× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f6088d7ca946df4a7e0db5fd0969390c608d349643e69a21b193b35c9ff9b07
File name: diskscanner16.exe
Detection ratio: 0 / 54
Analysis date: 2016-02-09 21:53:05 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware 20160209
AegisLab 20160209
Yandex 20160209
AhnLab-V3 20160209
Alibaba 20160204
Antiy-AVL 20160209
Arcabit 20160209
Avast 20160209
AVG 20160209
Avira (no cloud) 20160209
Baidu-International 20160209
BitDefender 20160209
Bkav 20160204
ByteHero 20160209
CAT-QuickHeal 20160209
ClamAV 20160209
CMC 20160205
Comodo 20160209
Cyren 20160209
DrWeb 20160209
Emsisoft 20160209
ESET-NOD32 20160209
F-Prot 20160209
F-Secure 20160209
Fortinet 20160209
GData 20160209
Ikarus 20160209
Jiangmin 20160209
K7AntiVirus 20160209
K7GW 20160209
Kaspersky 20160209
Malwarebytes 20160209
McAfee 20160209
McAfee-GW-Edition 20160209
Microsoft 20160209
eScan 20160209
NANO-Antivirus 20160209
nProtect 20160205
Panda 20160208
Qihoo-360 20160209
Rising 20160209
Sophos AV 20160209
SUPERAntiSpyware 20160209
Symantec 20160209
Tencent 20160209
TheHacker 20160208
TotalDefense 20160209
TrendMicro 20160209
TrendMicro-HouseCall 20160209
VBA32 20160209
VIPRE 20160209
ViRobot 20160209
Zillya 20160209
Zoner 20160209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-14 19:44:15
Entry Point 0x00001000
Number of sections 7
PE sections
Overlays
MD5 e8bb82271b517d8a91afc3baed8ebb37
File type data
Offset 1020416
Size 6176
Entropy 7.34
PE imports
RegQueryValueW
_TrackMouseEvent
GetFileTitleW
SelectPalette
GdipGetImageHeight
ImmGetOpenStatus
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
AlphaBlend
OleDestroyMenuDescriptor
LresultFromObject
VariantInit
VariantChangeTypeEx
SHAppBarMessage
PathStripToRootW
MonitorFromPoint
GetFileVersionInfoSizeW
PlaySoundW
OpenPrinterW
Number of PE resources by type
RT_BITMAP 17
RT_CURSOR 17
RT_GROUP_CURSOR 16
RT_STRING 14
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 66
NEUTRAL 8
UKRAINIAN DEFAULT 2
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
UNICODE

SubsystemVersion
5.1

InitializedDataSize
2063872

ImageVersion
0.0

ProductName
Ariolic Disk Scanner

FileVersionNumber
1.6.0.20

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
DiskScanner.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.6.0.20

TimeStamp
2014:09:14 21:44:15+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
DiskScanner

ProductVersion
1.6.0.20

FileDescription
Hard drive sector scanner

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (C) 2008,2014 Ariolic Software, Ltd

MachineType
Intel 386 or later, and compatibles

CompanyName
Ariolic Software, Ltd. (www.ariolic.com)

CodeSize
1195008

FileSubtype
0

ProductVersionNumber
1.6.0.20

EntryPoint
0x1000

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 1f878435582b580117a0513e1084aa43
SHA1 4707dfdd708ba3ff56f35de7511e1ebb18c4de81
SHA256 3f6088d7ca946df4a7e0db5fd0969390c608d349643e69a21b193b35c9ff9b07
ssdeep
24576:29HbmpobhKsWlrZBCOMa1cihK5Cvt3jOpuP3yyF5KUJ:2Llr+rZC46CVjOyFF5KW

authentihash ff755acbfc49de0f535b85afddfbc4107ab07c9d973df94b40cfbb536b821c90
imphash 17f4bb7ed58c254830ac4d4989c83143
File size 1002.5 KB ( 1026592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe via-tor asprotect aspack overlay

VirusTotal metadata
First submission 2014-09-18 09:16:09 UTC ( 4 years, 5 months ago )
Last submission 2018-05-24 00:32:13 UTC ( 9 months ago )
File names diskscanner16.exe
diskscanner16 (1).exe
Ariolic Disk Scanner_1.6.0.20.exe
Ariolic Disk Scanner_1.6.exe
diskscanner16.exe
diskscanner16.exe
DiskScanner_1.6.exe
diskscanner16.exe
1005225
DiskScanner.exe
diskscanner16.exe
file-7532994_exe
diskscanner16.exe
DiskScanner
diskscanner16(1).exe
Ariolic DiskScanner16.exe
3F6088D7CA946DF4A7E0DB5FD0969390C608D349643E69A21B193B35C9FF9B07
diskscanner16.exe
diskscanner16.exe
diskscanner16.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications