× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ed2dbae4621f582fdf8b5c33242d14e96c10f97956f2cc6bed290f080e6ce7b
File name: FT Pinger.exe
Detection ratio: 2 / 41
Analysis date: 2012-08-19 19:03:11 UTC ( 5 years, 9 months ago )
Antivirus Result Update
Jiangmin Trojan/JboxGeneric.lz 20120819
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.F 20120819
AhnLab-V3 20120819
AntiVir 20120819
Antiy-AVL 20120817
Avast 20120819
AVG 20120819
BitDefender 20120819
ByteHero 20120817
CAT-QuickHeal 20120819
ClamAV 20120819
Commtouch 20120819
Comodo 20120819
DrWeb 20120819
Emsisoft 20120819
eSafe 20120816
ESET-NOD32 20120819
F-Prot 20120819
F-Secure 20120819
Fortinet 20120818
GData 20120819
Ikarus 20120818
K7AntiVirus 20120818
Kaspersky 20120819
McAfee 20120819
Microsoft 20120819
Norman 20120819
nProtect 20120819
Panda 20120819
Rising 20120817
Sophos AV 20120819
SUPERAntiSpyware 20120819
Symantec 20120819
TheHacker 20120818
TotalDefense 20120819
TrendMicro 20120819
TrendMicro-HouseCall 20120819
VBA32 20120817
VIPRE 20120819
ViRobot 20120819
VirusBuster 20120819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
http://freelancers-tools.com

Publisher http://freelancers-tools.com
Product FT Pinger
Original name FT Pinger
Internal name FT Pinger
File version 1.0.0.0
Packers identified
F-PROT UPX_LZMA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00204FB0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DrawDibEnd
RegFlushKey
ImageList_Add
PrintDlgA
SaveDC
OleDraw
VariantCopy
DragFinish
VerQueryValueA
PlaySoundA
OpenPrinterA
Number of PE resources by type
RT_BITMAP 52
RT_STRING 31
RT_RCDATA 17
RT_GROUP_CURSOR 11
RT_CURSOR 11
RT_ICON 10
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 76
ENGLISH US 60
ExifTool file metadata
CodeSize
643072

InitializedDataSize
106496

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

OriginalFilename
FT Pinger

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
FT Pinger

SubsystemVersion
4.0

ProductVersion
1.0.0.0

UninitializedDataSize
1474560

OSVersion
4.0

FileOS
Win32

MachineType
Intel 386 or later, and compatibles

CompanyName
http://freelancers-tools.com

FileSubtype
0

ProductVersionNumber
5.7.1.32767

EntryPoint
0x204fb0

ObjectFileType
Executable application

File identification
MD5 11633af33faf3bc3bd03376de3bee807
SHA1 bb103aa1876561848f70f83e8dc1b30a8c32e8ce
SHA256 0ed2dbae4621f582fdf8b5c33242d14e96c10f97956f2cc6bed290f080e6ce7b
ssdeep
12288:b1HAheNkp8/4z02+fxgQDqI/KxfNwJDs41ZMlg5O96wescrCQChoS4rt/MNJZ06i:pgheEzRSx9oD6AyEg5ydzcrjCcr406jW

File size 734.4 KB ( 752075 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.6%)
Win32 EXE Yoda's Crypter (37.0%)
Win32 Executable Generic (11.8%)
Win16/32 Executable Delphi generic (2.8%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-19 19:03:11 UTC ( 5 years, 9 months ago )
Last submission 2012-08-19 19:03:11 UTC ( 5 years, 9 months ago )
File names FT Pinger.exe
FT Pinger
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.