× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 30cd60d723b84e16e832d467d66f5e95f09b19222deb80a636ac2e2465e9e9a0
File name: 1111_exe
Detection ratio: 2 / 57
Analysis date: 2015-10-01 09:50:17 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151001
Panda Trj/Genetic.gen 20151001
Ad-Aware 20151001
AegisLab 20151001
Yandex 20150930
AhnLab-V3 20150930
Alibaba 20150927
ALYac 20151001
Antiy-AVL 20151001
Arcabit 20151001
Avast 20151001
AVG 20151001
Avira (no cloud) 20151001
AVware 20151001
Baidu-International 20151001
BitDefender 20151001
Bkav 20150929
ByteHero 20151001
CAT-QuickHeal 20151001
ClamAV 20150930
CMC 20150930
Comodo 20151001
Cyren 20151001
DrWeb 20151001
Emsisoft 20151001
ESET-NOD32 20151001
F-Prot 20150929
F-Secure 20151001
Fortinet 20151001
GData 20151001
Ikarus 20151001
Jiangmin 20150930
K7AntiVirus 20151001
K7GW 20151001
Kingsoft 20151001
Malwarebytes 20151001
McAfee 20151001
McAfee-GW-Edition 20151001
Microsoft 20151001
eScan 20151001
NANO-Antivirus 20151001
nProtect 20151001
Qihoo-360 20151001
Rising 20150930
Sophos AV 20151001
SUPERAntiSpyware 20151001
Symantec 20150930
Tencent 20151001
TheHacker 20150930
TotalDefense 20151001
TrendMicro 20151001
TrendMicro-HouseCall 20151001
VBA32 20150930
VIPRE 20151001
ViRobot 20151001
Zillya 20150930
Zoner 20151001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Softpi.com.ua 2005

Product TariScope
Original name tsSamsTransfer.dll
Internal name tsSamsTransfer
File version 1.00.0031
Comments This module can't be used with other products without licensing, go softpi.com.ua for more info
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-01 07:30:51
Entry Point 0x00007540
Number of sections 6
PE sections
PE imports
ClusterRegQueryInfoKey
JetTerm
JetSetColumns
JetGetObjectInfo
JetRetrieveKey
JetDupCursor
GetCurrentProcess
TerminateProcess
FileTimeToDosDateTime
SetCriticalSectionSpinCount
CreateFileW
WriteFileEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SwitchToFiber
FindAtomW
LockFile
GetPrivateProfileStructW
WNetGetConnectionW
WNetOpenEnumW
DsCrackSpnA
DsMapSchemaGuidsW
SysFreeString
StrTrimW
StrRetToBSTR
StrRStrIW
wvnsprintfW
QueryContextAttributesW
AcquireCredentialsHandleA
MapWindowPoints
DrawTextA
GetDCEx
PostThreadMessageW
CreateDesktopA
SetMenuItemInfoA
GetWindowTextW
SetWindowContextHelpId
DlgDirSelectExW
KillTimer
GetClassNameA
GetFocus
SetCaretPos
MapVirtualKeyExA
GetProcessWindowStation
GetScrollPos
GetKeyState
WSARecv
accept
WSACreateEvent
WSAInstallServiceClassW
WSASocketW
shutdown
WSAAddressToStringA
WSAResetEvent
WSASetBlockingHook
WSAGetServiceClassNameByClassIdA
WSAEnumProtocolsA
WSAHtons
WSAGetServiceClassInfoW
WSAAsyncGetProtoByName
WSAHtonl
WSARecvDisconnect
WSAUnhookBlockingHook
WSAAsyncSelect
WSASetLastError
WSAAddressToStringW
WSAIoctl
WSANtohs
setsockopt
WSASetEvent
WSASendTo
getprotobyname
recvfrom
sendto
WSAAsyncGetServByPort
WSASend
GetFileTitleW
CreateProfileFromLogColorSpaceA
SetColorProfileElementReference
OpenColorProfileW
RegisterCMMW
GetColorDirectoryW
GetCountColorProfileElements
UnregisterCMMW
GetCMMInfo
_except_handler3
strtoul
fscanf
_unlock
_lock
__dllonexit
_onexit
isprint
exit
__iscsymf
freopen
wcstol
_wspawnle
feof
memcpy
tolower
CLSIDFromString
Number of PE resources by type
TYPELIB 1
_IID_CLSTRANSFER 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This module can't be used with other products without licensing, go softpi.com.ua for more info

InitializedDataSize
98304

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.31

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
0.1

EntryPoint
0x7540

OriginalFileName
tsSamsTransfer.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Softpi.com.ua 2005

FileVersion
1.00.0031

TimeStamp
2015:10:01 08:30:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
tsSamsTransfer

ProductVersion
1.00.0031

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SoftPI

CodeSize
28672

ProductName
TariScope

ProductVersionNumber
1.0.0.31

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 d7e0beb36eda1936eed62582c87dd14a
SHA1 a5ef20c19c0167a87566fe98c3141d1cd70056b5
SHA256 30cd60d723b84e16e832d467d66f5e95f09b19222deb80a636ac2e2465e9e9a0
ssdeep
3072:LSfkfBmnPTkfYIKhZ/0clrYQwmkl3ZFb5Vy/9i2:LScwnPHhN0clrYQwmklpFbYi

authentihash c04f643b029bf3ce03c797d0ba6005853a25e97b94b919ecb89498bb24cdf2e8
imphash 2ef2a93cb267e06835faf56ab4cc0460
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-01 09:09:02 UTC ( 3 years, 7 months ago )
Last submission 2016-12-16 17:35:48 UTC ( 2 years, 5 months ago )
File names 1111[1].exe
tsSamsTransfer.dll
1111 - Copy[1].exe
1111.exe
zzA.exe
ada36e96fa4efa88145a0053d2880a44a6c7906f
1111_exe
tsSamsTransfer
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections