× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 246c712bf3f1d813d955ec2c1be50093fd149ae12da40e6e3e517857e035e82a
File name: c852c22474d744bad4281bc7935b71b0.virus
Detection ratio: 33 / 56
Analysis date: 2016-06-26 14:16:16 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.17328294 20160626
AhnLab-V3 Malware/Win32.Generic.N2029970766 20160626
ALYac Trojan.Generic.17328294 20160626
Antiy-AVL Trojan/Win32.Yakes 20160626
Arcabit Trojan.Generic.D10868A6 20160626
Avast Win32:Trojan-gen 20160626
AVG Generic_r.KFE 20160626
Avira (no cloud) TR/Crypt.ZPACK.kqbr 20160626
AVware Trojan.Win32.Reveton.a (v) 20160626
Baidu Win32.Trojan.Kryptik.ajo 20160624
BitDefender Trojan.Generic.17328294 20160626
Bkav HW32.Packed.3708 20160625
Cyren W32/Trojan.DMIO-2296 20160626
DrWeb Trojan.Siggen6.58358 20160626
Emsisoft Trojan.Generic.17328294 (B) 20160626
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160626
F-Secure Trojan.Generic.17328294 20160626
Fortinet W32/Agent.CFH!tr.dldr 20160626
GData Trojan.Generic.17328294 20160626
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160626
K7GW Trojan-Downloader ( 004e141d1 ) 20160626
Kaspersky Trojan.Win32.Yakes.pwmr 20160626
McAfee Artemis!C852C22474D7 20160626
McAfee-GW-Edition BehavesLike.Win32.BadFile.cc 20160626
Microsoft TrojanDownloader:Win32/Talalpek.A 20160626
eScan Trojan.Generic.17328294 20160626
nProtect Trojan.Generic.17328294 20160624
Panda Trj/Agent.SM 20160626
Qihoo-360 QVM20.1.Malware.Gen 20160626
Sophos AV Mal/Generic-S 20160626
Symantec Packed.Generic.459 20160626
Tencent Win32.Trojan.Yakes.Syhm 20160626
VIPRE Trojan.Win32.Reveton.a (v) 20160626
AegisLab 20160624
Alibaba 20160624
Baidu-International 20160614
CAT-QuickHeal 20160625
ClamAV 20160626
CMC 20160620
Comodo 20160626
F-Prot 20160626
Ikarus 20160626
Jiangmin 20160626
Kingsoft 20160626
Malwarebytes 20160626
NANO-Antivirus 20160626
SUPERAntiSpyware 20160626
TheHacker 20160625
TotalDefense 20160626
TrendMicro 20160626
TrendMicro-HouseCall 20160626
VBA32 20160625
ViRobot 20160626
Yandex 20160625
Zillya 20160625
Zoner 20160626
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2006-2010 Christian Ghisler

Internal name Totalcmd-udmin
File version 1, 0, 0, 5
Description Total Commander udministrator Tool
Comments Tool used internally by Total Commander, do not start directly!
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-22 17:47:11
Entry Point 0x00002660
Number of sections 4
PE sections
PE imports
RegQueryValueExW
RegOpenKeyW
SetMetaRgn
AddFontResourceA
DeleteEnhMetaFile
CreateHalftonePalette
EndPath
DeleteDC
GdiGetBatchLimit
EndDoc
FillPath
CreatePatternBrush
DeleteColorSpace
AbortPath
UnrealizeObject
GdiFlush
CreateCompatibleDC
CloseEnhMetaFile
EndPage
CloseFigure
DeleteObject
CloseMetaFile
CancelDC
CreateSolidBrush
BeginPath
AbortDoc
DeleteMetaFile
GetTextCharset
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
SetEvent
GetDriveTypeA
SetConsoleCursorPosition
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
GetTempPathW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
MoveFileW
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
RaiseException
EnumSystemLocalesA
SetThreadPriority
GetVolumeInformationW
TerminateProcess
MultiByteToWideChar
CreateEventW
SetFileAttributesW
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
CreatePipe
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ExitThread
GetDiskFreeSpaceExA
SetCurrentDirectoryW
GetDiskFreeSpaceExW
GetCurrentThreadId
GetModuleHandleA
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
OpenProcess
CreateDirectoryA
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
GetComputerNameW
ExpandEnvironmentStringsW
FindNextFileW
GetTimeFormatA
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
SetVolumeLabelW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
Process32FirstW
GetCurrentThread
QueryPerformanceFrequency
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
GetFileAttributesExW
SizeofResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
IsBadReadPtr
IsBadStringPtrA
VirtualAlloc
GetOEMCP
GetClipboardViewer
CreateMenu
GetDoubleClickTime
LoadIconA
CountClipboardFormats
EndMenu
GetInputState
AnyPopup
GetCapture
GetDialogBaseUnits
LoadIconW
GetFocus
GetClipboardOwner
GetActiveWindow
GetForegroundWindow
GetClipboardSequenceNumber
GetCursor
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN SWISS 7
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Tool used internally by Total Commander, do not start directly!

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
ASCII

InitializedDataSize
17408

EntryPoint
0x2660

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 5

TimeStamp
2016:06:22 18:47:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Totalcmd-udmin

FileDescription
Total Commander udministrator Tool

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2006-2010 Christian Ghisler

MachineType
Intel 386 or later, and compatibles

CompanyName
G hisler Software GmbH

CodeSize
101376

FileSubtype
0

ProductVersionNumber
1.0.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c852c22474d744bad4281bc7935b71b0
SHA1 ea607dd34f2334eb30bc4b8e603a9ecc25c3e4ec
SHA256 246c712bf3f1d813d955ec2c1be50093fd149ae12da40e6e3e517857e035e82a
ssdeep
3072:ZXSjAvxq2qODnUtPahZQ3CwydB8mjxslEfwUUHBa5LJ:ZrDn7hjwktfwUoBW

authentihash 3c51855b2224ccc1f3095c6474eb7ea9971c4e3321288e6272974b5adf047141
imphash c4e6cd539c3246907e56569e9b287822
File size 117.0 KB ( 119808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-26 14:16:16 UTC ( 2 years, 8 months ago )
Last submission 2016-06-26 14:16:16 UTC ( 2 years, 8 months ago )
File names 246c712bf3f1d813d955ec2c1be50093fd149ae12da40e6e3e517857e035e82a.exe
c852c22474d744bad4281bc7935b71b0.virus
Totalcmd-udmin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications