× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3707714825a8829666d3f116eabac73aa965c0e93532fca78d5078b8c5445f0b
File name: TCPView
Detection ratio: 1 / 54
Analysis date: 2016-01-09 19:17:20 UTC ( 1 year, 4 months ago )
Antivirus Result Update
F-Secure Trojan:W32/Backdoored.A 20160123
AegisLab 20160122
Yandex 20160123
AhnLab-V3 20160123
Alibaba 20160122
ALYac 20160123
Antiy-AVL 20160123
Arcabit 20160123
Avast 20160123
AVG 20160123
Avira (no cloud) 20160123
AVware 20160111
Baidu-International 20160123
BitDefender 20160123
Bkav 20160122
ByteHero 20160123
CAT-QuickHeal 20160123
ClamAV 20160123
CMC 20160111
Comodo 20160123
Cyren 20160123
DrWeb 20160123
Emsisoft 20160123
ESET-NOD32 20160123
F-Prot 20160123
Fortinet 20160123
GData 20160123
Ikarus 20160123
Jiangmin 20160123
K7AntiVirus 20160123
K7GW 20160123
Kaspersky 20160123
Malwarebytes 20160123
McAfee 20160123
McAfee-GW-Edition 20160123
Microsoft 20160123
eScan 20160123
NANO-Antivirus 20160123
nProtect 20160122
Panda 20160123
Qihoo-360 20160123
Rising 20160122
Sophos 20160123
SUPERAntiSpyware 20160123
Symantec 20160122
TheHacker 20160119
TotalDefense 20160123
TrendMicro 20160123
TrendMicro-HouseCall 20160123
VBA32 20160123
VIPRE 20160123
ViRobot 20160123
Zillya 20160122
Zoner 20160123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1998-2011 Mark Russinovich and Bryce Cogswell

Product Sysinternals TCPView
Internal name TCPView
File version 3.05
Description TCP/UDP endpoint viewer
Signature verification A certificate was explicitly revoked by its issuer.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-18 11:46:19
Entry Point 0x000149D8
Number of sections 4
PE sections
Overlays
MD5 578566b45e2abc7b6d1ee302c6d9a473
File type data
Offset 293888
Size 3848
Entropy 7.13
PE imports
GetTokenInformation
FlushTraceA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegOpenKeyExA
RegCreateKeyA
ConvertSidToStringSidA
CreateToolbarEx
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
Ord(6)
PrintDlgA
GetSaveFileNameA
ChooseFontA
GetDeviceCaps
GetObjectA
SetMapMode
DeleteDC
CreateFontIndirectA
SetBkMode
StartDocA
GetStockObject
GetBkColor
EndDoc
GetTextMetricsA
CreateSolidBrush
StartPage
SelectObject
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
EndPage
SetTcpEntry
GetUdpTable
GetTcpTable
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
TlsGetValue
FormatMessageA
SetLastError
DeviceIoControl
GetUserDefaultLangID
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
RaiseException
EnumSystemLocalesA
SetConsoleCtrlHandler
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
GetNumberFormatA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
OpenProcess
ReadProcessMemory
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
ResetEvent
IsValidLocale
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
QueryPerformanceFrequency
CompareStringA
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
CreateErrorInfo
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SysStringLen
SysStringByteLen
SysAllocStringLen
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayGetUBound
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
VariantInit
SafeArrayGetElement
GetModuleFileNameExA
SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
CommandLineToArgvW
SetFocus
GetMessageA
GetParent
UpdateWindow
PostMessageA
EndDialog
LoadMenuA
ReleaseCapture
DefWindowProcA
KillTimer
PostQuitMessage
ScreenToClient
ShowWindow
SetWindowPos
GetSystemMetrics
EnableMenuItem
GetMenu
SetTimer
DispatchMessageA
ClientToScreen
SetDlgItemTextA
SetCapture
SetMenuItemInfoA
MessageBoxA
ChildWindowFromPoint
SetWindowLongA
GetWindowLongA
TranslateMessage
DialogBoxParamA
GetFocus
GetSysColor
GetDC
GetCursorPos
LoadAcceleratorsA
SetWindowTextA
CheckMenuItem
DestroyIcon
LoadStringA
SetClipboardData
DrawIconEx
IsZoomed
EmptyClipboard
DrawTextA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
SetCursor
MoveWindow
IsIconic
RegisterClassA
InvalidateRect
InsertMenuA
GetSubMenu
CreateMenu
LoadCursorA
LoadIconA
TrackPopupMenu
SendMessageA
TranslateAcceleratorA
GetWindowRect
GetSysColorBrush
InflateRect
CallWindowProcA
RedrawWindow
ReleaseDC
FillRect
CloseClipboard
InvalidateRgn
DestroyWindow
DialogBoxIndirectParamA
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
gethostname
socket
closesocket
ntohl
send
getservbyport
WSAStartup
gethostbyname
ntohs
connect
htonl
htons
recv
gethostbyaddr
WSAGetLastError
CoCreateInstance
CoInitialize
CoSetProxyBlanket
Number of PE resources by type
RT_ICON 5
RT_DIALOG 4
RT_GROUP_ICON 3
RT_STRING 2
RT_MENU 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.5.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
55296

EntryPoint
0x149d8

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1998-2011 Mark Russinovich and Bryce Cogswell

FileVersion
3.05

TimeStamp
2011:05:18 12:46:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TCPView

ProductVersion
3.05

FileDescription
TCP/UDP endpoint viewer

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
237568

ProductName
Sysinternals TCPView

ProductVersionNumber
3.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 edd9e7e2dd4a4651b0c0df960e04508b
SHA1 3c7e0d4e0a30c9f4e29b4e33770653ba73918157
SHA256 3707714825a8829666d3f116eabac73aa965c0e93532fca78d5078b8c5445f0b
ssdeep
6144:D1o12lUr7EbaK1zw9mdo7DZJ/wDAUZlYmtUhMKlfYA:DC1Zob/w9tDZJwDrPYm8RYA

authentihash 3ed3a70a2480d001382729f03ded55a4b6e7c3109ba5f02f9771ad195b4c778b
imphash 3ce43dcc9f8226b50b65387f4477de91
File size 290.8 KB ( 297736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-17 03:28:51 UTC ( 1 year, 5 months ago )
Last submission 2015-12-17 13:22:28 UTC ( 1 year, 5 months ago )
File names TCPView
tcpview.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs