× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 21efa5573721890cdcf9481f613ccb7d633733f05bc29cfeae402802e382cc92
File name: da40c167cd75d.png
Detection ratio: 25 / 62
Analysis date: 2017-06-28 06:18:27 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.243964 20170628
Arcabit Trojan.Zusy.D3B8FC 20170628
Avast Win32:Malware-gen 20170628
AVG Win32:Malware-gen 20170628
Avira (no cloud) TR/Crypt.ZPACK.svfki 20170628
AVware Trojan.Win32.Kovter.ab (v) 20170628
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170628
BitDefender Gen:Variant.Zusy.243964 20170628
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cyren W32/Kovter.T2.gen!Eldorado 20170628
DrWeb Trojan.MulDrop7.9015 20170628
Emsisoft Gen:Variant.Zusy.243964 (B) 20170628
Endgame malicious (high confidence) 20170615
ESET-NOD32 a variant of Win32/GenKryptik.AMJU 20170628
F-Prot W32/Kovter.T2.gen!Eldorado 20170628
F-Secure Gen:Variant.Zusy.243964 20170628
Fortinet W32/Kryptik.FTUD!tr 20170628
GData Gen:Variant.Zusy.243964 20170628
Sophos ML heuristic 20170607
eScan Gen:Variant.Zusy.243964 20170628
Rising Malware.Generic.1!tfe (thunder:KNcqkmidi8E) 20170628
Sophos AV Mal/Kovter-Z 20170628
Symantec ML.Attribute.HighConfidence 20170628
Tencent Win32.Trojan.Raasj.Auto 20170628
VIPRE Trojan.Win32.Kovter.ab (v) 20170628
AegisLab 20170628
AhnLab-V3 20170627
Alibaba 20170628
ALYac 20170628
Antiy-AVL 20170628
Bkav 20170628
CAT-QuickHeal 20170627
ClamAV 20170628
CMC 20170628
Comodo 20170628
Ikarus 20170627
Jiangmin 20170628
K7AntiVirus 20170627
K7GW 20170628
Kaspersky 20170627
Kingsoft 20170628
Malwarebytes 20170628
McAfee 20170628
McAfee-GW-Edition 20170628
Microsoft 20170628
NANO-Antivirus 20170628
nProtect 20170628
Palo Alto Networks (Known Signatures) 20170628
Panda 20170626
Qihoo-360 20170628
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170628
Symantec Mobile Insight 20170627
TheHacker 20170628
TotalDefense 20170628
TrendMicro 20170628
TrendMicro-HouseCall 20170628
Trustlook 20170628
VBA32 20170627
ViRobot 20170628
Webroot 20170628
WhiteArmor 20170627
Yandex 20170627
Zillya 20170623
ZoneAlarm by Check Point 20170628
Zoner 20170628
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
BonVojalih (C) 2005-2006 CyberLink Corp.

Product BonVojalih PowerDVD Embedded
Original name PowerDVD.exe
Internal name BonVojalih PowerDVD Embedded Main Program
File version 9.00.26
Description BonVojalih PowerDVD Embedded Main Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-28 06:45:25
Entry Point 0x00003CA7
Number of sections 8
PE sections
Overlays
MD5 86265d15dd15d84aa973abe76e25c919
File type data
Offset 487936
Size 632
Entropy 7.64
PE imports
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegEnumKeyW
RegCreateKeyW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegQueryValueExW
RegQueryValueW
GetTextMetricsW
SetMapMode
CreatePen
SaveDC
EndPath
GetClipBox
TranslateCharsetInfo
OffsetViewportOrgEx
RestoreDC
SetBkMode
DeleteObject
CreateBitmap
CreateDIBSection
SetTextColor
GetTextExtentPoint32W
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
AbortPath
ScaleViewportExtEx
CloseFigure
SelectObject
SetWindowExtEx
Escape
SetBkColor
BeginPath
SetViewportExtEx
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
SignalObjectAndWait
CreateTimerQueue
GetFileAttributesW
lstrcmpW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
SetStdHandle
GetFileTime
IsDBCSLeadByteEx
GetCPInfo
WriteFile
SetThreadAffinityMask
GetThreadTimes
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
GetThreadPriority
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
WritePrivateProfileStringW
SetLastError
GetUserDefaultUILanguage
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
GetSystemDefaultUILanguage
SetThreadPriority
GetUserDefaultLCID
GetVolumeInformationW
TlsGetValue
DeleteTimerQueueTimer
GetPrivateProfileStringW
GetModuleHandleA
GetFullPathNameW
GlobalAddAtomW
CreateThread
InterlockedFlushSList
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
FindCloseChangeNotification
GetModuleHandleExW
GlobalAlloc
LocalFileTimeToFileTime
ChangeTimerQueueTimer
ReadConsoleW
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
SetEvent
QueryPerformanceCounter
VirtualProtect
LoadLibraryA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetProcessHeap
GetFileSizeEx
GlobalReAlloc
RemoveDirectoryW
lstrcmpA
FindNextFileW
CreateHardLinkW
CreateTimerQueueTimer
FindFirstFileW
DuplicateHandle
GetProcAddress
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
LockFile
FindFirstChangeNotificationW
WaitForSingleObjectEx
SwitchToThread
SizeofResource
GetCurrentDirectoryW
LockResource
SetFileTime
HeapQueryInformation
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
GetFileAttributesExW
GetLongPathNameW
UnregisterWait
FindResourceW
VirtualFree
Sleep
WindowFromAccessibleObject
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
SysStringLen
VariantClear
SysAllocString
VarBstrCmp
OleCreatePropertyFrame
SysFreeString
VariantInit
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHSetUnreadMailCountW
SHExtractIconsW
DoEnvironmentSubstW
UrlUnescapeW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathFindExtensionW
PathStripToRootW
MapWindowPoints
GetMessagePos
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
OemToCharBuffA
GrayStringW
EndPaint
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
GetClassInfoW
DrawTextW
GetNextDlgTabItem
ClientToScreen
GetTopWindow
GetWindowTextLengthW
GetMenuItemID
PtInRect
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
SetPropW
ValidateRect
PeekMessageW
EnableWindow
CharUpperW
CharToOemBuffW
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
IsWindow
EnableMenuItem
GetSubMenu
SetTimer
OemToCharA
IsDialogMessageW
CopyRect
GetSysColorBrush
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
KillTimer
GetParent
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
InflateRect
DrawTextExW
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
TrackPopupMenu
GetMenuItemCount
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
DispatchMessageW
SetForegroundWindow
CharToOemA
CreateDialogIndirectParamW
IntersectRect
EndDialog
GetCapture
GetWindowThreadProcessId
MessageBoxW
SetMenu
AdjustWindowRectEx
GetSysColor
GetKeyState
DestroyIcon
IsWindowVisible
WinHelpW
UnionRect
MonitorFromWindow
SetRect
InvalidateRect
GetClassNameW
GetClientRect
IsRectEmpty
GetFocus
SetCursor
RemovePropW
OpenPrinterW
ClosePrinter
ExtDeviceMode
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemFree
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
ENGLISH TRINIDAD 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.23

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
9.0.2605.0

UninitializedDataSize
140800

LanguageCode
Unknown (2C09)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
410112

EntryPoint
0x3ca7

OriginalFileName
PowerDVD.exe

MIMEType
application/octet-stream

LegalCopyright
BonVojalih (C) 2005-2006 CyberLink Corp.

FileVersion
9.00.26

TimeStamp
2011:01:28 07:45:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BonVojalih PowerDVD Embedded Main Program

ProductVersion
9.00.26

FileDescription
BonVojalih PowerDVD Embedded Main Program

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BonVojalih Corp.

CodeSize
77824

ProductName
BonVojalih PowerDVD Embedded

ProductVersionNumber
9.0.2605.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0e4b16cec12adca5659213627265d4bf
SHA1 368cfc46a0051cc83a8e18e2509f488ff88e004c
SHA256 21efa5573721890cdcf9481f613ccb7d633733f05bc29cfeae402802e382cc92
ssdeep
12288:jZ+0WE0VkdqgCMy9BUhwTNMkdfJfyRORQgF:jFWE0VpgCvSIdh0OCgF

authentihash 5b3d32a8a4e0f288851f51e2a326df91793684798591d3028c579609909b5f93
imphash 8ff2ea4fe0c6b28374d7ce04f7048ecd
File size 477.1 KB ( 488568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-06-28 06:18:27 UTC ( 1 year, 10 months ago )
Last submission 2017-06-29 11:19:42 UTC ( 1 year, 9 months ago )
File names BonVojalih PowerDVD Embedded Main Program
Main.png.exe
da40c167cd75d.png
Main.png.exe
da40c167cd75d.png
PowerDVD.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications