× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2775419a0e0e771df9dc8e63f6c32b1ea78701413e295a18b9b02e716f85326c
File name: rad7C89C.tmp.exe
Detection ratio: 9 / 56
Analysis date: 2016-10-26 00:47:13 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20161026
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161025
Bkav HW32.Packed.E493 20161025
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.PWS.Papras.2166 20161026
Sophos ML virus.win32.sality.at 20161018
McAfee-GW-Edition BehavesLike.Win32.Dialer.ch 20161025
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161026
Symantec Heur.AdvML.B 20161026
Ad-Aware 20161026
AegisLab 20161025
AhnLab-V3 20161025
ALYac 20161026
Antiy-AVL 20161026
Arcabit 20161026
AVG 20161026
Avira (no cloud) 20161025
AVware 20161026
BitDefender 20161026
CAT-QuickHeal 20161025
ClamAV 20161025
CMC 20161025
Comodo 20161026
Cyren 20161026
Emsisoft 20161026
ESET-NOD32 20161025
F-Prot 20161025
F-Secure 20161025
Fortinet 20161026
GData 20161025
Ikarus 20161025
Jiangmin 20161025
K7AntiVirus 20161025
K7GW 20161025
Kaspersky 20161025
Kingsoft 20161026
Malwarebytes 20161025
McAfee 20161025
Microsoft 20161025
eScan 20161025
NANO-Antivirus 20161026
nProtect 20161025
Panda 20161025
Rising 20161025
Sophos AV 20161025
SUPERAntiSpyware 20161026
Tencent 20161026
TheHacker 20161025
TrendMicro 20161026
TrendMicro-HouseCall 20161026
VBA32 20161025
VIPRE 20161026
ViRobot 20161025
Yandex 20161025
Zillya 20161025
Zoner 20161025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Fortinet

Product VCM Scanner
Original name vcm.exe
Internal name VCM Scanner for FortiClient
File version 1.258.0.0
Description VCM Scanner for FortiClient
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-23 15:49:19
Entry Point 0x0000339B
Number of sections 9
PE sections
PE imports
DirectInput8Create
GetStockObject
UnlockFile
GetLastError
GetCurrencyFormatA
CopyFileW
GetUserDefaultLangID
lstrlenA
GetModuleFileNameW
GetOEMCP
SetEndOfFile
GetSystemDefaultLangID
DebugBreak
DisableThreadLibraryCalls
GetCommMask
VirtualProtect
GetConsoleAliasExesW
GetFileAttributesW
LockFile
LoadLibraryA
FreeLibrary
CreateRemoteThread
GetComputerNameA
GetCurrentProcess
GetPriorityClass
GetWindowsDirectoryW
GetCurrentProcessId
AddAtomA
OpenProcess
AssignProcessToJobObject
SetFilePointer
GetCommConfig
BuildCommDCBAndTimeoutsW
GetEnvironmentVariableA
GetStartupInfoW
DeleteFileW
GetTapePosition
GetConsoleCommandHistoryW
GetCurrentThread
GetComputerNameW
GetTimeFormatW
RaiseException
CheckRemoteDebuggerPresent
GetThreadPriorityBoost
GetSystemDefaultUILanguage
GetModuleHandleA
DebugBreakProcess
ExpungeConsoleCommandHistoryA
ReadFile
InterlockedExchange
WriteFile
CreateMemoryResourceNotification
CloseHandle
GetCompressedFileSizeA
Thread32Next
GetNumberOfConsoleMouseButtons
SetThreadIdealProcessor
Module32FirstW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetExitCodeProcess
FindAtomW
AllocateUserPhysicalPages
GetProcessShutdownParameters
GetNumberFormatA
TerminateProcess
IsBadStringPtrA
CreateFileA
DeleteTimerQueueEx
GetProcAddress
LocalAlloc
SetupChangeFontSize
AsrCreateStateFileA
AsrRestorePlugPlayRegistryData
SetupSetDisplay
SetupInfObjectInstallActionW
GetForegroundWindow
LoadMenuA
FindWindowW
FindWindowA
RegisterClassExW
GetClassNameA
LoadCursorFromFileW
GetWindow
RegisterClassExA
GetClientRect
IsIconic
GetSubMenu
FindWindowExA
LoadCursorA
LoadIconA
GetActiveWindow
AdjustWindowRect
CopyRect
GetSysColorBrush
LoadCursorW
LoadIconW
GetFocus
GetWindowLongW
RsopSetPolicySettingStatus
WaitForMachinePolicyForegroundProcessing
GetProfileType
GetGPOListA
RegisterGPNotification
GetDefaultUserProfileDirectoryW
GetNextFgPolicyRefreshInfo
UnregisterGPNotification
DestroyEnvironmentBlock
ForceSyncFgPolicy
GetProfilesDirectoryA
ExpandEnvironmentStringsForUserA
RsopResetPolicySettingStatus
GetAllUsersProfileDirectoryW
ProcessGroupPolicyCompletedEx
WaitForUserPolicyForegroundProcessing
ProcessGroupPolicyCompleted
RsopFileAccessCheck
FreeGPOListW
SisCreateRestoreStructure
SisRestoredLink
SisFreeRestoreStructure
SisFreeAllocatedMemory
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.258.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
294912

EntryPoint
0x339b

OriginalFileName
vcm.exe

MIMEType
application/octet-stream

LegalCopyright
Fortinet

FileVersion
1.258.0.0

TimeStamp
2014:08:23 16:49:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VCM Scanner for FortiClient

ProductVersion
1.258.0.0

FileDescription
VCM Scanner for FortiClient

OSVersion
5.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fortinet

CodeSize
77824

ProductName
VCM Scanner

ProductVersionNumber
1.258.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 34976648b44273c0b336d2ef89e672db
SHA1 3b5c9a88d4a3a8b4058cbac31f49785741bdd6c7
SHA256 2775419a0e0e771df9dc8e63f6c32b1ea78701413e295a18b9b02e716f85326c
ssdeep
3072:DczpvxR457Ybhemn7uXHUIqYkSjaf9U7ejT2JlqRU:i5mYvnaXUIqDKk9vHg4

authentihash 8fe3ecf3fcc949930cf7de114d3a173fc6ce31aae6e1748a842eb8469c0533c6
imphash e0534b3055c1d5ae8bdd4850f60e590e
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-26 00:47:13 UTC ( 2 years, 3 months ago )
Last submission 2016-10-26 00:47:13 UTC ( 2 years, 3 months ago )
File names vcm.exe
rad7C89C.tmp.exe
VCM Scanner for FortiClient
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Searched windows
Runtime DLLs
UDP communications