× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
File name: AA_v3.exe
Detection ratio: 30 / 61
Analysis date: 2017-03-31 04:06:29 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Unwanted/Win32.RemoteAdmin.R153011 20170330
ALYac Misc.HackTool.RemoteAdmin.Ammyy 20170330
Antiy-AVL RiskWare[RemoteAdmin]/Win32.Ammyy 20170330
Avast Win32:RemoteAdmin-B [PUP] 20170330
AVG RemoteAdmin.DEQ 20170330
Avira (no cloud) SPR/RemoteAdmin.765952 20170330
Bkav W32.Clod39b.Trojan.8ccf 20170330
Comodo ApplicUnsaf.Win32.RemoteAdmin.Ammyy.BB 20170330
CrowdStrike Falcon (ML) malicious_confidence_65% (D) 20170130
Cyren W32/RemoteAdmin.ACSY-7276 20170330
DrWeb Program.RemoteAdmin.701 20170330
Endgame malicious (high confidence) pe1 20170330
ESET-NOD32 a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe 20170331
F-Prot W32/RemoteAdmin.Ammyy 20170330
GData Win32.Riskware.RemoteAdmin.A 20170330
Sophos ML virus.win32.sality.at 20170203
Jiangmin RemoteAdmin.Ammyy.bm 20170330
K7AntiVirus Unwanted-Program ( 004b889d1 ) 20170330
K7GW Unwanted-Program ( 004b889d1 ) 20170330
Kaspersky not-a-virus:RemoteAdmin.Win32.Ammyy.xmr 20170330
NANO-Antivirus Riskware.Win32.AmmyAdmin.dskdxp 20170331
nProtect Abuse-Worry/W32.Ammyy.773624 20170331
Qihoo-360 Win32/Trojan.Adware.37e 20170331
Rising Malware.Ammyy!6.1139 (cloud:cAchywFFTRO) 20170330
SUPERAntiSpyware HackTool/Gen-Ammyy 20170330
Symantec Remacc.Ammyy 20170330
Webroot Malicious 20170331
Yandex Riskware.RemoteAdmin! 20170327
ZoneAlarm by Check Point not-a-virus:RemoteAdmin.Win32.Ammyy.xmr 20170331
Zoner PUA.RemoteAdmin 20170331
Ad-Aware 20170330
AegisLab 20170330
Alibaba 20170331
Arcabit 20170330
AVware 20170330
Baidu 20170330
BitDefender 20170330
CAT-QuickHeal 20170330
ClamAV 20170330
Emsisoft 20170330
F-Secure 20170330
Fortinet 20170330
Ikarus 20170330
Kingsoft 20170331
Malwarebytes 20170330
McAfee 20170330
McAfee-GW-Edition 20170331
Microsoft 20170330
eScan 20170331
Palo Alto Networks (Known Signatures) 20170331
Panda 20170330
SentinelOne (Static ML) 20170330
Sophos AV 20170331
Symantec Mobile Insight 20170329
Tencent 20170331
TheHacker 20170330
TotalDefense 20170330
TrendMicro 20170331
TrendMicro-HouseCall 20170331
Trustlook 20170331
VBA32 20170330
VIPRE 20170331
ViRobot 20170331
WhiteArmor 20170327
Zillya 20170329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Product Ammyy Admin
Internal name Ammyy Admin
File version 3.5
Description Ammyy Admin
Signature verification Signed file, verified signature
Signing date 12:38 PM 5/29/2015
Signers
[+] Ammyy LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 01/22/2015
Valid to 11:59 PM 01/21/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B35BF6AEA684BB977A55073F716A05B02EB925D9
Serial number 00 B2 4A D3 15 23 2D F3 7A BA 90 7C 9F 63 F6 18 44
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-29 10:36:12
Entry Point 0x0007C3CE
Number of sections 4
PE sections
Overlays
MD5 644ea360f204ccf708edd58ac2009b2b
File type data
Offset 765952
Size 7672
Entropy 7.47
PE imports
RegDeleteKeyA
RegCreateKeyExW
RegCloseKey
OpenServiceA
RegQueryValueExA
ControlService
RegCreateKeyExA
DeleteService
ConvertSidToStringSidA
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
SetFileSecurityW
StartServiceA
SetTokenInformation
RegOpenKeyExA
SetEntriesInAclA
CreateServiceW
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegEnumKeyExW
GetUserNameA
CreateProcessAsUserW
RegDeleteValueW
RevertToSelf
StartServiceW
RegisterServiceCtrlHandlerExA
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
StartServiceCtrlDispatcherW
ImpersonateLoggedOnUser
OpenSCManagerA
CreateToolbarEx
ImageList_Duplicate
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
CreatePropertySheetPageW
ImageList_Create
Ord(17)
PropertySheetW
ImageList_ReplaceIcon
ImageList_Add
Ord(6)
Ord(7)
Ord(2)
Ord(1)
TextOutW
GetSystemPaletteEntries
SetBitmapBits
CreateFontIndirectA
CreateRectRgnIndirect
CombineRgn
SetStretchBltMode
GetBitmapBits
GetDeviceCaps
DeleteDC
SetBkMode
GetRegionData
BitBlt
CreateDIBSection
RealizePalette
SetTextColor
CreatePatternBrush
GetObjectA
ExtTextOutW
SetTextAlign
CreateFontA
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
ExtTextOutA
GetDIBits
GdiFlush
SelectClipRgn
CreateCompatibleDC
StretchBlt
DeleteObject
SetBrushOrgEx
CreateRectRgn
SelectObject
CreateSolidBrush
DPtoLP
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
ProcessIdToSessionId
GetFileAttributesW
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
GetLogicalDrives
lstrcatW
GetFileTime
FindResourceExA
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
BeginUpdateResourceW
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
DeviceIoControl
InitializeCriticalSection
GetModuleFileNameW
TryEnterCriticalSection
ExitProcess
lstrcmpiW
UpdateResourceA
SetThreadPriority
TlsGetValue
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
CreateMutexA
SetFilePointer
CreateSemaphoreA
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SleepEx
CreateToolhelp32Snapshot
EnterCriticalSection
OpenProcess
LoadLibraryW
EndUpdateResourceW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
Process32Next
GetStartupInfoA
GetFileSize
Process32First
CreateDirectoryA
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetFileSizeEx
RemoveDirectoryW
lstrcmpA
FindNextFileW
lstrcpyA
ResetEvent
GetComputerNameA
FindFirstFileW
lstrcmpW
GlobalLock
SetEvent
CreateFileW
CreateEventA
TlsSetValue
CreateFileA
InterlockedIncrement
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
SetProcessShutdownParameters
GlobalUnlock
lstrlenW
SizeofResource
CompareFileTime
GetCurrentProcessId
WaitNamedPipeW
LockResource
SetFileTime
GetCurrentDirectoryA
GetCurrentThread
OpenMutexA
QueryPerformanceFrequency
GetModuleHandleA
ReadFile
CloseHandle
FindResourceA
GetTempPathW
CreateProcessW
Sleep
IsBadReadPtr
OpenEventA
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
__p__fmode
_ftol
fclose
strtoul
fflush
strtol
fputc
fwrite
strncmp
wcscmp
_XcptFilter
??1type_info@@UAE@XZ
exit
isspace
__CxxFrameHandler
_CxxThrowException
_strupr
wcsncmp
memcpy
_rotl
strstr
memmove
iswspace
strcmp
memchr
_purecall
_acmdln
memset
wcschr
strcat
_stricmp
_ultow
strchr
??2@YAPAXI@Z
__p__commode
ftell
abs
_strlwr
sprintf
strrchr
mbstowcs
_except_handler3
free
__getmainargs
_stat
_CIpow
iswdigit
strcpy
_CIacos
_initterm
_iob
rand
realloc
__dllonexit
isprint
printf
fopen
strncpy
_onexit
wcslen
memcmp
__setusermatherr
srand
wcsncpy
getenv
wcscat
atoi
atol
atof
wcscpy
_beginthreadex
_strnicmp
_controlfp
vsprintf
malloc
_i64tow
sscanf
_rotr
fread
swprintf
fprintf
isdigit
strlen
_endthreadex
?terminate@@YAXXZ
_errno
fseek
wcsrchr
_wcsicmp
tolower
_adjust_fdiv
calloc
_exit
floor
time
wcsstr
vswprintf
__set_app_type
_wtoi
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteA
Shell_NotifyIconA
PathGetDriveNumberA
InitializeSecurityContextA
CompleteAuthToken
AcquireCredentialsHandleA
QuerySecurityPackageInfoA
FreeContextBuffer
FreeCredentialsHandle
RedrawWindow
GetForegroundWindow
DrawStateA
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
ScrollWindowEx
SetMenuItemInfoA
WindowFromPoint
SetMenuItemInfoW
SetActiveWindow
GetDC
ChangeClipboardChain
GetAsyncKeyState
ReleaseDC
LockWorkStation
SendMessageW
SendMessageA
GetClientRect
GetMenuItemInfoW
DefWindowProcW
DrawTextW
GetThreadDesktop
TrackPopupMenu
LoadImageA
MsgWaitForMultipleObjects
GetMenuItemCount
GetWindowTextA
GetKeyState
DestroyWindow
DrawEdge
GetParent
MapDialogRect
GetCursorInfo
EqualRect
SetClassLongW
EnumWindows
GetUserObjectInformationA
ShowWindow
GetMenuState
EnableWindow
SetWindowPlacement
ShowWindowAsync
PeekMessageA
SetClipboardViewer
TranslateMessage
SetThreadDesktop
GetWindow
GetDlgItemInt
RegisterClassW
InsertMenuItemA
CreatePopupMenu
GetIconInfo
SetClipboardData
GetWindowPlacement
DrawMenuBar
IsIconic
OpenDesktopA
GetWindowLongA
CreateWindowExA
SwitchToThisWindow
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
GetCursorPos
CreateAcceleratorTableA
IsDialogMessageA
MapWindowPoints
MapVirtualKeyA
OpenInputDesktop
GetMessageA
PostMessageA
BeginPaint
SetFocus
keybd_event
KillTimer
GetClipboardOwner
VkKeyScanExA
DefWindowProcA
ToAsciiEx
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
UpdateWindow
SetCapture
ReleaseCapture
SetWindowLongA
CreateDialogParamW
SetWindowTextA
CheckMenuItem
GetSubMenu
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
ClientToScreen
LoadCursorA
LoadIconA
GetKeyboardState
SetWindowsHookExA
GetMenuItemInfoA
AttachThreadInput
DestroyAcceleratorTable
GetDesktopWindow
GetSystemMenu
InsertMenuItemW
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
EndDialog
LoadMenuA
FindWindowW
ScreenToClient
FindWindowA
MessageBeep
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
AppendMenuA
RegisterClassExW
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
SetDlgItemInt
MessageBoxA
AppendMenuW
DestroyCursor
AdjustWindowRectEx
mouse_event
DialogBoxParamA
LoadKeyboardLayoutA
GetSysColor
SetDlgItemTextW
SetScrollInfo
RegisterClassExA
SystemParametersInfoA
DestroyIcon
IsWindowVisible
SetCursorPos
SystemParametersInfoW
SetRect
InvalidateRect
wsprintfA
SendMessageTimeoutA
CallWindowProcW
TranslateAcceleratorA
EnableMenuItem
CloseDesktop
CallWindowProcA
GetClassNameA
GetFocus
wsprintfW
CloseClipboard
SetMenu
SetCursor
LoadUserProfileA
UnloadUserProfile
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpQueryInfoA
htonl
accept
ioctlsocket
WSAStartup
connect
shutdown
htons
getpeername
WSAGetLastError
closesocket
inet_addr
send
getservbyport
ntohs
select
gethostbyaddr
listen
__WSAFDIsSet
WSACleanup
gethostbyname
inet_ntoa
recv
WSAIoctl
setsockopt
socket
bind
getservbyname
GetSaveFileNameW
GetOpenFileNameW
GetAdaptersInfo
Number of PE resources by type
RT_DIALOG 20
RT_BITMAP 11
RT_GROUP_CURSOR 3
RT_ICON 3
RT_CURSOR 3
BINARY 1
Struct(240) 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 32
RUSSIAN 7
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ammyy Admin

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
258048

EntryPoint
0x7c3ce

MIMEType
application/octet-stream

FileVersion
3.5

TimeStamp
2015:05:29 12:36:12+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ammyy Admin

ProductVersion
3.5

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ammyy LLC

CodeSize
532480

ProductName
Ammyy Admin

ProductVersionNumber
3.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 11bc606269a161555431bacf37f7c1e4
SHA1 63c52b0ac68ab7464e2cd777442a5807db9b5383
SHA256 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
ssdeep
12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z

authentihash 4510089ed2c0af438ce8cf2c3d9f4946d6f5f6b626f393e7bc81f2df83afc0c1
imphash 3a8eb283f62eca7206b65c62b7d51bd5
File size 755.5 KB ( 773624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe via-tor signed overlay

VirusTotal metadata
First submission 2015-05-29 11:47:08 UTC ( 3 years, 8 months ago )
Last submission 2019-02-08 11:57:28 UTC ( 1 week, 2 days ago )
File names AMMYY-Solusys.exe
output.82996556.txt
output.111366787.txt
Ammyy Admin
Teleassistenza_sanso.exe
acesso.exe
soportetecnico.exe
aav3.exe
Ammyy Admin_V3.exe
igm3.exe
remote_access.exe
remoto03.exe
63c52b0ac68ab7464e2cd777442a5807db9b5383-AA_v3.exe
remote.exe
Ammyy.Admin.3.5.Final.exe
output.91662091.txt
conexion.exe
1.exe
output.44263470.txt
AAv3.exe
ammyy_admin_3_5.exe
AA_v3_5 .exe
243006
719338
SUPORTE 3.5.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.