× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 137317753757b9525d4e64c346ffaa3060703f557b6ecc02b1592d93f8069806
File name: 16834305a1fb96b9cdb2015dc04337b48ba20631
Detection ratio: 5 / 51
Analysis date: 2014-04-29 18:54:05 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Bkav HW32.CDB.543f 20140428
ESET-NOD32 Win32/Spy.Zbot.AAQ 20140429
Kaspersky UDS:DangerousObject.Multi.Generic 20140429
Malwarebytes Spyware.Zbot.VXGen 20140429
Qihoo-360 Malware.QVM10.Gen 20140429
Ad-Aware 20140429
AegisLab 20140429
Yandex 20140429
AhnLab-V3 20140429
AntiVir 20140429
Antiy-AVL 20140429
Avast 20140429
AVG 20140429
Baidu-International 20140429
BitDefender 20140429
ByteHero 20140429
CAT-QuickHeal 20140429
ClamAV 20140429
CMC 20140429
Commtouch 20140429
Comodo 20140429
DrWeb 20140429
Emsisoft 20140429
F-Prot 20140429
F-Secure 20140429
Fortinet 20140428
GData 20140429
Ikarus 20140429
Jiangmin 20140429
K7AntiVirus 20140429
K7GW 20140429
Kingsoft 20140429
McAfee 20140429
McAfee-GW-Edition 20140429
Microsoft 20140429
eScan 20140429
NANO-Antivirus 20140429
Norman 20140429
nProtect 20140429
Panda 20140429
Rising 20140429
Sophos AV 20140429
SUPERAntiSpyware 20140429
Symantec 20140429
TheHacker 20140429
TotalDefense 20140429
TrendMicro 20140429
TrendMicro-HouseCall 20140429
VBA32 20140428
VIPRE 20140429
ViRobot 20140429
Zillya 20140429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014 DevInfoWave Ltd.

Product DPM Read Database Tool
Original name dpmreaddbtool
Internal name dbm readdb tool
File version 3.1.0.3
Description DPM Read Database Tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-28 22:03:53
Entry Point 0x000021BB
Number of sections 7
PE sections
PE imports
CryptAcquireContextA
GetFileTitleW
AddFontResourceA
SetMapMode
DeleteDC
GetTextExtentPoint32W
GetRgnBox
SetTextAlign
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetCurrentDirectoryW
GetConsoleMode
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetLogicalDrives
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
WindowFromAccessibleObject
CreateStdAccessibleObject
glEndList
PathIsUNCW
UpdateWindow
SetMenuItemBitmaps
BeginPaint
ShowWindow
DefWindowProcA
SetWindowTextA
IsWindow
EndPaint
SetCapture
ReleaseCapture
EnumChildWindows
SystemParametersInfoA
CreatePopupMenu
GetClientRect
DrawTextW
InsertMenuA
GetWindowLongA
GetDCEx
LoadCursorA
ValidateRect
IsMenu
GetUpdateRect
DestroyWindow
GetMenuItemInfoW
RegisterDragDrop
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.1.0.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
219136

EntryPoint
0x21bb

OriginalFileName
dpmreaddbtool

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014 DevInfoWave Ltd.

FileVersion
3.1.0.3

TimeStamp
2014:04:28 23:03:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dbm readdb tool

ProductVersion
3.1.0.3

FileDescription
DPM Read Database Tool

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DevInfoWave Ltd.

CodeSize
37888

ProductName
DPM Read Database Tool

ProductVersionNumber
3.1.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 533df9a322581fe4c146e32427e42c22
SHA1 16834305a1fb96b9cdb2015dc04337b48ba20631
SHA256 137317753757b9525d4e64c346ffaa3060703f557b6ecc02b1592d93f8069806
ssdeep
6144:tJbQvZVGKcWFktjocoNmmAXPdG8xvS1m:t9QvZVAWqtEhmmAXPU89U

authentihash cad3634ade8bd3ebcbd559d7d275beb29915796a8088c2bdf6dd0ed145bf79bc
imphash badf74da0996bd8c180ce5374f47c799
File size 252.0 KB ( 258048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-29 18:54:05 UTC ( 4 years, 10 months ago )
Last submission 2014-04-29 18:54:05 UTC ( 4 years, 10 months ago )
File names dpmreaddbtool
16834305a1fb96b9cdb2015dc04337b48ba20631
dbm readdb tool
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.