× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09d654408c660cfa337e7991430e2eba2b850e175038481830b16a7001f7b35e
File name: 09d654408c660cfa337e7991430e2eba2b850e175038481830b16a7001f7b35e
Detection ratio: 10 / 56
Analysis date: 2016-06-14 22:31:05 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Cerber.Gen 20160614
AVG Crypt5.BRIK 20160614
Avira (no cloud) TR/AD.GootkitDropper.Y.gmlt 20160614
AVware Trojan.Win32.Generic.pak!cobra 20160614
Baidu Win32.Trojan.WisdomEyes.151026.9950.9995 20160614
Bkav HW32.Packed.D0FD 20160614
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160614
Qihoo-360 QVM20.1.Malware.Gen 20160614
Sophos AV Mal/Generic-S 20160614
VIPRE Trojan.Win32.Generic.pak!cobra 20160614
Ad-Aware 20160614
AegisLab 20160614
Alibaba 20160614
ALYac 20160614
Antiy-AVL 20160614
Arcabit 20160614
Avast 20160614
Baidu-International 20160614
BitDefender 20160614
CAT-QuickHeal 20160614
ClamAV 20160614
CMC 20160614
Comodo 20160614
Cyren 20160614
DrWeb 20160614
Emsisoft 20160602
F-Prot 20160614
F-Secure 20160614
Fortinet 20160614
GData 20160614
Ikarus 20160614
Jiangmin 20160614
K7AntiVirus 20160614
K7GW 20160614
Kaspersky 20160614
Kingsoft 20160614
Malwarebytes 20160614
McAfee 20160614
McAfee-GW-Edition 20160614
Microsoft 20160614
eScan 20160614
NANO-Antivirus 20160614
nProtect 20160614
Panda 20160614
SUPERAntiSpyware 20160614
Symantec 20160614
Tencent 20160614
TheHacker 20160614
TotalDefense 20160614
TrendMicro 20160614
TrendMicro-HouseCall 20160614
VBA32 20160614
ViRobot 20160614
Yandex 20160614
Zillya 20160614
Zoner 20160614
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2000-2012 Cortado AG

Product ThinPrint Virtual Channel Gateway
Original name TPVCGateway.exe
Internal name TPVCGateway
File version 8,6,239,1
Description ThinPrint Virtual Channel Gateway Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-13 17:01:23
Entry Point 0x00016DA0
Number of sections 4
PE sections
PE imports
CryptDeriveKey
RegCreateKeyExW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
CryptDestroyKey
RegQueryValueExA
RegEnumKeyW
CryptAcquireContextW
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
CryptHashData
CryptDecrypt
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
ImageList_Destroy
CreateFontIndirectW
EngUnicodeToMultiByteN
PatBlt
OffsetRgn
GetBkMode
ResizePalette
SetStretchBltMode
GdiGetCharDimensions
GetDeviceCaps
GetTextExtentPointI
GetColorAdjustment
CreateCompatibleDC
DeleteDC
SetBkMode
SetWorldTransform
DeleteObject
GetObjectW
CreateMetaFileA
RealizePalette
SetTextColor
GetTextExtentPointW
ExtTextOutW
GdiReleaseDC
ExcludeClipRect
CLIPOBJ_bEnum
BitBlt
CreatePalette
GetStockObject
SelectPalette
AbortPath
GetDIBits
CreateRoundRectRgn
SelectClipRgn
EnumFontFamiliesExA
StretchDIBits
GdiGetDC
GetKerningPairsW
CreateRectRgn
SelectObject
GetICMProfileW
CreateSolidBrush
WidenPath
EngWideCharToMultiByte
SetBkColor
SetTextCharacterExtra
GdiConvertBitmapV5
GetTextExtentPoint32W
CreateCompatibleBitmap
Toolhelp32ReadProcessMemory
GetDriveTypeW
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
SignalObjectAndWait
GetConsoleTitleW
GetFileAttributesW
GetCommandLineW
DeleteCriticalSection
OpenFileMappingW
Heap32Next
LocalAlloc
MapViewOfFileEx
SetErrorMode
_llseek
GetLogicalDrives
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
_lopen
Module32NextW
WritePrivateProfileStructW
LocalFree
MoveFileA
ConnectNamedPipe
InitializeCriticalSection
GlobalHandle
GetLogicalDriveStringsW
InterlockedDecrement
GetProfileIntA
SetLastError
EnumUILanguagesW
GetUserDefaultUILanguage
LocalLock
FindNextVolumeA
RemoveDirectoryW
Beep
HeapAlloc
lstrcmpiW
SetProcessWorkingSetSize
SetThreadPriority
WritePrivateProfileSectionW
MultiByteToWideChar
GetPrivateProfileStringW
LeaveCriticalSection
_lclose
EraseTape
CreateThread
VirtualLock
GetSystemDirectoryW
GetExitCodeThread
GetConsoleDisplayMode
CreateMutexW
GetVolumeNameForVolumeMountPointW
ExitThread
GlobalMemoryStatus
FindCloseChangeNotification
SearchPathW
GlobalAlloc
SearchPathA
ReadConsoleW
GetCurrentThreadId
GetProcAddress
EnterCriticalSection
WriteConsoleInputA
LoadLibraryW
GetVersionExW
FreeLibrary
GetTickCount
LoadLibraryA
GetStartupInfoA
DeleteFileW
GetUserDefaultLCID
_lread
GetTempFileNameW
CreateWaitableTimerW
lstrcpyW
WaitNamedPipeW
GlobalReAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpW
GlobalLock
SetVolumeLabelW
GetPrivateProfileIntW
CreateFileW
GetConsoleWindow
WriteProfileSectionW
ExitProcess
InterlockedIncrement
GetComputerNameExA
GetLastError
GetShortPathNameW
GlobalFree
GlobalUnlock
lstrlenW
GetCurrentProcessId
ProcessIdToSessionId
GetProcessHeaps
GetModuleHandleA
ReadFile
FatalAppExitW
CloseHandle
GetModuleHandleW
SetThreadExecutionState
CreateProcessA
WriteConsoleOutputCharacterW
GetTempPathW
Sleep
IsBadStringPtrA
SetMailslotInfo
VirtualAlloc
DragQueryFileW
SHBindToParent
SHFileOperationW
SHBrowseForFolderA
Shell_NotifyIcon
Shell_NotifyIconW
SHFormatDrive
SHEmptyRecycleBinW
SHCreateDirectoryExW
DuplicateIcon
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
DragAcceptFiles
ShellAboutW
SHCreateProcessAsUserW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetDataFromIDListW
DragFinish
SHGetFileInfo
ShellExecuteW
SHGetFolderPathA
CommandLineToArgvW
StrStrIA
PathAppendW
StrCmpNIA
RedrawWindow
GetMessagePos
SetWindowRgn
DrawTextW
DrawStateA
DestroyMenu
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
EndPaint
WindowFromPoint
CharUpperBuffW
SetMenuItemInfoW
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
EndMenu
UnregisterClassW
GetClientRect
SetMenuDefaultItem
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
LoadImageW
ClientToScreen
GetTopWindow
GetWindowTextW
LockWindowUpdate
GetActiveWindow
DestroyWindow
DrawEdge
DdeDisconnectList
GetParent
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
EnumDisplayMonitors
DestroyIcon
SetWindowsHookExW
EnableWindow
SetWindowPlacement
CharUpperW
MapWindowPoints
LoadIconW
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
CharUpperA
RegisterClassW
GetWindowPlacement
LoadStringW
IsIconic
TrackPopupMenuEx
DrawFocusRect
SetTimer
GetKeyboardLayout
FillRect
GetSysColorBrush
CreateWindowExW
GetWindowLongW
PtInRect
IsChild
SetFocus
RegisterWindowMessageW
GetOpenClipboardWindow
BeginPaint
DefWindowProcW
ReleaseCapture
KillTimer
GetClipboardOwner
GetClipboardData
LoadBitmapW
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
DrawIcon
EnumChildWindows
CharLowerW
SendDlgItemMessageW
RegisterDeviceNotificationW
PostMessageW
MonitorFromRect
CheckDlgButton
CreateDialogParamW
WaitMessage
CreatePopupMenu
GetSubMenu
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDlgItem
RemovePropW
BringWindowToTop
ScreenToClient
PeekMessageW
TrackPopupMenu
GetMenuItemCount
GetDesktopWindow
IsDialogMessageW
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
GetMenuItemInfoW
GetAsyncKeyState
IntersectRect
EndDialog
FindWindowW
GetCapture
MessageBeep
LoadMenuW
RemoveMenu
wvsprintfW
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
GetSysColor
SetDlgItemTextW
EndDeferWindowPos
GetDoubleClickTime
EnableMenuItem
IsWindowVisible
WinHelpW
SystemParametersInfoW
SetRect
InvalidateRect
CallWindowProcW
ModifyMenuW
UnregisterDeviceNotification
GetFocus
wsprintfW
DefDlgProcW
LookupIconIdFromDirectory
SetCursor
__p__fmode
_wcsupr
rand
_ftol
srand
wcschr
_wcslwr
isdigit
towupper
_except_handler3
__p__commode
wcslen
wcscmp
exit
_XcptFilter
__setusermatherr
wcsncpy
towlower
_acmdln
iswctype
_adjust_fdiv
wcscat
wcscspn
__getmainargs
_controlfp
wcsspn
swscanf
wcscpy
wcsstr
_initterm
_exit
__set_app_type
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 12
RT_DIALOG 4
RT_BITMAP 2
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
MOF 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 53
NEUTRAL 15
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
89088

ImageVersion
0.0

ProductName
ThinPrint Virtual Channel Gateway

FileVersionNumber
8.6.239.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ThinPrint Virtual Channel Gateway Service

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
TPVCGateway.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8,6,239,1

TimeStamp
2016:06:13 18:01:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TPVCGateway

ProductVersion
8,6,239,1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2000-2012 Cortado AG

MachineType
Intel 386 or later, and compatibles

CompanyName
Cortado AG

CodeSize
93184

FileSubtype
0

ProductVersionNumber
8.6.239.1

EntryPoint
0x16da0

ObjectFileType
Executable application

File identification
MD5 7a11670347dfac2d3d606e20be5eb7fe
SHA1 95cbdc10bf4b70f49e4ca38847547b1dba90b4f3
SHA256 09d654408c660cfa337e7991430e2eba2b850e175038481830b16a7001f7b35e
ssdeep
3072:vGQ5ZhkWWS4fb7WaX5UE2lrAsKIIEl6DpXuY/3bkBW0bfOF9ZJJ:vGQ5B4zXX5UXMsKlEADFuY/3g

authentihash 189096ae4356cd3e7a213190e1a1ffb39b2e9562f0926b92376791853cbf9943
imphash f1f0a43a4e5d8a80cbba5441f70b37df
File size 179.0 KB ( 183296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-14 22:31:05 UTC ( 2 years, 9 months ago )
Last submission 2016-06-14 22:31:05 UTC ( 2 years, 9 months ago )
File names TPVCGateway.exe
TPVCGateway
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications