× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11fc45feab5d742717beb4af2d5f3b96b2704ac6094da333b60923126c2be58d
File name: 9d9682e8f4349b162c77165609cd5b3a652f1d84
Detection ratio: 36 / 56
Analysis date: 2016-09-09 03:52:30 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.92802 20160909
AegisLab Troj.W32.Gen.lNNz 20160909
AhnLab-V3 Trojan/Win32.Tepfer.N2100766471 20160908
ALYac Gen:Variant.Razy.92802 20160909
Antiy-AVL Trojan/Win32.TSGeneric 20160909
Arcabit Trojan.Razy.D16A82 20160909
Avast Win32:Malware-gen 20160909
AVG Generic_s.JRZ 20160908
Avira (no cloud) TR/Crypt.ZPACK.nvrl 20160908
AVware Trojan.Win32.Generic!BT 20160909
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160908
BitDefender Gen:Variant.Razy.92802 20160909
Bkav HW32.Packed.35D0 20160908
Cyren W32/Trojan.SNRY-6174 20160909
DrWeb Trojan.PWS.Papras.2166 20160909
Emsisoft Gen:Variant.Razy.92802 (B) 20160909
ESET-NOD32 a variant of Win32/Kryptik.FFVB 20160909
F-Secure Gen:Variant.Razy.92802 20160909
Fortinet W32/Kryptik.FFVB!tr 20160909
GData Gen:Variant.Razy.92802 20160909
Ikarus Trojan.Win32.Crypt 20160908
Sophos ML virus.win32.sality.at 20160830
K7AntiVirus Trojan ( 004f7d8c1 ) 20160908
K7GW Trojan ( 004f7d8c1 ) 20160908
Kaspersky Trojan-PSW.Win32.Tepfer.psxooa 20160909
Malwarebytes Trojan.MalPack 20160909
McAfee RDN/Generic.hbg 20160909
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20160909
eScan Gen:Variant.Razy.92802 20160909
Panda Trj/GdSda.A 20160908
Qihoo-360 Win32/Trojan.028 20160909
Sophos AV Mal/Generic-S 20160909
Symantec Heur.AdvML.B 20160909
Tencent Win32.Trojan.Kryptik.Dxwo 20160909
TrendMicro-HouseCall TROJ_GEN.R047H0DI816 20160909
VIPRE Trojan.Win32.Generic!BT 20160909
Alibaba 20160909
CAT-QuickHeal 20160908
ClamAV 20160907
CMC 20160908
Comodo 20160908
F-Prot 20160909
Jiangmin 20160908
Kingsoft 20160909
Microsoft 20160909
NANO-Antivirus 20160909
nProtect 20160909
Rising 20160909
SUPERAntiSpyware 20160909
TheHacker 20160908
TotalDefense 20160907
TrendMicro 20160909
VBA32 20160908
ViRobot 20160909
Yandex 20160908
Zillya 20160908
Zoner 20160909
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1991-1997 Compuware Corp.

Product SmartHeap
Internal name SHW32.DLL
File version 4.01
Description Memory Management Library for Win32
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-19 05:07:54
Entry Point 0x00002C93
Number of sections 6
PE sections
PE imports
GetStockObject
GetSystemTime
GetLastError
GetVolumePathNameW
GetDriveTypeW
GetSystemInfo
GetModuleFileNameW
DeactivateActCtx
FreeLibrary
GetTimeFormatW
GetVolumeNameForVolumeMountPointA
VirtualProtect
IsDBCSLeadByte
RemoveDirectoryA
FatalAppExitW
GetWindowsDirectoryW
LocalAlloc
AddAtomA
CreateActCtxA
GetStartupInfoW
SetThreadAffinityMask
CopyFileExW
GetThreadContext
GetComputerNameExA
GetComputerNameW
AssignProcessToJobObject
RaiseException
WideCharToMultiByte
GetModuleHandleA
DeleteVolumeMountPointW
InterlockedExchange
GetCurrentProcess
GetTempFileNameA
GetLogicalDriveStringsW
TerminateProcess
SetThreadIdealProcessor
LoadLibraryA
SetThreadExecutionState
GetDiskFreeSpaceExA
AllocateUserPhysicalPages
GetCurrencyFormatA
GetConsoleWindow
AddLocalAlternateComputerNameA
GetDiskFreeSpaceExW
Sleep
AddAtomW
GetCurrentThreadId
GetProcAddress
SetLastError
LeaveCriticalSection
GetDesktopWindow
GetClipboardViewer
GetClassInfoExW
IsCharAlphaNumericA
GetClassLongW
RegisterClassExW
GetInputState
LoadCursorW
IsChild
GetSysColorBrush
GetKeyboardLayoutNameW
IsWindowUnicode
LoadIconW
GetFocus
GetWindowLongW
GetShellWindow
GetWindow
IsCharLowerW
CharUpperA
GetThreadDesktop
LoadBitmapA
WTSEnumerateSessionsA
WTSTerminateProcess
WTSVirtualChannelClose
WTSVirtualChannelPurgeOutput
WTSEnumerateSessionsW
WTSSendMessageW
WTSShutdownSystem
WTSWaitSystemEvent
WTSSetUserConfigA
WTSSetSessionInformationA
WTSCloseServer
WTSFreeMemory
WTSRegisterSessionNotification
WTSSetSessionInformationW
WTSOpenServerW
WTSVirtualChannelOpen
WTSQuerySessionInformationA
WTSQueryUserToken
WTSEnumerateServersW
WTSVirtualChannelRead
WTSEnumerateProcessesW
WTSVirtualChannelWrite
WTSEnumerateProcessesA
WTSVirtualChannelQuery
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
57344

EntryPoint
0x2c93

MIMEType
application/octet-stream

LegalCopyright
Copyright 1991-1997 Compuware Corp.

FileVersion
4.01

TimeStamp
2015:02:19 06:07:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SHW32.DLL

ProductVersion
4.01

FileDescription
Memory Management Library for Win32

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MicroQuill Software Publishing, Inc.

CodeSize
94208

ProductName
SmartHeap

ProductVersionNumber
4.0.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 842e2cbdea3abc786332e1eeff20a59a
SHA1 e5e65f27df77b11c827e846367bae056c68211b0
SHA256 11fc45feab5d742717beb4af2d5f3b96b2704ac6094da333b60923126c2be58d
ssdeep
1536:oArTTj1CWM68ziPxqjf+aL5X7yduiXgwmxXbe6CtHqk+5ddFT60VaDeWsIRbIJoG:NxizGxqjG/fiRy1tHV+5dLW/jtR62DC

authentihash ad0fe89593da507f4f8ae66a51ec74576d8701fd1495118314879978ae3725ab
imphash a9c3a2b8cf9441398d3fc5fe6aa480c8
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-07 23:05:35 UTC ( 2 years, 5 months ago )
Last submission 2016-09-09 03:52:30 UTC ( 2 years, 5 months ago )
File names cr_111_inst.exe
9d9682e8f4349b162c77165609cd5b3a652f1d84
SHW32.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications