× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 348cb2bf4b136e44919b7c5d6fad367fb35aa554a45a338497a37865946cdf63
File name: WifiInfoView
Detection ratio: 42 / 55
Analysis date: 2016-06-24 14:55:39 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.597713 20160624
AegisLab Troj.W32.Agent!c 20160624
AhnLab-V3 Trojan/Win32.Yakes.N1098409777 20160624
ALYac Gen:Variant.Kazy.597713 20160624
Antiy-AVL Trojan/Win32.Agent 20160624
Arcabit Trojan.Kazy.D91ED1 20160624
Avast Win32:GenMalicious-FHW [Trj] 20160624
AVG Win32/Cryptor 20160624
AVware Worm.Win32.Dorkbot.b (v) 20160624
Baidu Win32.Trojan.WisdomEyes.151026.9950.9984 20160624
Baidu-International Adware.Win32.Agent.Elnx 20160614
BitDefender Gen:Variant.Kazy.597713 20160624
CAT-QuickHeal Worm.Gamarue.I5 20160623
CMC Trojan.Win32.Agent!O 20160620
Comodo TrojWare.Win32.Injector.AJSX 20160624
Cyren W32/S-f8d9df3f!Eldorado 20160624
Emsisoft Gen:Variant.Kazy.597713 (B) 20160624
ESET-NOD32 a variant of Win32/Injector.AXJE 20160624
F-Prot W32/S-f8d9df3f!Eldorado 20160624
F-Secure Gen:Variant.Kazy.597713 20160624
Fortinet W32/Injector.AVRA!tr 20160624
GData Gen:Variant.Kazy.597713 20160624
Ikarus Virus.Win32.Injector 20160624
K7AntiVirus Trojan ( 0040f8041 ) 20160624
K7GW Trojan ( 0040f8041 ) 20160624
Kaspersky Trojan.Win32.Agent.ibvn 20160624
Malwarebytes Backdoor.Bot 20160624
McAfee PWSZbot-FSR!4B5F06D4B9D2 20160624
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20160624
Microsoft VirTool:Win32/Injector.EP 20160624
eScan Gen:Variant.Kazy.597713 20160624
NANO-Antivirus Trojan.Win32.Agent.ctodbv 20160624
Panda Trj/Crilock.C 20160624
Sophos AV Mal/Generic-S 20160624
Symantec Suspicious.Cloud.9 20160624
Tencent Win32.Trojan.Crypt.Pdwp 20160624
TrendMicro TROJ_CROWTI.SMN1 20160624
TrendMicro-HouseCall TROJ_CROWTI.SMN1 20160624
VBA32 SScope.Worm.Ngrbot.2414 20160624
VIPRE Worm.Win32.Dorkbot.b (v) 20160624
Yandex Trojan.Agent!OfPeEgN8QcI 20160624
Zillya Trojan.Agent.Win32.446003 20160624
Alibaba 20160624
Bkav 20160623
ClamAV 20160624
DrWeb 20160624
Jiangmin 20160624
Kingsoft 20160624
nProtect 20160624
Qihoo-360 20160624
SUPERAntiSpyware 20160624
TheHacker 20160624
TotalDefense 20160624
ViRobot 20160624
Zoner 20160624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2012 - 2013 Nir Sofer

Product WifiInfoView
Original name WifiInfoView.exe
Internal name WifiInfoView
File version 1.26
Description WifiInfoView
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-10 11:10:52
Entry Point 0x00004B1D
Number of sections 4
PE sections
Overlays
MD5 a83a92b43f4ca12fabcdf3bdf9683622
File type data
Offset 226304
Size 1245
Entropy 7.75
PE imports
EndPath
TextOutA
LineTo
SelectClipPath
GetTextExtentPoint32A
MoveToEx
GetStockObject
DeleteObject
CloseMetaFile
CancelDC
ChoosePixelFormat
SelectObject
BeginPath
CopyEnhMetaFileA
ColorCorrectPalette
CheckColorsInGamut
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
SetEvent
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
GlobalGetAtomNameA
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
DebugBreak
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
CreateThread
GetLocaleInfoA
GetCurrentProcessId
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
WritePrivateProfileSectionA
GetCommandLineA
GetProcAddress
EncodePointer
GetLocaleInfoW
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
HeapSetInformation
FormatMessageA
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
IsProcessorFeaturePresent
CreateWaitableTimerA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
CreateEventA
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
WNetOpenEnumA
WNetDisconnectDialog
WNetEnumResourceW
WNetAddConnection2W
WNetGetResourceParentW
glColorMask
glVertex2i
glTexParameteriv
glTexEnviv
glTexCoord2s
glTexCoord3dv
glRasterPos3s
DragQueryFileW
ShellExecuteExA
FindExecutableA
DragAcceptFiles
ExtractIconExW
Shell_NotifyIconA
DragFinish
GetListBoxInfo
IsCharAlphaNumericA
LoadCursorA
DestroyIcon
ReleaseDC
DrawTextExW
FillRect
ChangeDisplaySettingsExA
LoadImageA
UnregisterClassW
GetClientRect
DdeNameService
EnumPropsExA
LoadImageW
GetWindowWord
GetDC
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
InternetFindNextFileA
SetUrlCacheEntryGroup
InternetGetLastResponseInfoW
InternetCreateUrlA
GopherFindFirstFileA
SymUnDName64
MiniDumpWriteDump
EnumerateLoadedModules
SymUnloadModule
SymGetLineFromName
SymEnumerateSymbols64
SymEnumSymbols
OleDraw
OleFlushClipboard
CoRegisterMallocSpy
OleRegEnumVerbs
OleDestroyMenuDescriptor
OleCreateLinkFromDataEx
CoResumeClassObjects
CoCreateFreeThreadedMarshaler
CreateAsyncBindCtx
CreateURLMoniker
URLOpenBlockingStreamW
Number of PE resources by type
RT_STRING 14
RT_VERSION 1
RT_HTML 1
Number of PE resources by language
ENGLISH US 14
HEBREW DEFAULT 1
ENGLISH CAN 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.6.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
162816

EntryPoint
0x4b1d

OriginalFileName
WifiInfoView.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012 - 2013 Nir Sofer

FileVersion
1.26

TimeStamp
2014:02:10 12:10:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WifiInfoView

ProductVersion
1.26

FileDescription
WifiInfoView

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
62464

ProductName
WifiInfoView

ProductVersionNumber
1.2.6.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4b5f06d4b9d2c22af3dbc273d4eda207
SHA1 01dd65483a2a1dfaa355823dfd150f08b2bda5a9
SHA256 348cb2bf4b136e44919b7c5d6fad367fb35aa554a45a338497a37865946cdf63
ssdeep
3072:dpo9GJG1I/60Eq54q7hv4ELkp1CorXXyALWXY2viVSHtULjkaCx5bW1QzUC91Lom:roYJEi6tKRorXX1qI2vYE0j4i1QnXVZ

authentihash 494d93daf5a9805d17f344be9ca61c67f86b00c909b0666dbaabd5fc98430c3e
imphash 0b6ad150f906e9059e8446573eb15ba8
File size 222.2 KB ( 227549 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-02-10 14:39:04 UTC ( 4 years, 10 months ago )
Last submission 2016-06-24 14:55:39 UTC ( 2 years, 5 months ago )
File names WifiInfoView.exe
xk.exe
WifiInfoView
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs