× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1819210378e35b78f739792163059785ea7c327c6e8960603d944fe1338b64db
File name: SkypePM.exe
Detection ratio: 38 / 45
Analysis date: 2012-12-06 11:30:21 UTC ( 1 year, 4 months ago )
Antivirus Result Update
AVG TDSS.AI 20121206
Agnitum Trojan.Agent2!JG468qg59sg 20121205
AntiVir TR/Rogue.kdv.702781 20121206
Avast Win32:LockScreen-ME [Trj] 20121206
BitDefender Trojan.Generic.KDV.702781 20121206
CAT-QuickHeal Trojan.Agent2.fivv 20121206
ClamAV Win.Trojan.TDSS-326 20121206
Comodo UnclassifiedMalware 20121206
DrWeb Trojan.Winlock.6620 20121206
ESET-NOD32 Win32/LockScreen.AMJ 20121206
Emsisoft Trojan-Winlock.Win32.MSSEAlert (A) 20121206
F-Secure Trojan.Generic.KDV.702781 20121206
Fortinet W32/Agent.XNS!tr 20121206
GData Trojan.Generic.KDV.702781 20121206
Ikarus Trojan.SuspectCRC 20121206
Jiangmin Trojan/Obfuscated.esgr 20121206
K7AntiVirus Trojan 20121205
Kaspersky Trojan.Win32.Agent2.fivv 20121206
Kingsoft Win32.Troj.Generic.(kcloud) 20121206
Malwarebytes Trojan.Obfuscated 20121206
McAfee Ransom!gq 20121206
McAfee-GW-Edition Ransom!gq 20121206
MicroWorld-eScan Trojan.Generic.KDV.702781 20121206
Microsoft Trojan:Win32/Ransom.JU 20121206
NANO-Antivirus Trojan.Win32.Winlock.vseta 20121206
Norman W32/Suspicious_Gen4.AUYBU 20121206
Panda Bck/Qbot.AO 20121206
Rising Trojan.Win32.Generic.12F891EF 20121206
Sophos Troj/Agent-XNS 20121206
Symantec WS.Reputation.1 20121206
TheHacker Trojan/LockScreen.amj 20121206
TotalDefense Win32/Ransom.ASW 20121206
TrendMicro TROJ_SPNR.24HL12 20121206
TrendMicro-HouseCall TROJ_SPNR.24HL12 20121206
VBA32 BScope.TrojanPSW.Zbot.2716 20121205
VIPRE Trojan.Win32.Generic!BT 20121206
ViRobot Trojan.Win32.Agent.46080.IC 20121206
nProtect Trojan/W32.Agent.46080.OU 20121206
Antiy-AVL 20121204
ByteHero 20121130
Commtouch 20121206
F-Prot 20121206
PCTools 20121206
SUPERAntiSpyware 20121206
eSafe 20121205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (c) 1995-1997 ACD Systems, Ltd.

Publisher ACD Systems, Ltd.
Product ACDSee 32 for Windows 95/NT
Original name acdsee32.exe
Internal name ACDSee 32
File version 2, 2, 2, 0
Description ACDSee 32 for Windows 95/NT
Comments Author: David S. Hooper
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-18 14:36:49
Entry Point 0x00009040
Number of sections 5
PE sections
PE imports
LoadLibraryA
LocalAlloc
GetProcAddress
SetFocus
EnumDesktopsA
SetWindowRgn
GetMenuInfo
DdeAbandonTransaction
GetInputState
DestroyWindow
BringWindowToTop
EnumDesktopsW
DestroyMenu
SetSystemCursor
PostQuitMessage
IsWindowEnabled
LoadBitmapA
SetScrollPos
GrayStringW
SetDeskWallpaper
ScreenToClient
OpenWindowStationW
OemToCharBuffW
CascadeWindows
SetCaretBlinkTime
GetMessageTime
OpenWindowStationA
GetClipboardSequenceNumber
GetWindowWord
GetDC
GetCursorPos
DrawTextA
DdeInitializeA
GetDlgCtrlID
AdjustWindowRectEx
DlgDirSelectExA
EndMenu
AnyPopup
SetMenuItemInfoA
DdeEnableCallback
CharLowerBuffA
GetScrollPos
GetThreadDesktop
InSendMessage
DdeFreeDataHandle
GetWindowTextLengthA
LoadImageW
ChangeDisplaySettingsExA
GetActiveWindow
RegisterHotKey
EnableScrollBar
MapVirtualKeyExW
SetDlgItemTextW
GetAltTabInfo
LoadImageA
CreateCursor
MsgWaitForMultipleObjects
DdeFreeStringHandle
MapVirtualKeyExA
PtInRect
DdeDisconnectList
GetUserObjectInformationW
GetParent
DdeCmpStringHandles
SendNotifyMessageW
SetClassLongW
CheckRadioButton
GetUserObjectInformationA
SendIMEMessageExW
ShowWindow
SetMenuInfo
SetWindowsHookA
DlgDirListComboBoxA
IMPGetIMEW
GetDesktopWindow
CharToOemBuffA
IsCharAlphaW
PeekMessageW
GetLastActivePopup
GetTabbedTextExtentA
EnableWindow
SetWindowPlacement
ExcludeUpdateRgn
ShowWindowAsync
GetClipboardFormatNameW
PeekMessageA
ScrollDC
SetClipboardViewer
SetThreadDesktop
GetDlgItemInt
GetMenuBarInfo
InsertMenuItemA
InternalGetWindowText
CharNextExA
LoadStringA
PaintDesktop
GetQueueStatus
RegisterClassW
RegisterDeviceNotificationA
GetWindowPlacement
LoadStringW
DrawMenuBar
IsHungAppWindow
EnableMenuItem
BroadcastSystemMessage
TabbedTextOutA
DdeClientTransaction
ShowOwnedPopups
MonitorFromPoint
CopyRect
GetSysColorBrush
IsWindowUnicode
ToUnicode
TabbedTextOutW
GetWindowInfo
GetUserObjectSecurity
DragDetect
MapWindowPoints
CharPrevA
GetMonitorInfoW
GetOpenClipboardWindow
GetKeyboardLayoutNameA
SwitchDesktop
DefMDIChildProcW
SetLastErrorEx
CopyIcon
GetKeyboardLayoutNameW
GetComboBoxInfo
GetClipboardOwner
CharPrevW
DefWindowProcA
ArrangeIconicWindows
EnumDisplaySettingsExA
SetWindowLongW
GetScrollBarInfo
IsDialogMessage
SetCapture
EnumChildWindows
ChangeMenuW
WINNLSGetEnableStatus
SetProcessWindowStation
SetKeyboardState
GetKeyNameTextW
GetPropW
CreateDialogParamW
CreateWindowStationA
CreatePopupMenu
ShowCaret
ChildWindowFromPointEx
GetClassLongW
GetTitleBarInfo
GetDlgItem
RemovePropW
CreateWindowStationW
UnloadKeyboardLayout
ClientToScreen
IsCharUpperA
InsertMenuA
FindWindowExA
SetMenuItemInfoW
TrackPopupMenu
DialogBoxIndirectParamW
GetMenuItemInfoA
AttachThreadInput
GetWindowTextW
CreateIconFromResourceEx
GetKeyboardLayout
GetNextDlgTabItem
DispatchMessageW
GetAncestor
CreateDialogIndirectParamW
MapDialogRect
GetScrollInfo
LoadMenuA
HideCaret
CreateIconIndirect
EndTask
RealGetWindowClass
MessageBeep
GetCaretPos
CheckMenuItem
DlgDirListW
BeginDeferWindowPos
HiliteMenuItem
MessageBoxW
MoveWindow
LoadCursorFromFileA
LoadKeyboardLayoutW
RegisterWindowMessageA
IsCharUpperW
GetWindowDC
SetPropW
wvsprintfA
SetUserObjectInformationW
LoadKeyboardLayoutA
GetSysColor
SendMessageCallbackW
IsCharAlphaNumericA
MenuItemFromPoint
GetWindowModuleFileNameA
DestroyIcon
OemKeyScan
GetWindowModuleFileNameW
DdeNameService
GetLastInputInfo
UnionRect
FrameRect
SetRect
MonitorFromRect
SendMessageTimeoutA
CallWindowProcW
ChangeMenuA
InvalidateRect
UnregisterClassW
TranslateAcceleratorA
AdjustWindowRect
CreateIcon
GetClassNameA
SendMessageTimeoutW
CloseClipboard
GetKeyboardType
ReplyMessage
TranslateAcceleratorW
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
UninitializedDataSize
0

Comments
Author: David S. Hooper

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.2.0

LanguageCode
English (Canadian)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
10240

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995-1997 ACD Systems, Ltd.

FileVersion
2, 2, 2, 0

TimeStamp
2012:08:18 15:36:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ACDSee 32

SubsystemVersion
4.0

ProductVersion
2, 2, 2, 0

FileDescription
ACDSee 32 for Windows 95/NT

OSVersion
4.0

OriginalFilename
acdsee32.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ACD Systems, Ltd.

CodeSize
35328

ProductName
ACDSee 32 for Windows 95/NT

ProductVersionNumber
2.2.2.0

EntryPoint
0x9040

ObjectFileType
Executable application

File identification
MD5 d388aa30a1f7ef39e1716c74127664c9
SHA1 7ba11c5d779efa4ca0636d6b86befa6577c3f0bf
SHA256 1819210378e35b78f739792163059785ea7c327c6e8960603d944fe1338b64db
ssdeep
768:0lNovYOHzioU/w71Zwr88tJ9pVyzp86LRSL12QN/4STeS6tJMY/Pzw:qovY2ioU/O1Kr8M9ezSL12+MzL0

File size 45.0 KB ( 46080 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable Generic (79.3%)
Win32 Executable Generic (7.9%)
Win32 Dynamic Link Library (generic) (7.0%)
Win16/32 Executable Delphi generic (1.9%)
Generic Win/DOS Executable (1.8%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-20 11:28:13 UTC ( 1 year, 7 months ago )
Last submission 2012-12-06 11:30:21 UTC ( 1 year, 4 months ago )
File names SkypePM.exe
hleo32.exe
acdsee32.exe
ACDSee 32
SkypePM.exe
hleo32.exe.forse virus
d388aa30a1f7ef39e1716c74127
forum__load.php_
hleo32.exe
HLEO32.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Set keys
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications