× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c36fcd7013baba1aad7d1540b5de80d8ae38b66e0e110c1e0c226eecff0ea13
File name: 3C36FCD7013BABA1AAD7D1540B5DE80D8AE38B66E0E110C1E0C226EECFF0EA13
Detection ratio: 42 / 53
Analysis date: 2016-08-20 09:07:50 UTC ( 2 years, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3413412 20160820
AegisLab Troj.W32.Generic!c 20160820
AhnLab-V3 Trojan/Win32.Generic.N2049806524 20160819
ALYac Trojan.GenericKD.3413412 20160820
Arcabit Trojan.Generic.D3415A4 20160820
Avast Win32:Trojan-gen 20160820
AVG Generic_r.LJI 20160820
Avira (no cloud) TR/Agent.btko 20160819
AVware Trojan.Win32.Generic!BT 20160820
Baidu Win32.Trojan.WisdomEyes.151026.9950.9995 20160820
BitDefender Trojan.GenericKD.3413412 20160820
Bkav W32.FamVT.RazyNHmA.Trojan 20160818
CAT-QuickHeal Trojan.Generic 20160818
Cyren W32/S-e2e07e9d!Eldorado 20160820
DrWeb BackDoor.IRC.NgrBot.566 20160820
Emsisoft Trojan.GenericKD.3413412 (B) 20160820
ESET-NOD32 a variant of Win32/Injector.DCHG 20160820
F-Prot W32/S-e2e07e9d!Eldorado 20160820
F-Secure Trojan.GenericKD.3413412 20160820
Fortinet W32/Generic!tr 20160820
GData Trojan.GenericKD.3413412 20160820
Ikarus Trojan.Win32.Injector 20160820
Jiangmin Backdoor.Ruskill.jt 20160820
K7AntiVirus Trojan ( 004f46291 ) 20160820
K7GW Trojan ( 004f46291 ) 20160820
Kaspersky HEUR:Trojan.Win32.Generic 20160820
Malwarebytes Backdoor.Andromeda 20160820
McAfee RDN/Generic.grp 20160820
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20160820
Microsoft Worm:Win32/Dorkbot 20160820
eScan Trojan.GenericKD.3413412 20160820
NANO-Antivirus Trojan.Win32.NgrBot.eemeod 20160820
Panda Trj/GdSda.A 20160820
Qihoo-360 HEUR/QVM09.0.8733.Malware.Gen 20160820
Sophos AV Mal/Generic-S 20160820
Symantec Trojan.Gen.2 20160820
Tencent Win32.Trojan.Generic.Eaxz 20160820
TrendMicro TROJ_GEN.R021C0CGL16 20160820
TrendMicro-HouseCall TROJ_GEN.R021C0CGL16 20160820
VIPRE Trojan.Win32.Generic!BT 20160820
Yandex Trojan.Agent!5OLuNsLR/is 20160819
Zillya Trojan.Injector.Win32.399890 20160819
Alibaba 20160819
Antiy-AVL 20160820
ClamAV 20160820
CMC 20160818
Comodo 20160819
Kingsoft 20160820
nProtect None
Rising 20160820
SUPERAntiSpyware 20160820
TheHacker 20160817
VBA32 20160819
ViRobot 20160820
Zoner 20160820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Tim Kosse

Product FileZilla
Original name FileZilla_3.10.1.1_win32-
File version 3.10.1.1
Description FileZilla FTP Client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-17 15:57:15
Entry Point 0x0000C2E7
Number of sections 4
PE sections
PE imports
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetCommMask
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
InterlockedIncrement
GetConsoleOutputCP
GetNamedPipeHandleStateA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
TlsFree
GetProcessHeap
SetStdHandle
CompareStringW
GetCPInfo
GetStringTypeA
SetFilePointer
FlushFileBuffers
ReadFile
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
IsDebuggerPresent
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
WriteConsoleW
CompareStringA
DdeImpersonateClient
GetWindowTextLengthA
GetIconInfo
UpdateWindow
EndMenu
IsZoomed
GetActiveWindow
GetNextDlgTabItem
GetClassLongA
Number of PE resources by type
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
217600

ImageVersion
0.0

ProductName
FileZilla

FileVersionNumber
3.10.1.1

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
FileZilla FTP Client

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
FileZilla_3.10.1.1_win32-

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.10.1.1

TimeStamp
2016:07:17 16:57:15+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.10.1.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Tim Kosse

MachineType
Intel 386 or later, and compatibles

CompanyName
Tim Kosse

CodeSize
102912

FileSubtype
0

ProductVersionNumber
3.10.1.1

EntryPoint
0xc2e7

ObjectFileType
Executable application

File identification
MD5 1e7ffe4ed00859cb7c65cbb65872bde6
SHA1 d490f0aa835fe3df52cd21d963a390329a9ab8f4
SHA256 3c36fcd7013baba1aad7d1540b5de80d8ae38b66e0e110c1e0c226eecff0ea13
ssdeep
6144:hK5+j5BVUb3xav9dHfG2TydP0dlZmjE0zQUnvkCdD:hK5+j5Be3xq9dHduq7YNQUnpdD

authentihash 0b8382b0bc027344d72556d733bdefaee13edf38ead5388278c152a707f1c030
imphash fb6a569d9df641afcc16390b7c3aff87
File size 314.0 KB ( 321536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-18 00:58:43 UTC ( 2 years, 3 months ago )
Last submission 2016-08-20 09:07:50 UTC ( 2 years, 2 months ago )
File names 1E7FFE4ED00859CB7C65CBB65872BDE6
FileZilla_3.10.1.1_win32-
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications