleep
GetFileAttributesExA
FindResourceA
GetProcAddress
SHGetFolderLocation
SHGetFileInfo
SHFileOperationW
ShellExecuteEx
SHGetIconOverlayIndexW
SHGetSpecialFolderPathA
SHGetDiskFreeSpaceA
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetFolderPathA
ExtractAssociatedIconA
SHGetPathFromIDListA
SHGetMalloc
CommandLineToArgvW
SHFileOperationA
StrStrA
SendNotifyMessageA
MonitorFromWindow
InSendMessageEx
CreateDesktopA
IsDlgButtonChecked
VkKeyScanW
CharNextW
ExitWindowsEx
_purecall
__p__fmode
malloc
_wcsupr
__wgetmainargs
_ftol
wcstoul
memset
_wcsnicmp
__dllonexit
_stricmp
_snwprintf
swprintf
_ultow
swscanf
toupper
isdigit
towupper
isxdigit
_vsnwprintf
strncpy
wcspbrk
_cexit
_c_exit
iswalnum
iswcntrl
wcscmp
floor
srand
qsort
_onexit
wcslen
_wtol
abs
exit
_XcptFilter
memcmp
wcsrchr
__setusermatherr
_wtoi64
rand
_adjust_fdiv
_wcmdln
__CxxFrameHandler
_wcsicmp
wcsncmp
wcschr
__p__commode
free
ceil
iswascii
wcscat
wcscspn
atoi
wcscpy
atol
_except_handler3
realloc
_controlfp
_vsnprintf
wcsncpy
memmove
wcsspn
towlower
wcstombs
strchr
_CIpow
memcpy
isspace
wcsstr
iswdigit
_beginthreadex
bsearch
iswspace
_strnicmp
_initterm
_exit
_wtoi
__set_app_type
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
GERMAN SWISS 7
PE resources
ExifTool file metadata
FileDescription
Total Commander 32bit->64bit helper tool

Comments
Tool used internally by Total Commander, do not start directly!

InitializedDataSize
576000

ImageVersion
0.0

ProductName
Ghisler Software GmbH Totalcmd-X64

FileVersionNumber
1.0.0.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
ASCII

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
tcmdx64.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 5

TimeStamp
2016:06:05 20:20:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Totalcmd-X64

SubsystemVersion
5.0

ProductVersion
1, 0, 0, 5

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2008-2010 Christian Ghisler

MachineType
Intel 386 or later, and compatibles

CompanyName
Ghisler Software GmbH

CodeSize
150528

FileSubtype
0

ProductVersionNumber
1.0.0.5

EntryPoint
0x2c70

ObjectFileType
Executable application

File identification
MD5 c8df97bd21eadfb6f6bca472a4a38c23
SHA1 cb38520836ef29b676e188ad32b90a4afb34b2b4
SHA256 09b1937df3f8313ea5cff2321ba1e533ee48878efb8072aa1105794edbd3b70d
ssdeep
3072:Vk8kRENOocTpQ32pBHfaCIBHK5GkMeW7SH:W84ENO19Q32r5IBqGkQ7i

authentihash 26c93cae887052f5eebff35c5ab7f9f16bcc84bb969cd4f984d79f1eb80474e8
imphash 9ac7f6fada94d8392df284a84c8e1547
File size 710.8 KB ( 727868 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe suspicious-udp overlay

VirusTotal metadata
First submission 2016-06-04 19:12:15 UTC ( 2 years, 2 months ago )
Last submission 2017-04-16 20:14:08 UTC ( 1 year, 4 months ago )
File names 75.ex
09b1937df3f8313ea5cff2321ba1e533ee48878efb8072aa1105794edbd3b70d
tcmdx64.exe
Totalcmd-X64
75.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications