× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 33bb46b904fb44db50b02f0434fb39172c530db9dfc09219a6a0080a73db6f6c
File name: 5d7cbe702eb1e175ab9b482983a08983.virus
Detection ratio: 41 / 55
Analysis date: 2016-08-02 18:08:08 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.17626447 20160802
AhnLab-V3 Malware/Win32.Generic.N2041361265 20160802
ALYac Trojan.Generic.17626447 20160802
Antiy-AVL Trojan[Downloader]/Win32.Gootkit 20160802
Arcabit Trojan.Generic.D10CF54F 20160802
Avast Win32:Trojan-gen 20160802
AVG Generic_r.KYG 20160802
Avira (no cloud) TR/Crypt.ZPACK.fchu 20160802
AVware Trojan.Win32.Generic!BT 20160802
Baidu Win32.Trojan.Kryptik.anp 20160802
BitDefender Trojan.Generic.17626447 20160802
CMC Trojan.Win32.Obfuscated.2!O 20160801
Comodo TrojWare.Win32.Kryptik.FBWM 20160802
Cyren W32/Trojan.XNHL-0195 20160802
DrWeb Trojan.Gootkit.16 20160802
Emsisoft Trojan.Generic.17626447 (B) 20160802
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160802
F-Secure Trojan.Generic.17626447 20160802
Fortinet W32/Generic.AP.44240 20160802
GData Trojan.Generic.17626447 20160802
Ikarus PUA.Downloader 20160802
Jiangmin Downloader.LMN.dos 20160802
K7AntiVirus Trojan-Downloader ( 004e137c1 ) 20160802
K7GW Trojan-Downloader ( 004e137c1 ) 20160802
Kaspersky Trojan-Downloader.Win32.Gootkit.oe 20160802
McAfee GenericRXAD-BX!5D7CBE702EB1 20160802
McAfee-GW-Edition BehavesLike.Win32.Trojan.dt 20160802
Microsoft TrojanDownloader:Win32/Talalpek!rfn 20160802
eScan Trojan.Generic.17626447 20160802
NANO-Antivirus Trojan.Win32.Gootkit.eelyza 20160802
nProtect Trojan.Generic.17626447 20160802
Panda Trj/GdSda.A 20160802
Qihoo-360 QVM20.1.Malware.Gen 20160802
Sophos AV Mal/Generic-S 20160802
Symantec Packed.Generic.459 20160802
Tencent Win32.Trojan.Fakedoc.Auto 20160802
TrendMicro TROJ_GEN.R011C0DGA16 20160802
TrendMicro-HouseCall TROJ_GEN.R011C0DGA16 20160802
VIPRE Trojan.Win32.Generic!BT 20160802
Yandex Trojan.Agent!VzSAk/ABylU 20160802
Zillya Trojan.Agent.Win32.706116 20160802
AegisLab 20160801
Alibaba 20160802
Bkav 20160802
CAT-QuickHeal 20160802
ClamAV 20160802
F-Prot 20160802
Kingsoft 20160802
Malwarebytes 20160802
SUPERAntiSpyware 20160802
TheHacker 20160802
TotalDefense 20160802
VBA32 20160802
ViRobot 20160802
Zoner 20160802
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2013 Steganos Software GmbH

Product Steganos Safe 17
Original name usbstarter.exe
Internal name usbstarter.exe
File version 17.0.2.11443
Description Steganos PortableSafe USB Starter
Comments Steganos Safe 17
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-07 14:14:21
Entry Point 0x00001A40
Number of sections 4
PE sections
PE imports
RegQueryValueExW
RegOpenKeyW
GetEnhMetaFileA
SetMetaRgn
GetBkMode
SaveDC
PathToRegion
GetROP2
UpdateColors
GetObjectType
GetLayout
StrokePath
GetMapMode
GetPixelFormat
GetTextColor
GetFontLanguageInfo
RealizePalette
GetDCBrushColor
GetColorSpace
GetStockObject
GetPolyFillMode
UnrealizeObject
GetDCPenColor
GetGraphicsMode
GetTextAlign
GetSystemPaletteUse
GetStretchBltMode
WidenPath
GetBkColor
GetTextCharacterExtra
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
GetOEMCP
CreateEventW
LoadResource
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
PeekNamedPipe
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
LoadLibraryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetFullPathNameW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
ReadConsoleW
GetCurrentThreadId
GetProcAddress
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
TlsAlloc
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
OpenEventW
CompareStringW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
FindResourceW
Sleep
CountClipboardFormats
AnyPopup
LoadCursorW
LoadCursorFromFileA
GetDialogBaseUnits
CloseClipboard
GetClipboardSequenceNumber
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
LegalTrademarks
Steganos Safe 17 is a trademark of Steganos Software GmbH

SubsystemVersion
5.0

Comments
Steganos Safe 17

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
17.0.2.11443

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Steganos PortableSafe USB Starter

CharacterSet
Windows, Latin1

InitializedDataSize
179200

EntryPoint
0x1a40

OriginalFileName
usbstarter.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2013 Steganos Software GmbH

FileVersion
17.0.2.11443

TimeStamp
2016:07:07 15:14:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
usbstarter.exe

ProductVersion
17.0.2.11443

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Steganos Software GmbH

CodeSize
107008

ProductName
Steganos Safe 17

ProductVersionNumber
17.0.2.11443

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5d7cbe702eb1e175ab9b482983a08983
SHA1 44c1e9f72bf3be0803c8b30183f6522dc4caecb3
SHA256 33bb46b904fb44db50b02f0434fb39172c530db9dfc09219a6a0080a73db6f6c
ssdeep
1536:bqEK3P+0Hswb7iHgNeDwPoFnyveL1NXZoPTm4uFnYGZvwX4EKI7EkCg5O6U0eo9x:+N20MWqgNwvyWZNKHuFrwXR/Zneo9x

authentihash f81060a4220529a485c050832e9081d9cc530d346b4236dabbd02bbc944d4e74
imphash c2529ef9f25249e4b197c05b1cab5b35
File size 280.5 KB ( 287232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-02 18:08:08 UTC ( 2 years, 6 months ago )
Last submission 2016-08-02 18:08:08 UTC ( 2 years, 6 months ago )
File names 5d7cbe702eb1e175ab9b482983a08983.virus
usbstarter.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications