× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 269bdfbc16af0a66ab83e361ba20219e5db72572bc1cdc7a9242ab68a6060a05
File name: AUSPOST_97287.exe
Detection ratio: 30 / 57
Analysis date: 2016-04-29 13:50:04 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BSXH 20160429
AhnLab-V3 Trojan/Win32.Zegost 20160429
ALYac Trojan.Agent.BSXH 20160429
Arcabit Trojan.Agent.BSXH 20160429
Avast Win32:Trojan-gen 20160429
AVG FileCryptor.KQD 20160429
Avira (no cloud) TR/Crypt.ZPACK.liry 20160429
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160429
BitDefender Trojan.Agent.BSXH 20160429
DrWeb Trojan.Encoder.4439 20160429
Emsisoft Trojan.Agent.BSXH (B) 20160429
ESET-NOD32 Win32/Filecoder.TorrentLocker.A 20160429
F-Secure Trojan.Agent.BSXH 20160429
GData Trojan.Agent.BSXH 20160429
Ikarus Trojan.Agent 20160429
Kaspersky Backdoor.Win32.Androm.jnuu 20160429
Malwarebytes Ransom.TorrentLocker 20160429
McAfee Artemis!70C6486D6E7A 20160429
McAfee-GW-Edition BehavesLike.Win32.Pate.hh 20160429
Microsoft Ransom:Win32/Teerac.A 20160429
eScan Trojan.Agent.BSXH 20160429
nProtect Trojan.Agent.BSXH 20160429
Panda Trj/GdSda.A 20160428
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160429
Rising Malware.XPACK-HIE/Heur!1.9C48 20160429
Sophos AV Troj/Ransom-CVF 20160429
Symantec Trojan.Cryptolocker.H 20160429
TrendMicro Ransom_CRILOCK.CBQ164S 20160429
TrendMicro-HouseCall Ransom_CRILOCK.CBQ164S 20160429
ViRobot Trojan.Win32.Agent.593408.B[h] 20160429
AegisLab 20160429
Alibaba 20160429
Antiy-AVL 20160429
AVware 20160429
Baidu-International 20160429
Bkav 20160429
CAT-QuickHeal 20160429
ClamAV 20160429
CMC 20160429
Comodo 20160429
Cyren 20160429
F-Prot 20160429
Fortinet 20160429
Jiangmin 20160429
K7AntiVirus 20160429
K7GW 20160429
Kingsoft 20160429
NANO-Antivirus 20160429
SUPERAntiSpyware 20160429
Tencent 20160429
TheHacker 20160429
TotalDefense 20160426
VBA32 20160429
VIPRE 20160429
Yandex 20160428
Zillya 20160429
Zoner 20160429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Headlight Software, Inc. All rights reserved.

Product (Shared by Headlight Software Products)
Original name udminPrivSetting.exe
Internal name udminPrivSetting.exe
File version 1.0.6.5
Description Change Settings that need udmin Privileges
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-28 23:47:04
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
ImageList_Add
GetSaveFileNameW
EnumObjects
SetMetaRgn
GetCharABCWidthsW
SetMapMode
CreateHalftonePalette
SetColorSpace
RemoveFontResourceTracking
GdiFlush
GetPaletteEntries
GdiIsMetaFileDC
GetTextCharset
SetICMProfileW
GdiPlayScript
PaintRgn
EnumFontFamiliesExA
EngAlphaBlend
RestoreDC
GetStringBitmapW
SetMetaFileBitsEx
GetCharWidthI
EngLockSurface
FixBrushOrgEx
BitBlt
EngGetCurrentCodePage
CreateBitmapIndirect
GetEnhMetaFileDescriptionW
CreatePatternBrush
GetLogColorSpaceA
GdiEntry15
DeleteColorSpace
GetPath
GetEnhMetaFileBits
GdiDeleteLocalDC
EngUnlockSurface
GdiEntry8
Pie
GetEnhMetaFileHeader
AddFontResourceExW
PolyTextOutW
Ellipse
EndPath
TlsGetValue
GlobalMemoryStatus
GetDriveTypeW
GetWindowsDirectoryW
LocalAlloc
GetConsoleAliasExesLengthW
GlobalFlags
InterlockedDecrement
QueryDosDeviceW
DeleteTimerQueue
TlsSetValue
VirtualAlloc
GetModuleHandleW
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SHGetFolderLocation
ShellExecuteExA
SHEmptyRecycleBinW
SHGetFileInfo
DuplicateIcon
SHGetFolderPathA
SHQueryRecycleBinW
SHGetMalloc
ExtractAssociatedIconW
SHGetSettings
FindExecutableW
ShellExecuteExW
SHEmptyRecycleBinA
DragQueryFileA
WOWShellExecute
DragQueryFileAorW
SHFileOperation
StrRChrIA
StrChrW
PathCombineA
StrRChrIW
MapWindowPoints
EmptyClipboard
SetWindowPlacement
RegisterWindowMessageW
SetWindowRgn
GetMenuInfo
UpdateWindow
GetScrollRange
GetScrollInfo
DrawTextW
LoadCursorW
GetScrollPos
GetCapture
GetKeyboardLayoutNameW
CreateCaret
GetDlgCtrlID
MessageBoxA
BroadcastSystemMessageW
GetShellWindow
ShowWindow
DrawFrameControl
SetSysColors
SetWindowPos
DdeImpersonateClient
GetSystemMetrics
SetWindowLongW
MessageBoxW
LoadIconA
GetWindowRect
InflateRect
EndPaint
UnhookWindowsHookEx
RegisterClipboardFormatA
IsGUIThread
DlgDirSelectComboBoxExW
GetCursor
GetWindowDC
SetPropW
IsCharAlphaNumericW
MessageBoxExW
ScrollDC
PostMessageW
SetWindowsHookW
GetDC
GetKeyState
GetCursorPos
ReleaseDC
BeginPaint
GetIconInfo
SendMessageW
IsWindowVisible
WinHelpW
GetWindowPlacement
SetForegroundWindow
GetClientRect
CloseWindow
RemovePropW
SystemParametersInfoW
IsIconic
FrameRect
InSendMessage
InvalidateRect
EnumPropsA
SetTimer
CallWindowProcW
GetClassNameW
LoadStringW
FillRect
OpenClipboard
KillTimer
DestroyAcceleratorTable
RegisterClipboardFormatW
GetGUIThreadInfo
ExcludeUpdateRgn
ChangeMenuW
RedrawWindow
SetScrollInfo
GetWindowLongW
CloseClipboard
InvalidateRgn
CharNextW
GetKeyboardType
SetMenuItemBitmaps
WindowFromDC
DoDragDrop
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 14
RT_DIALOG 4
RT_ICON 4
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 58
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.6.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
182784

EntryPoint
0x1000

OriginalFileName
udminPrivSetting.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Headlight Software, Inc. All rights reserved.

FileVersion
1.0.6.5

TimeStamp
2016:04:29 00:47:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
udminPrivSetting.exe

ProductVersion
1.0.6.5

FileDescription
Change Settings that need udmin Privileges

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Headlight Software, Inc.

CodeSize
410112

ProductName
(Shared by Headlight Software Products)

ProductVersionNumber
1.0.6.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 70c6486d6e7a7dce9fdbd31a732a089d
SHA1 628c980a80f9ffaab8745ad1f830ab49615afc61
SHA256 269bdfbc16af0a66ab83e361ba20219e5db72572bc1cdc7a9242ab68a6060a05
ssdeep
6144:uWudh44fHyOBSACA1Pl+BEiwRwRQAEkq0gLbFLT8YTBH:undSUStdWiwSfEk6bFLHB

authentihash 56f39322b3dd77feed77cd68459a92af0b2b7040353d471ea9eed39afe82b7ac
imphash 56f0834e6e4b0849e6b742c661802063
File size 579.5 KB ( 593408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-28 00:15:53 UTC ( 2 years, 10 months ago )
Last submission 2016-09-12 08:22:42 UTC ( 2 years, 6 months ago )
File names AUSPOST_97287.exe
udminPrivSetting.exe
AUSPOST_97287.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications