× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2019734d625e275d66d9e00ea770f272be2477c89c70dd0daee3bc27da3825b7
File name: 2019734D625E275D66D9E00EA770F272BE2477C89C70DD0DAEE3BC27DA3825B7
Detection ratio: 49 / 58
Analysis date: 2016-08-31 09:35:31 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Injector.44 20160831
AegisLab Troj.W32.Agent.nesmhq!c 20160831
AhnLab-V3 Trojan/Win32.MDA.N1638202569 20160831
Antiy-AVL Trojan/Win32.Agent 20160831
Arcabit Trojan.Injector.44 20160831
Avast Win32:Malware-gen 20160831
AVG Crypt4.BQGX 20160831
Avira (no cloud) TR/Crypt.ZPACK.13031 20160831
AVware Trojan.Win32.Generic!BT 20160831
BitDefender Gen:Variant.Injector.44 20160831
Bkav W32.FamVT.RazyNHmC.Trojan 20160831
CAT-QuickHeal Ransom.Crowti.B4 20160831
Comodo UnclassifiedMalware 20160831
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/FakeAlert.ACZ.gen!Eldorado 20160831
DrWeb BackDoor.Andromeda.614 20160831
Emsisoft Gen:Variant.Injector.44 (B) 20160831
ESET-NOD32 a variant of Win32/Kryptik.DRTE 20160831
F-Prot W32/FakeAlert.ACZ.gen!Eldorado 20160831
F-Secure Gen:Variant.Injector.44 20160831
Fortinet W32/Kryptik.EGUX!tr 20160831
GData Gen:Variant.Injector.44 20160831
Ikarus Trojan.Win32.Crypt 20160831
Sophos ML worm.win32.gamarue.i 20160830
Jiangmin Trojan/Generic.bipbv 20160831
K7AntiVirus Trojan ( 004c9a4e1 ) 20160831
K7GW Trojan ( 004c9a4e1 ) 20160831
Kaspersky HEUR:Trojan.Win32.Generic 20160831
Malwarebytes Trojan.FakeMS 20160831
McAfee Packed-FL!5FDE6BFD0D73 20160831
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160831
Microsoft Trojan:Win32/Bagsu!rfn 20160831
eScan Gen:Variant.Injector.44 20160831
NANO-Antivirus Trojan.Win32.Andromeda.duospf 20160831
Panda Trj/Genetic.gen 20160831
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160831
Rising Trojan.Generic-pYyqCBjGZrJ (cloud) 20160831
Sophos AV Mal/Wonton-BB 20160831
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20160831
Symantec Backdoor.Trojan 20160831
Tencent Win32.Trojan.Kryptik.Tbji 20160831
TheHacker Trojan/Kryptik.drte 20160829
TrendMicro TROJ_GEN.R03FC0CH415 20160831
TrendMicro-HouseCall TROJ_GEN.R03FC0CH415 20160831
VBA32 Trojan.Cidox 20160831
VIPRE Trojan.Win32.Generic!BT 20160831
ViRobot Trojan.Win32.Z.Agent.113664.AD[h] 20160831
Yandex Trojan.Agent!47KtgUCl4m4 20160831
Zillya Trojan.Agent.Win32.564565 20160831
Alibaba 20160831
ALYac 20160831
Baidu 20160831
ClamAV 20160831
CMC 20160830
Kingsoft 20160831
nProtect 20160831
TotalDefense 20160831
Zoner 20160831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 2010
Original name VCUpgrade.exe
Internal name VCUpgrade.exe
File version 10.0.30319.1 built by: RTMRel
Description Microsoft Visual VCUpgrade Tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-29 17:10:24
Entry Point 0x00006C09
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
CreateDCA
GetKerningPairsW
LineTo
FlattenPath
PlgBlt
CreateRectRgn
SetBkMode
GetClipRgn
EnumObjects
GetPath
GetCharWidthI
SetTextJustification
GetDCPenColor
CombineTransform
GetClipBox
GetROP2
RoundRect
UpdateColors
GetBkColor
GetTextFaceA
AreFileApisANSI
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
VirtualAllocEx
GetConsoleCP
GetOEMCP
LCMapStringA
CopyFileA
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
lstrcmpiW
GetShortPathNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetPriorityClass
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetStdHandle
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
TlsFree
SuspendThread
SetFilePointer
GetCPInfo
SetEnvironmentVariableW
GetStringTypeA
FreeEnvironmentStringsW
GetSystemDirectoryW
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetComputerNameA
UnlockFileEx
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetModuleFileNameA
QueryPerformanceCounter
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
WriteConsoleA
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
PrepareTape
InterlockedIncrement
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
InsertMenuA
BeginDeferWindowPos
GetDCEx
LoadCursorA
TrackPopupMenu
GetKeyboardLayout
GetUpdateRgn
LoadBitmapA
GetClipboardFormatNameA
CheckRadioButton
IsWindowUnicode
AppendMenuW
GetKeyboardLayoutList
RegisterRawInputDevices
CharPrevW
GetMessageTime
CallWindowProcW
IsHungAppWindow
IsWindowEnabled
SetRect
IsDialogMessageA
ReleaseStgMedium
OleDestroyMenuDescriptor
WriteFmtUserTypeStg
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
Struct(1338) 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.30319.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
59904

EntryPoint
0x6c09

OriginalFileName
VCUpgrade.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.30319.1 built by: RTMRel

TimeStamp
2015:07:29 18:10:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VCUpgrade.exe

ProductVersion
10.0.30319.1

FileDescription
Microsoft Visual VCUpgrade Tool

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
52736

ProductName
Microsoft Visual Studio 2010

ProductVersionNumber
10.0.30319.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5fde6bfd0d73852a6a81fc5a15af0092
SHA1 7d366dcaa50c41de2e6bd54740764a6b1706c14b
SHA256 2019734d625e275d66d9e00ea770f272be2477c89c70dd0daee3bc27da3825b7
ssdeep
1536:ZN0wD+i9B+VmAAB7OvPkoKFrx+eIZenO+VOSrvbAkpE48tK39Z3RGhP4:ZfDkDKF1+eWenO+VNrkn48tIxGK

authentihash 2ee0a03aec9273cc497fedcd9efda7ed96bf18aeb9107ca9a320a98059673391
imphash 573fbb0241049821e88f2295d6af4df0
File size 111.0 KB ( 113664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2015-07-29 23:57:25 UTC ( 3 years, 6 months ago )
Last submission 2015-07-29 23:57:25 UTC ( 3 years, 6 months ago )
File names VCUpgrade.exe
2019734D625E275D66D9E00EA770F272BE2477C89C70DD0DAEE3BC27DA3825B7
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.