× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 27b92bdb47f84d9c34d1c0d054c405d6e25701c1c2b68e1f219235b7a8854899
File name: PasswordGuard.exe
Detection ratio: 58 / 71
Analysis date: 2019-01-26 05:17:05 UTC ( 1 month, 4 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190124
Ad-Aware Generic.Malware.SFL.99DE215A 20190126
AegisLab Trojan.Win32.Pincav.4!c 20190126
AhnLab-V3 Spyware/Win32.KeyLogger.R98057 20190125
ALYac Generic.Malware.SFL.99DE215A 20190126
Antiy-AVL Trojan/Win32.Pincav 20190126
Arcabit Generic.Malware.SFL.99DE215A 20190126
Avast Win32:Evo-gen [Susp] 20190126
AVG Win32:Evo-gen [Susp] 20190126
Avira (no cloud) TR/Spy.Gen 20190126
BitDefender Generic.Malware.SFL.99DE215A 20190126
CAT-QuickHeal Trojan.Injector 20190125
ClamAV Win.Trojan.Pincav-1696 20190126
Comodo Malware@#k7vqnc7hiwl1 20190126
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.76455f 20190109
Cylance Unsafe 20190126
Cyren W32/Downloader.F.gen!Eldorado 20190126
DrWeb Trojan.PWS.LDPinch.1911 20190126
eGambit Unsafe.AI_Score_99% 20190126
Emsisoft Generic.Malware.SFL.99DE215A (B) 20190126
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 Win32/Spy.KeyLogger.OBS 20190126
F-Prot W32/Downloader.F.gen!Eldorado 20190126
F-Secure Generic.Malware.SFL.99DE215A 20190126
Fortinet W32/KeyLogger.OBS!tr.spy 20190126
GData Generic.Malware.SFL.99DE215A 20190126
Ikarus Trojan.Win32.ProcessHijack 20190125
Sophos ML heuristic 20181128
Jiangmin Trojan/Generic.ardqj 20190126
K7AntiVirus Spyware ( 004e486d1 ) 20190125
K7GW Spyware ( 004e486d1 ) 20190126
Kaspersky Trojan.Win32.Pincav.cjwu 20190126
MAX malware (ai score=84) 20190126
McAfee Artemis!A31A3A276455 20190126
McAfee-GW-Edition BehavesLike.Win32.Backdoor.nc 20190125
Microsoft Trojan:Win32/Occamy.C 20190126
eScan Generic.Malware.SFL.99DE215A 20190126
NANO-Antivirus Trojan.Win32.LDPinch.fidwsc 20190126
Palo Alto Networks (Known Signatures) generic.ml 20190126
Panda Trj/CI.A 20190125
Rising Backdoor.Hupigon!8.B57 (CLOUD) 20190126
SentinelOne (Static ML) static engine - malicious 20190124
Sophos AV Mal/EncPk-ACT 20190126
Symantec SMG.Heur!gen 20190125
Tencent Win32.Trojan.Spy.Lizy 20190126
TheHacker Posible_Worm32 20190125
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_GEN.R002C0OAF19 20190126
TrendMicro-HouseCall TROJ_GEN.R002C0OAF19 20190126
VBA32 Trojan.Pincav 20190125
VIPRE BehavesLike.Win32.Malware.ssc (mx-v) 20190126
ViRobot Trojan.Win32.A.Pincav.36352.D[UPX] 20190125
Webroot W32.Trojan.Gen 20190126
Yandex Trojan.KeyBlack.Gen.LQ 20190125
Zillya Trojan.Pincav.Win32.28592 20190125
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190126
Zoner Trojan.Win32.28887 20190125
Alibaba 20180921
Avast-Mobile 20190125
Babable 20180918
Baidu 20190125
Bkav 20190125
CMC 20190125
Kingsoft 20190126
Malwarebytes 20190126
Qihoo-360 20190126
SUPERAntiSpyware 20190123
TACHYON 20190126
TotalDefense 20190125
Trustlook 20190126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000142F0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ShellExecuteA
SHGetFolderPathA
SetTimer
FtpPutFileA
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x142f0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
45056

Execution parents
File identification
MD5 a31a3a276455fdb200c65b48076ed241
SHA1 44aa0cf0d17d0b8554a4bfe4b96828b5f9ea5a97
SHA256 27b92bdb47f84d9c34d1c0d054c405d6e25701c1c2b68e1f219235b7a8854899
ssdeep
768:7d4r+ThsyEvzEBRf3avFSB7aI1L5OdsQM/uZEnvYg+1R:pjhsFzEBlDP1L5Oq0EnvYF1

authentihash 71409150de7e17251a2916231a99fe8556cb42013374e48fe28be6046358ccf0
imphash 9a34893ae8bd8e0740ea463753c270d3
File size 35.5 KB ( 36352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2019-01-14 23:30:21 UTC ( 2 months, 1 week ago )
Last submission 2019-02-14 18:00:34 UTC ( 1 month, 1 week ago )
File names winda.exe
27b92bdb47f84d9c34d1c0d054c405d6e25701c1c2b68e1f219235b7a8854899.exe
27b92bdb47f84d9c34d1c0d054c405d6e25701c1c2b68e1f219235b7a8854899.bin
PasswordGuard.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs