× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 200448a9359d19065ca7a7636f9560a4c95877c4ea40d494d5846a31cbdb36ff
File name: dwservice.exe
Detection ratio: 0 / 43
Analysis date: 2012-11-25 13:27:58 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Yandex 20121118
AhnLab-V3 20121118
AntiVir 20121119
Antiy-AVL 20121118
Avast 20121119
AVG 20121119
BitDefender 20121119
ByteHero 20121116
CAT-QuickHeal 20121119
ClamAV 20121119
Commtouch 20121119
Comodo 20121119
DrWeb 20121119
Emsisoft 20121119
eSafe 20121115
ESET-NOD32 20121119
F-Prot 20121119
F-Secure 20121119
Fortinet 20121119
GData 20121119
Ikarus 20121119
Jiangmin 20121119
K7AntiVirus 20121116
Kaspersky 20121119
Kingsoft 20121112
McAfee 20121119
McAfee-GW-Edition 20121119
Microsoft 20121119
eScan 20121119
Norman 20121119
nProtect 20121119
Panda 20121119
Rising 20121119
Sophos AV 20121119
SUPERAntiSpyware 20121119
Symantec 20121119
TheHacker 20121118
TotalDefense 20121118
TrendMicro 20121119
TrendMicro-HouseCall 20121119
VBA32 20121119
VIPRE 20121119
ViRobot 20121119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-07 13:56:06
Entry Point 0x00228EE6
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
CryptDestroyKey
RegOpenCurrentUser
RegCloseKey
LookupAccountSidW
ConvertSidToStringSidW
OpenServiceW
AdjustTokenPrivileges
RegSetKeySecurity
RegDeleteValueW
RegDeleteKeyW
CryptHashData
GetUserNameW
InitializeSecurityDescriptor
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
LookupAccountNameA
GetSidSubAuthority
ConvertStringSidToSidW
OpenProcessToken
SetServiceStatus
RegOpenKeyExW
RegOpenKeyW
LookupAccountNameW
CryptGenKey
CreateServiceW
GetTokenInformation
RegGetKeySecurity
CryptReleaseContext
GetSidSubAuthorityCount
IsValidSid
GetSidIdentifierAuthority
RegisterServiceCtrlHandlerW
RegEnumKeyExW
CryptGenRandom
CryptAcquireContextW
ChangeServiceConfig2W
CloseServiceHandle
ImpersonateNamedPipeClient
CryptDestroyHash
OpenThreadToken
RegEnumValueW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
CryptGetHashParam
OpenSCManagerW
AllocateAndInitializeSid
InitiateSystemShutdownExW
QueryServiceStatusEx
StartServiceCtrlDispatcherW
EqualSid
LookupPrivilegeValueW
CryptUnprotectData
CryptFindCertificateKeyProvInfo
CertOpenStore
CertStrToNameW
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCreateSelfSignCertificate
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CryptProtectData
CertFindCertificateInStore
CryptEncodeObject
CertCreateContext
GetIpAddrTable
GetStdHandle
CreateWaitableTimerA
GetOverlappedResult
SetEvent
CreateJobObjectW
GetHandleInformation
QueueUserAPC
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
GetFullPathNameA
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
VirtualQuery
SetLastError
PeekNamedPipe
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
ReadConsoleInputW
GetVersionExA
GetVolumeInformationA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
TerminateJobObject
SetFilePointerEx
CreateEventW
InterlockedExchangeAdd
CreateSemaphoreA
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GetVersion
GlobalAlloc
SetEndOfFile
SetWaitableTimer
LeaveCriticalSection
SleepEx
GetModuleHandleA
CloseHandle
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
GetDateFormatA
GetWindowsDirectoryW
GetStartupInfoW
DeleteFileW
GetProcAddress
GetSystemInfo
GetProcessHeap
GetComputerNameW
AssignProcessToJobObject
GetFileSizeEx
ExpandEnvironmentStringsW
FindNextFileW
GetCurrentThreadId
ResetEvent
GetComputerNameA
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
SetConsoleMode
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
CompareStringW
SetProcessShutdownParameters
GetEnvironmentStringsW
WaitForSingleObjectEx
GetQueuedCompletionStatus
SwitchToThread
GetCurrentDirectoryW
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
CancelIo
GetCurrentThread
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
EnumSystemLocalesA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
WriteFile
PostQueuedCompletionStatus
CreateProcessW
Sleep
WriteConsoleW
SetConsoleCtrlHandler
OpenEventA
GetOEMCP
GetTimeFormatA
WNetCancelConnection2W
WNetAddConnection2W
NetUserEnum
NetApiBufferFree
Ord(200)
Ord(6)
Ord(7)
Ord(2)
Ord(9)
RpcStringBindingComposeA
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcImpersonateClient
RpcMgmtIsServerListening
RpcMgmtEnableIdleCleanup
RpcServerRegisterAuthInfoW
RpcStringBindingComposeW
RpcMgmtStopServerListening
RpcBindingFree
RpcStringFreeA
UuidToStringW
RpcRevertToSelfEx
RpcStringFreeW
RpcServerUnregisterIf
NdrServerCall2
NdrClientCall2
RpcSsDestroyClientContext
RpcServerUseProtseqEpW
RpcRaiseException
RpcBindingSetAuthInfoExA
RpcServerRegisterIfEx
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoExW
RpcServerListen
RpcBindingFromStringBindingW
RpcEpResolveBinding
UuidCreate
SetupDiBuildClassInfoListExW
SetupDiGetClassDescriptionExW
CM_Get_DevNode_Status_Ex
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsExW
SetupDiGetDeviceInstanceIdW
SetupDiClassNameFromGuidExW
SHGetSpecialFolderPathW
Ord(437)
VerQueryValueW
GetFileVersionInfoW
Ord(3)
Ord(1)
Ord(111)
WSASocketW
WSAAddressToStringA
Ord(5)
Ord(18)
Ord(115)
Ord(11)
Ord(56)
Ord(20)
Ord(17)
Ord(15)
Ord(52)
Ord(13)
Ord(112)
Ord(6)
Ord(151)
Ord(116)
WSAAddressToStringW
Ord(19)
Ord(2)
Ord(12)
Ord(51)
Ord(10)
Ord(55)
Ord(21)
Ord(16)
Ord(9)
Ord(8)
Ord(7)
CoUninitialize
CoInitialize
CoCreateInstance
StringFromCLSID
OleRun
CoTaskMemFree
CLSIDFromString
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
5.0

Comments
Visit http://www.drweb.com for additional information

InitializedDataSize
988160

ImageVersion
0.0

ProductName
Dr.Web

FileVersionNumber
8.0.0.11070

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
dwservice.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
8.0.0.11070

TimeStamp
2012:11:07 13:56:06+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
dwservice

ProductVersion
8.0.0.11070

FileDescription
Dr.Web Control Service

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright Doctor Web, Ltd., 1992-2012

MachineType
Intel 386 or later, and compatibles

CompanyName
Doctor Web, Ltd.

CodeSize
2831360

FileSubtype
0

ProductVersionNumber
8.0.0.11070

EntryPoint
0x228ee6

ObjectFileType
Executable application

File identification
MD5 25abf6a076ce2fe9b1e0d5a960d8b0fa
SHA1 3059c23b66362724767b5a08b6e0b1f29cd257e8
SHA256 200448a9359d19065ca7a7636f9560a4c95877c4ea40d494d5846a31cbdb36ff
ssdeep
49152:TZv3DGq7JzKuJD+6LIEmMyAcZbsab00A61Df4bPMZON1Kflv97pf+Ie5UhtviI1J:TB3DGCJOuY5E2HZb3bs61Du1KflviPg

File size 3.6 MB ( 3799392 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (console) Intel 80386 32-bit

TrID InstallShield setup (46.1%)
Win32 Executable MS Visual C++ (generic) (40.4%)
Win32 Executable Generic (9.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2012-11-25 13:27:58 UTC ( 4 years, 10 months ago )
Last submission 2012-11-25 13:27:58 UTC ( 4 years, 10 months ago )
File names dwservice.exe
dwservice.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications