× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3422f0fd3f5e82f4347c9ed3835302c30815646164f195d8aab15a2fa083d1f0
File name: 3422F0FD3F5E82F4347C9ED3835302C30815646164F195D8AAB15A2FA083D1F0
Detection ratio: 25 / 52
Analysis date: 2016-07-08 12:41:58 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.17577987 20160708
AhnLab-V3 Malware/Win32.Generic.N2039715711 20160708
ALYac Trojan.Generic.17577987 20160708
Antiy-AVL Trojan[Downloader]/Win32.Gootkit 20160708
Arcabit Trojan.Generic.D10C3803 20160708
Avast Win32:Trojan-gen 20160708
AVware Trojan.Win32.Generic!BT 20160708
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160706
BitDefender Trojan.Generic.17577987 20160708
CMC Trojan.Win32.Obfuscated.2!O 20160704
Emsisoft Trojan.Generic.17577987 (B) 20160708
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160708
F-Secure Trojan.Generic.17577987 20160708
GData Trojan.Generic.17577987 20160708
Kaspersky Trojan-Downloader.Win32.Gootkit.ly 20160708
McAfee Artemis!AF9E2BB8677B 20160708
McAfee-GW-Edition BehavesLike.Win32.Xorad.dt 20160708
Microsoft TrojanDownloader:Win32/Talalpek.A 20160708
eScan Trojan.Generic.17577987 20160708
nProtect Trojan.Generic.17577987 20160708
Panda Trj/GdSda.A 20160708
Sophos AV Mal/Generic-S 20160708
Symantec Trojan.Cryptolock!g23 20160708
Tencent Win32.Trojan-downloader.Gootkit.Lqpa 20160708
VIPRE Trojan.Win32.Generic!BT 20160708
AegisLab 20160708
Alibaba 20160708
AVG 20160708
Bkav 20160707
CAT-QuickHeal 20160708
ClamAV 20160708
Comodo 20160708
Cyren 20160708
DrWeb 20160708
F-Prot 20160708
Fortinet 20160708
Ikarus 20160708
Jiangmin 20160708
K7AntiVirus 20160708
K7GW 20160708
Kingsoft 20160708
Malwarebytes 20160708
NANO-Antivirus 20160708
Qihoo-360 20160708
SUPERAntiSpyware 20160708
TheHacker 20160707
TrendMicro 20160708
TrendMicro-HouseCall 20160708
VBA32 20160708
ViRobot 20160708
Zillya 20160708
Zoner 20160708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2013 Steganos Software GmbH

Product Steganos Safe 17
Original name usbstarter.exe
Internal name usbstarter.exe
File version 17.0.2.11443
Description Steganos PortableSafe USB Starter
Comments Steganos Safe 17
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-05 07:55:11
Entry Point 0x00001CB0
Number of sections 4
PE sections
PE imports
RegQueryValueExW
RegOpenKeyW
GetEnhMetaFileA
SetMetaRgn
PathToRegion
GetBkMode
SaveDC
GetTextCharset
GetEnhMetaFileW
GetROP2
UnrealizeObject
UpdateColors
GetObjectType
GetLayout
GetMapMode
GetPixelFormat
GetSystemPaletteUse
GetFontLanguageInfo
RealizePalette
GetDCBrushColor
GetColorSpace
GetStockObject
GetPolyFillMode
StrokePath
GetDCPenColor
GetGraphicsMode
GetTextAlign
SwapBuffers
GetTextColor
GetStretchBltMode
WidenPath
GetBkColor
GetTextCharacterExtra
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
GetOEMCP
CreateEventW
LoadResource
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
PeekNamedPipe
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
LoadLibraryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetFullPathNameW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
ReadConsoleW
GetCurrentThreadId
GetProcAddress
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
TlsAlloc
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
OpenEventW
CompareStringW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
FindResourceW
Sleep
CountClipboardFormats
AnyPopup
GetDialogBaseUnits
LoadCursorFromFileA
LoadCursorW
CloseClipboard
GetClipboardSequenceNumber
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
CodeSize
106496

SubsystemVersion
5.0

Comments
Steganos Safe 17

InitializedDataSize
179200

ImageVersion
0.0

ProductName
Steganos Safe 17

FileVersionNumber
17.0.2.11443

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
usbstarter.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
17.0.2.11443

TimeStamp
2016:07:05 08:55:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
usbstarter.exe

ProductVersion
17.0.2.11443

FileDescription
Steganos PortableSafe USB Starter

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2013 Steganos Software GmbH

MachineType
Intel 386 or later, and compatibles

CompanyName
Steganos Software GmbH

LegalTrademarks
Steganos Safe 17 is a trademark of Steganos Software GmbH

FileSubtype
0

ProductVersionNumber
17.0.2.11443

EntryPoint
0x1cb0

ObjectFileType
Executable application

File identification
MD5 af9e2bb8677b45ab7ed71bb844bb8a32
SHA1 0daddecad480ada27bcc3c43bafe6ef8e4678793
SHA256 3422f0fd3f5e82f4347c9ed3835302c30815646164f195d8aab15a2fa083d1f0
ssdeep
3072:U/H46SwUNFr0nXJo/Dt+aN/ctc/U6BoHNKzX+QBZnOo9x:U/H3JUNFoZo/DtjN/2c/BofQZ

authentihash 7c27b3f5b649e1c32289cc813da63446ed4f2911fb0add05a9dc551eff6a5d59
imphash 159524b761994a9294b3ab10d3c3d9e3
File size 280.0 KB ( 286720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-08 05:53:55 UTC ( 2 years, 8 months ago )
Last submission 2016-07-08 12:41:58 UTC ( 2 years, 8 months ago )
File names 3422f0fd3f5e82f4347c9ed3835302c30815646164f195d8aab15a2fa083d1f0.exe
usbstarter.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications