× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ed2dbae4621f582fdf8b5c33242d14e96c10f97956f2cc6bed290f080e6ce7b
File name: FT Pinger.exe
Detection ratio: 2 / 41
Analysis date: 2012-08-19 19:03:11 UTC ( 6 years, 2 months ago ) View latest
Antivirus Result Update
Jiangmin Trojan/JboxGeneric.lz 20120819
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.F 20120819
AhnLab-V3 20120819
AntiVir 20120819
Antiy-AVL 20120817
Avast 20120819
AVG 20120819
BitDefender 20120819
ByteHero 20120817
CAT-QuickHeal 20120819
ClamAV 20120819
Commtouch 20120819
Comodo 20120819
DrWeb 20120819
Emsisoft 20120819
eSafe 20120816
ESET-NOD32 20120819
F-Prot 20120819
F-Secure 20120819
Fortinet 20120818
GData 20120819
Ikarus 20120818
K7AntiVirus 20120818
Kaspersky 20120819
McAfee 20120819
Microsoft 20120819
Norman 20120819
nProtect 20120819
Panda 20120819
Rising 20120817
Sophos AV 20120819
SUPERAntiSpyware 20120819
Symantec 20120819
TheHacker 20120818
TotalDefense 20120819
TrendMicro 20120819
TrendMicro-HouseCall 20120819
VBA32 20120817
VIPRE 20120819
ViRobot 20120819
VirusBuster 20120819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
http://freelancers-tools.com

Product FT Pinger
Original name FT Pinger
Internal name FT Pinger
File version 1.0.0.0
Packers identified
F-PROT UPX_LZMA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00204FB0
Number of sections 3
PE sections
Overlays
MD5 103cb89c2cdac775263604c84a8ce38c
File type data
Offset 748544
Size 3531
Entropy 7.94
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DrawDibEnd
RegFlushKey
ImageList_Add
PrintDlgA
SaveDC
OleDraw
VariantCopy
DragFinish
VerQueryValueA
PlaySoundA
OpenPrinterA
Number of PE resources by type
RT_BITMAP 52
RT_STRING 31
RT_RCDATA 17
RT_GROUP_CURSOR 11
RT_CURSOR 11
RT_ICON 10
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 76
ENGLISH US 60
PE resources
ExifTool file metadata
UninitializedDataSize
1474560

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
106496

EntryPoint
0x204fb0

OriginalFileName
FT Pinger

MIMEType
application/octet-stream

LegalCopyright
http://freelancers-tools.com

FileVersion
1.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FT Pinger

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
http://freelancers-tools.com

CodeSize
643072

ProductName
FT Pinger

ProductVersionNumber
5.7.1.32767

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 11633af33faf3bc3bd03376de3bee807
SHA1 bb103aa1876561848f70f83e8dc1b30a8c32e8ce
SHA256 0ed2dbae4621f582fdf8b5c33242d14e96c10f97956f2cc6bed290f080e6ce7b
ssdeep
12288:b1HAheNkp8/4z02+fxgQDqI/KxfNwJDs41ZMlg5O96wescrCQChoS4rt/MNJZ06i:pgheEzRSx9oD6AyEg5ydzcrjCcr406jW

authentihash 6446b88d0922c795e8a25c44dc248f39484f939c58978295511f4a110ce8b468
imphash f5a42171c07227920d6a88c514e5709b
File size 734.4 KB ( 752075 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (40.8%)
Win32 EXE Yoda's Crypter (40.1%)
Win32 Executable (generic) (6.8%)
Win16/32 Executable Delphi generic (3.1%)
OS/2 Executable (generic) (3.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-08-19 19:03:11 UTC ( 6 years, 2 months ago )
Last submission 2012-08-19 19:03:11 UTC ( 6 years, 2 months ago )
File names FT Pinger.exe
FT Pinger
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.