× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 34aa123ef8cdc6d33ab92c6f5f8ca655bd3ec21bfba54d1ca5004afae870480a
File name: pdoc
Detection ratio: 0 / 57
Analysis date: 2015-04-23 14:14:21 UTC ( 3 days, 11 hours ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
ALYac 20150423
AVG 20150423
AVware 20150423
Ad-Aware 20150423
AegisLab 20150423
Agnitum 20150423
AhnLab-V3 20150423
Alibaba 20150423
Antiy-AVL 20150423
Avast 20150423
Avira 20150423
Baidu-International 20150421
BitDefender 20150423
Bkav 20150423
ByteHero 20150423
CAT-QuickHeal 20150423
CMC 20150423
ClamAV 20150423
Comodo 20150423
Cyren 20150423
DrWeb 20150423
ESET-NOD32 20150423
Emsisoft 20150423
F-Prot 20150423
F-Secure 20150423
Fortinet 20150423
GData 20150423
Ikarus 20150423
Jiangmin 20150423
K7AntiVirus 20150426
K7GW 20150426
Kaspersky 20150423
Kingsoft 20150423
Malwarebytes 20150423
McAfee 20150423
McAfee-GW-Edition 20150423
MicroWorld-eScan 20150423
Microsoft 20150423
NANO-Antivirus 20150423
Norman 20150423
Panda 20150423
Qihoo-360 20150423
Rising 20150423
SUPERAntiSpyware 20150423
Sophos 20150423
Symantec 20150423
Tencent 20150423
TheHacker 20150423
TotalDefense 20150423
TrendMicro 20150423
TrendMicro-HouseCall 20150423
VBA32 20150423
VIPRE 20150423
ViRobot 20150423
Zillya 20150422
Zoner 20150422
nProtect 20150423
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
(C) 360.cn All Rights Reserved.

Publisher 360.cn
Product 360?????
Original name WindowsXP-KB999999-x86.exe
Internal name pdoc
File version 1, 0, 3, 1019
Description 360????? ??
Signature verification Signed file, verified signature
Signing date 11:21 AM 6/13/2012
Signers
[+] 360.cn
Status Certificate out of its validity period
Valid from 1:00 AM 3/16/2010
Valid to 12:59 AM 3/16/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 7F63633E66A5B4C502575F5E99ECE6F4FE38C4C2
Serial number 74 F2 95 8D 31 D0 3E B0 42 F9 08 15 55 30 52 77
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm MD2
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-13 10:08:57
Entry Point 0x0000CD7A
Number of sections 4
PE sections
PE imports
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_SetImageCount
ImageList_Create
ImageList_Add
GetCurrentObject
DeleteDC
CreateFontIndirectW
SetBkMode
BitBlt
GetStockObject
CreateCompatibleBitmap
CreateSolidBrush
GetObjectW
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateFontW
SetTextColor
GetLastError
HeapFree
EnterCriticalSection
WriteProcessMemory
VirtualAllocEx
lstrlenA
RemoveDirectoryW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
HeapDestroy
DebugBreak
LoadLibraryA
lstrlenW
VirtualFree
DeleteCriticalSection
GetCurrentProcess
FileTimeToLocalFileTime
SizeofResource
VirtualFreeEx
GetFileSize
OpenProcess
LockResource
GetCommandLineW
GetProcessHeap
ReadProcessMemory
CreateDirectoryW
DeleteFileW
CloseHandle
GetPrivateProfileIntW
InterlockedCompareExchange
FlushInstructionCache
GetPrivateProfileStringW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
HeapAlloc
CreateThread
GetModuleFileNameW
MoveFileExW
SetFilePointer
FindNextFileW
InterlockedIncrement
GetStartupInfoW
ReadFile
FindFirstFileW
GetModuleHandleW
FreeLibrary
LocalFree
TerminateProcess
LoadLibraryW
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
GlobalAlloc
CreateProcessW
OutputDebugStringW
FindClose
InterlockedDecrement
Sleep
SetFileAttributesW
GetTickCount
GetCurrentThreadId
GetProcAddress
VirtualAlloc
SetLastError
LeaveCriticalSection
AlphaBlend
_purecall
__p__fmode
__wgetmainargs
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_snwprintf
_CxxThrowException
_except_handler3
??2@YAPAXI@Z
fwrite
__p__commode
_onexit
wcslen
wcscmp
exit
_XcptFilter
memcmp
__setusermatherr
_controlfp
_wcmdln
__CxxFrameHandler
_wcsicmp
fclose
_adjust_fdiv
free
atoi
_wfopen
realloc
_initterm
memmove
strchr
memcpy
wcscpy
iswdigit
_ftol
time
wcsstr
_exit
_wtoi
__set_app_type
SysFreeString
SysAllocString
EnumProcesses
GetProcessImageFileNameW
Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHSetValueW
PathFindFileNameW
SHRegGetPathW
PathFileExistsW
PathMatchSpecW
PathAppendW
SHDeleteValueW
StrToIntW
SHGetValueW
MapWindowPoints
DrawEdge
GetParent
EnableWindow
UpdateWindow
IntersectRect
EndDialog
BeginPaint
OffsetRect
DefWindowProcW
CopyRect
GetCapture
KillTimer
GetMessageW
ScreenToClient
ShowWindow
RegisterWindowMessageW
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
DestroyIcon
PostQuitMessage
GetWindowRect
InflateRect
EndPaint
SetCapture
ReleaseCapture
DialogBoxParamW
AdjustWindowRectEx
TranslateMessage
IsWindowEnabled
GetWindow
PostMessageW
GetSysColor
DispatchMessageW
CreateDialogParamW
GetWindowThreadProcessId
GetDlgCtrlID
SendMessageW
SetCursor
DestroyWindow
FindWindowExW
LoadStringW
GetClientRect
GetWindowTextLengthW
GetDlgItem
SystemParametersInfoW
DrawTextW
LoadImageW
EqualRect
GetDC
ClientToScreen
SetRect
InvalidateRect
DrawFocusRect
SetTimer
CallWindowProcW
GetActiveWindow
IsDialogMessageW
FillRect
FindWindowW
SetWindowTextW
GetWindowTextW
GetDesktopWindow
LoadCursorW
RedrawWindow
CreateWindowExW
PeekMessageW
GetWindowLongW
SetForegroundWindow
CharNextW
GetMenu
ExitWindowsEx
PtInRect
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
GdipLoadImageFromFile
GdipAlloc
GdiplusShutdown
GdipCreateFromHDC
GdipDisposeImage
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipGetImageWidth
GdipLoadImageFromFileICM
GdipFree
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateBitmapFromStream
GetAdaptersInfo
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
URLDownloadToFileW
Number of PE resources by type
RT_DIALOG 6
PNG 3
RT_MANIFEST 1
RT_RCDATA 1
RAW 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 11
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.3.1019

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
107520

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
(C) 360.cn All Rights Reserved.

FileVersion
1, 0, 3, 1019

TimeStamp
2012:06:13 11:08:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pdoc

ProductVersion
1, 0, 3, 1019

FileDescription
360

OSVersion
4.0

OriginalFilename
WindowsXP-KB999999-x86.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
360.cn

CodeSize
50688

ProductName
360

ProductVersionNumber
1.0.3.1019

EntryPoint
0xcd7a

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 887ca5dc4e38d99a87914353ca1b25ff
SHA1 b9c7f9f8b0b458a1c9da7c2e88ddc28f43a93c31
SHA256 34aa123ef8cdc6d33ab92c6f5f8ca655bd3ec21bfba54d1ca5004afae870480a
ssdeep
3072:bZJlVR34Fg5DU2iC1IIDLcHkKT6hnynQnm03TE5Ng5R5aUEIshKRJeIlK:FJuC5iQDLciknQnE5e5IiJeIlK

authentihash d2646273b70bfa091868ea956c2090b03e2b9827c959fd8bf00d8c379982196c
imphash af6d29929cc2414c0ac00e1eb37650b7
File size 156.0 KB ( 159696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (78.5%)
Win32 Executable (generic) (11.3%)
Generic Win/DOS Executable (5.0%)
DOS Executable Generic (5.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo signed

VirusTotal metadata
First submission 2012-06-13 12:02:37 UTC ( 2 years, 10 months ago )
Last submission 2014-10-11 18:06:42 UTC ( 6 months, 2 weeks ago )
File names WindowsXP-KB999999-x86.exe
Windows-KB360018-v4-x86.exe
pdoc
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections