× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0caf7cf041be3fc1175e36b95ed397a7a042ba3bd33058289f53e1fb138968d3
File name: 0caf7cf041be3fc1175e36b95ed397a7a042ba3bd33058289f53e1fb138968d3....
Detection ratio: 40 / 64
Analysis date: 2018-07-02 18:29:21 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.167093 20180702
AegisLab Troj.W32.Yakes!c 20180702
ALYac Gen:Variant.Strictor.167093 20180702
Antiy-AVL Trojan/Win32.Yakes 20180702
Arcabit Trojan.Strictor.D28CB5 20180702
AVG FileRepMalware 20180702
Avira (no cloud) TR/AD.SmokeLoader.mfwsf 20180702
BitDefender Gen:Variant.Strictor.167093 20180702
CAT-QuickHeal Trojan.IGENERIC 20180702
Comodo UnclassifiedMalware 20180702
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cybereason malicious.8ece4f 20180225
Cyren W32/Trojan.SNEF-4700 20180702
DrWeb Trojan.Siggen7.54774 20180702
Emsisoft Gen:Variant.Strictor.167093 (B) 20180702
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Generik.MCNMJJO 20180702
F-Secure Gen:Variant.Strictor.167093 20180702
Fortinet W32/Yakes.WQAD!tr 20180702
GData Gen:Variant.Strictor.167093 20180702
Ikarus Trojan.SuspectCRC 20180702
Sophos ML heuristic 20180601
Jiangmin Trojan.Yakes.zyz 20180702
K7AntiVirus Riskware ( 0040eff71 ) 20180702
K7GW Riskware ( 0040eff71 ) 20180702
Kaspersky Trojan.Win32.Yakes.wqad 20180702
MAX malware (ai score=98) 20180702
McAfee Artemis!85A547F8ECE4 20180702
McAfee-GW-Edition BehavesLike.Win32.Dropper.gh 20180702
Microsoft Trojan:Win32/Bitrep.A 20180702
eScan Gen:Variant.Strictor.167093 20180702
NANO-Antivirus Trojan.Win32.Yakes.felwhm 20180702
Palo Alto Networks (Known Signatures) generic.ml 20180702
Panda Trj/CI.A 20180702
Qihoo-360 Win32/Trojan.3dc 20180702
Sophos AV Mal/Generic-S 20180702
Symantec Trojan.Gen.2 20180702
ViRobot Trojan.Win32.Z.Yakes.471040 20180702
Yandex Trojan.Yakes!t1uiU2wtzf0 20180702
ZoneAlarm by Check Point Trojan.Win32.Yakes.wqad 20180702
AhnLab-V3 20180702
Avast 20180702
Avast-Mobile 20180702
AVware 20180702
Babable 20180406
Baidu 20180702
Bkav 20180702
ClamAV 20180702
CMC 20180702
eGambit 20180702
F-Prot 20180702
Kingsoft 20180702
Malwarebytes 20180702
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180702
TACHYON 20180702
Tencent 20180702
TheHacker 20180628
TotalDefense 20180702
Trustlook 20180702
VBA32 20180629
VIPRE 20180702
Webroot 20180702
Zillya 20180702
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©Tov Port-Servis Ltd. All rights reserved.

Product Port-Servis
Original name Port-Servis.exe
Internal name Port-Servis
File version 6.3.4.6
Description Port-Servis
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-22 13:39:05
Entry Point 0x00022626
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LsaQueryInformationPolicy
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueA
ImpersonateSelf
RegQueryValueExA
GetSecurityDescriptorDacl
AccessCheck
RegEnumKeyA
LookupPrivilegeValueW
GetFileSecurityA
RegCreateKeyExA
LookupAccountNameW
RegOpenKeyExA
GetAclInformation
CryptExportPublicKeyInfoEx
SetMapMode
GetClipBox
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
CombineRgn
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetPixel
GetObjectA
ExcludeClipRect
CreateCompatibleDC
DeleteDC
RestoreDC
SetBkMode
CreateBitmap
DeleteObject
BitBlt
SetTextColor
CreatePatternBrush
GetDeviceCaps
MoveToEx
SetDIBitsToDevice
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GdiFlush
EnumFontFamiliesExA
ScaleViewportExtEx
OffsetViewportOrgEx
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
SetTextJustification
CreateSolidBrush
Escape
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetProcessWorkingSetSize
GetOverlappedResult
WaitForSingleObject
HeapDestroy
CreateTimerQueue
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExitProcess
SetErrorMode
FreeEnvironmentStringsW
WaitCommEvent
SetStdHandle
GetCommModemStatus
FindResourceExA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
SetHandleCount
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
DeleteTimerQueueTimer
SetFilePointer
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ClearCommError
TerminateProcess
WriteConsoleA
GetCommState
GetVersion
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetCommBreak
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
GlobalDeleteAtom
SetCommMask
GetProcAddress
GetProcessHeap
GlobalReAlloc
lstrcmpA
FindFirstFileA
GlobalFree
lstrcpyA
GetProfileStringA
CompareStringA
CreateTimerQueueTimer
CreateFileMappingA
FindNextFileA
lstrcmpW
GlobalLock
SetCommTimeouts
SetCommState
GetConsoleWindow
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
AllocateUserPhysicalPages
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
HeapCreate
lstrlenA
GetFileTime
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
SetupComm
GetCommTimeouts
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
GetCPInfo
ClearCommBreak
HeapSize
GetConsoleTitleA
GetCommandLineA
CancelIo
GetCurrentThread
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetDefaultCommConfigA
SizeofResource
SetCommConfig
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
ICCompressorChoose
NetWkstaGetInfo
NetShareGetInfo
Ord(75)
VariantChangeType
VariantClear
VariantInit
SysAllocString
glLoadIdentity
glViewport
glClear
glMatrixMode
UuidCreateSequential
RpcStringFreeA
UuidToStringA
UuidCreate
UuidToStringW
SHCreateShellItem
SHBrowseForFolderA
DragFinish
ExtractIconExA
DragQueryFileA
PathFindFileNameA
PathFindExtensionA
RedrawWindow
GetMessagePos
DdeReconnect
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
SetScrollPos
IsWindow
DispatchMessageA
EndPaint
GetWindowLongA
MessageBoxA
GrayStringA
GetMessageTime
SetActiveWindow
GetMenuItemID
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
GetActiveWindow
LoadImageA
GetMenuItemCount
GetWindowTextA
PtInRect
DdeSetQualityOfService
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefWindowProcA
GetClassInfoExA
GetMessageW
ShowWindow
GetPropA
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetWindowPlacement
CloseWindow
DrawMenuBar
IsIconic
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateMenu
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
CreateWindowExW
ReleaseDC
DestroyWindow
IsDialogMessageA
SetFocus
SetCapture
BeginPaint
OffsetRect
KillTimer
RegisterWindowMessageA
DefMDIChildProcA
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
wsprintfA
GetLastActivePopup
CreateWindowExA
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ClientToScreen
GetClassLongA
GetCapture
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
PostThreadMessageW
GetMenuItemInfoA
GetMenuState
ReuseDDElParam
GetDC
SetForegroundWindow
GetCursorPos
DrawTextA
IntersectRect
EndDialog
LoadMenuA
SetWindowContextHelpId
CreateDialogIndirectParamA
FindWindowA
ScreenToClient
SetWindowTextA
DrawTextExA
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
DrawFrameControl
UnhookWindowsHookEx
DdeSetUserHandle
SetRectEmpty
DdeAccessData
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetTitleBarInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
UpdateLayeredWindow
GetTopWindow
IsWindowVisible
UnpackDDElParam
WinHelpA
SetRect
InvalidateRect
DefFrameProcA
CreateAcceleratorTableA
TranslateAcceleratorA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetMenu
SetCursor
GetFileVersionInfoW
OpenPrinterA
DocumentPropertiesA
ClosePrinter
CredUICmdLinePromptForCredentialsA
CredUIConfirmCredentialsA
CreateStreamOnHGlobal
CoInitialize
CreateILockBytesOnHGlobal
RevokeDragDrop
FindMediaType
Number of PE resources by type
RT_BITMAP 9
RT_GROUP_CURSOR 7
RT_ICON 7
RT_CURSOR 7
PNG 5
RT_VXD 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 40
PE resources
ExifTool file metadata
CodeSize
229376

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.4.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Port-Servis

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
237568

EntryPoint
0x22626

OriginalFileName
Port-Servis.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Tov Port-Servis Ltd. All rights reserved.

FileVersion
6.3.4.6

TimeStamp
2018:06:22 06:39:05-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Port-Servis

ProductVersion
6.3.4.6

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Tov Port-Servis Ltd

LegalTrademarks
Copyright Tov Port-Servis Ltd. All rights reserved.

ProductName
Port-Servis

ProductVersionNumber
6.3.4.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 85a547f8ece4ff7fb596f6b38dff3d46
SHA1 431252f2645e3ee95d438397d2022cd0ad603180
SHA256 0caf7cf041be3fc1175e36b95ed397a7a042ba3bd33058289f53e1fb138968d3
ssdeep
6144:dzfeGag6kD3HVFTVcYPg5gWep0q8ukfdV2QzFffJ2kHf4AUi0ReUZG:Nmr2V4YpWepbCdsqfBf4xiyX

authentihash 87775cd4872a5e8c69a78fbb4835eb6c5b914bdc9c28ca9b63b47f2ce64ed118
imphash 2b027b7d175683fb7ba217be331e2d52
File size 460.0 KB ( 471040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (34.2%)
Win32 Executable MS Visual C++ (generic) (24.8%)
Win64 Executable (generic) (22.0%)
Windows screen saver (10.4%)
Win32 Executable (generic) (3.5%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-25 15:50:36 UTC ( 11 months ago )
Last submission 2018-06-25 15:50:36 UTC ( 11 months ago )
File names PortLtd.exe
Port-Servis
PortLtd.exe
0caf7cf041be3fc1175e36b95ed397a7a042ba3bd33058289f53e1fb138968d3.exe.000
Port-Servis.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.