× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e5480b19f50b0c263f39a247d5a5ba1d8019763e231a9c3b6db4b0c53c1d8e2
File name: ApplicationRegistration.exe
Detection ratio: 43 / 55
Analysis date: 2016-07-17 12:15:48 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.246254 20160717
AegisLab Troj.Spy.W32.Zbot.prhn!c 20160717
AhnLab-V3 Trojan/Win32.Zbot.N950695023 20160717
ALYac Gen:Variant.Kazy.246254 20160717
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160717
Arcabit Trojan.Kazy.D3C1EE 20160717
Avast Win32:Evo-gen [Susp] 20160715
AVG SHeur4.BQBK 20160717
Avira (no cloud) TR/Spy.ZBot.prhn 20160717
AVware Trojan.Win32.Nyamaim.b (v) 20160717
Baidu Win32.Trojan.WisdomEyes.151026.9950.9984 20160715
BitDefender Gen:Variant.Kazy.246254 20160717
CAT-QuickHeal Trojan.Generic.r8 20160716
Comodo UnclassifiedMalware 20160717
DrWeb Trojan.PWS.Panda.2977 20160717
Emsisoft Gen:Variant.Kazy.246254 (B) 20160717
ESET-NOD32 a variant of Win32/Injector.AMPZ 20160717
F-Secure Gen:Variant.Kazy.246254 20160717
Fortinet W32/FakeAV.NO!tr 20160717
GData Gen:Variant.Kazy.246254 20160717
Ikarus Trojan.Win32.Injector 20160717
K7AntiVirus Trojan ( 00458eab1 ) 20160717
K7GW Trojan ( 00458eab1 ) 20160717
Kaspersky HEUR:Trojan.Win32.Generic 20160717
Kingsoft Win32.Troj.Zbot.pr.(kcloud) 20160717
Malwarebytes Spyware.Zbot.ED 20160717
McAfee PWS-Zbot.dx 20160717
McAfee-GW-Edition BehavesLike.Win32.ZBot.dc 20160717
Microsoft PWS:Win32/Zbot 20160717
eScan Gen:Variant.Kazy.246254 20160717
NANO-Antivirus Trojan.Win32.Panda.dskomy 20160717
Panda Trj/Genetic.gen 20160717
Qihoo-360 HEUR/Malware.QVM20.Gen 20160717
Sophos Mal/Generic-S 20160717
Symantec Heur.AdvML.C 20160717
Tencent Win32.Trojan.Spy.Iso 20160717
TrendMicro TROJ_SPNR.14JK13 20160717
TrendMicro-HouseCall TROJ_SPNR.14JK13 20160717
VBA32 BScope.P2P-Worm.Palevo 20160715
VIPRE Trojan.Win32.Nyamaim.b (v) 20160717
ViRobot Trojan.Win32.Z.Zbot.252416.AC[h] 20160717
Yandex Trojan.Injector!y2EkHju+ptQ 20160716
Zillya Trojan.Zbot.Win32.139141 20160717
Alibaba 20160715
Bkav 20160716
ClamAV 20160717
CMC 20160715
Cyren 20160717
F-Prot 20160717
Jiangmin 20160717
nProtect 20160715
SUPERAntiSpyware 20160717
TheHacker 20160714
TotalDefense 20160713
Zoner 20160717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2011. Sony Creative Software Inc. All rights reserved.

Product Sony ApplicationRegistration
Original name ApplicationRegistration.exe
Internal name ApplicationRegistration.exe
File version Version 11.0 (Build 510)
Description Sony Application Registration Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-10 04:41:25
Entry Point 0x000103DD
Number of sections 8
PE sections
PE imports
SetSecurityDescriptorDacl
RegCloseKey
LookupAccountSidW
RegSetValueExW
RegQueryValueExA
AddAccessAllowedAce
SetFileSecurityW
RegSetValueExA
InitializeAcl
RegCreateKeyExA
RegOpenKeyExA
GetAce
RegQueryValueExW
InitializeSecurityDescriptor
GetLastError
HeapFree
lstrcpynW
ReleaseMutex
DelayLoadFailureHook
LoadLibraryW
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
LocalAlloc
GetTickCount
SetProcessShutdownParameters
GetProcessHeap
GetVersionExA
LoadLibraryA
lstrlenW
HeapAlloc
GetCurrentProcess
GetPriorityClass
GetCurrentDirectoryW
GetCurrentProcessId
OpenProcess
ProcessIdToSessionId
GetCommandLineW
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
SetProcessAffinityMask
GetProcAddress
InterlockedCompareExchange
GetStartupInfoW
GetComputerNameW
ExpandEnvironmentStringsW
lstrcpyW
CreateThread
GetModuleHandleA
SetUnhandledExceptionFilter
CreateMutexW
CloseHandle
GetSystemTimeAsFileTime
GetThreadTimes
lstrcmpW
HeapReAlloc
GetModuleHandleW
SetPriorityClass
FreeLibrary
LocalFree
FormatMessageW
GetProcessAffinityMask
CreateEventW
CreateProcessW
Sleep
GetCurrentThread
ExitProcess
GetCurrentThreadId
GetLocaleInfoW
GetNumberFormatW
SetLastError
IsBadWritePtr
RasDeleteEntryW
RasGetConnectStatusW
RasRenameEntryW
RasHangUpW
RasValidateEntryNameW
RasEnumConnectionsW
RasSetAutodialAddressW
SetFocus
GetParent
UpdateWindow
LoadBitmapW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
EnableWindow
PostMessageW
SetDlgItemTextW
DispatchMessageW
SendMessageW
WinHelpW
LoadStringW
GetDlgItem
InvalidateRect
LoadImageW
ShowCursor
RegisterClipboardFormatW
LoadCursorW
LoadIconW
MsgWaitForMultipleObjects
wsprintfW
SetCursor
StrConnectState
StrAsyncConnectState
Number of PE resources by type
RT_STRING 34
RT_DIALOG 17
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
SWEDISH 3
PORTUGUESE 3
NORWEGIAN BOKMAL 3
PORTUGUESE BRAZILIAN 3
GERMAN 3
CHINESE TRADITIONAL 3
DUTCH 3
FRENCH 3
CHINESE SIMPLIFIED 3
FINNISH DEFAULT 3
JAPANESE DEFAULT 3
DANISH DEFAULT 3
SPANISH 3
RUSSIAN 3
KOREAN 3
ITALIAN 3
PE resources
ExifTool file metadata
SfLangID
SBCS:409

SubsystemVersion
4.0

LinkerVersion
9.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
11.0.0.510

LanguageCode
Unknown (04E4)

FileFlagsMask
0x30003f

FileDescription
Sony Application Registration Utility

CharacterSet
Windows, Latin1

InitializedDataSize
184320

EntryPoint
0x103dd

OriginalFileName
ApplicationRegistration.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011. Sony Creative Software Inc. All rights reserved.

FileVersion
Version 11.0 (Build 510)

SfCharSet
UNICODE

TimeStamp
2010:01:10 05:41:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ApplicationRegistration.exe

SfLangName
English (U.S.)

ProductVersion
Version 11.0 (Build 510)

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sony Creative Software Inc.

CodeSize
67072

ProductName
Sony ApplicationRegistration

ProductVersionNumber
11.0.0.510

FileTypeExtension
exe

ObjectFileType
Dynamic link library

PCAP parents
File identification
MD5 0cb23fd89162de815e70f8f5dd323d99
SHA1 0a91208f5c378b4b374ee991c05d3ed57859c80e
SHA256 3e5480b19f50b0c263f39a247d5a5ba1d8019763e231a9c3b6db4b0c53c1d8e2
ssdeep
6144:98jiijMBTc0wYh6pqd8yxbheBU4PzzVQ:9Pijqc0wpqd8SeB97

authentihash da425cab1cdf256d49c18b6ee88659362f7ca08bdc1e4ffc1cc7deb2dad24b3a
imphash 416bc9d474cd1926ff30374f98da1b47
File size 246.5 KB ( 252416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-11 14:32:12 UTC ( 3 years, 6 months ago )
Last submission 2016-07-17 12:15:48 UTC ( 8 months, 1 week ago )
File names output.14960526.txt
tasksmgr.exe
3e5480b19f50b0c263f39a247d5a5ba1d8019763e231a9c3b6db4b0c53c1d8e2
1347890535.exe
ApplicationRegistration.exe
14960526
222222222222222222222222222222222223e5480b19f50b0c263f39a247d5a5ba1d8019763e231a9c3b6db4b0c53c1d8e2.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests