× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f5425bf59fada0c2c160d68363f828d363232a08a678d3f0d66c0b24bb7cc9b
File name: fd4217b37b17158beacb920b3fa00002
Detection ratio: 11 / 55
Analysis date: 2014-09-01 16:51:28 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1834505 20140901
AhnLab-V3 Trojan/Win32.Necurs 20140901
BitDefender Trojan.GenericKD.1834505 20140901
Emsisoft Trojan.GenericKD.1834505 (B) 20140901
ESET-NOD32 Win32/Spy.Zbot.ABX 20140901
GData Trojan.GenericKD.1834505 20140901
Kaspersky Trojan-Spy.Win32.Zbot.typx 20140901
Kingsoft Win32.Troj.Zbot.ty.(kcloud) 20140901
Malwarebytes Spyware.Passwords.ED 20140901
eScan Trojan.GenericKD.1834505 20140901
Sophos AV Mal/Generic-S 20140901
AegisLab 20140901
Yandex 20140901
AntiVir 20140901
Antiy-AVL 20140901
Avast 20140901
AVG 20140901
AVware 20140901
Baidu-International 20140901
Bkav 20140829
ByteHero 20140901
CAT-QuickHeal 20140901
ClamAV 20140901
CMC 20140901
Comodo 20140901
Cyren 20140901
DrWeb 20140901
F-Prot 20140901
F-Secure 20140901
Fortinet 20140901
Ikarus 20140901
Jiangmin 20140829
K7AntiVirus 20140901
K7GW 20140901
McAfee 20140901
McAfee-GW-Edition 20140901
Microsoft 20140901
NANO-Antivirus 20140901
Norman 20140901
nProtect 20140901
Panda 20140901
Qihoo-360 20140901
Rising 20140901
SUPERAntiSpyware 20140901
Symantec 20140901
Tencent 20140901
TheHacker 20140901
TotalDefense 20140901
TrendMicro 20140901
TrendMicro-HouseCall 20140901
VBA32 20140901
VIPRE 20140901
ViRobot 20140901
Zillya 20140901
Zoner 20140901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright © 1998-2010 Mark Russinovich

Publisher Sysinternals - www.sysinternals.com
Product Process Explorer
Original name Procexp.exe
Internal name Process Explorer
File version
Description WSysinternals Process Explorer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-31 20:04:02
Entry Point 0x0000630E
Number of sections 5
PE sections
Number of PE resources by type
Number of PE resources by language
PE resources
File identification
MD5 fd4217b37b17158beacb920b3fa00002
SHA1 e5500a6b5375c12a39e28e213a5fb7bdcad6c916
SHA256 1f5425bf59fada0c2c160d68363f828d363232a08a678d3f0d66c0b24bb7cc9b

imphash 9ae6c99d2a4220b09a3cc948fe0b913d
File size 269.5 KB ( 275968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)

VirusTotal metadata
First submission 2014-09-01 16:51:28 UTC ( 4 years, 6 months ago )
Last submission 2014-09-04 06:15:33 UTC ( 4 years, 6 months ago )
File names Process Explorer
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.