× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 40dc213fe4551740e12cac575a9880753a9dacd510533f31bd7f635e743a7605
File name: ipscan221.exe
Detection ratio: 28 / 57
Analysis date: 2017-02-01 06:07:33 UTC ( 2 years ago ) View latest
Antivirus Result Update
AegisLab Nettool.W32.Portscan!c 20170201
Antiy-AVL RiskWare[NetTool]/Win32.Portscan.c 20170201
Avast Win32:PUP-gen [PUP] 20170201
Avira (no cloud) APPL/AngryIPScan 20170131
Bkav W32.Clodd8d.Trojan.e2de 20170123
CMC Generic.Win32.6c1bcf0b12!MD 20170131
Comodo ApplicUnwnt.Win32.PortScan.C0 20170201
Cyren W32/PortScan.LHDN-3761 20170201
DrWeb Tool.AngryIpscan 20170201
ESET-NOD32 Win32/NetTool.Portscan.C potentially unsafe 20170201
F-Prot W32/PortScan 20170201
F-Secure Monitoring-Tool:W32/AngryPort.A 20170201
Fortinet Riskware/Angry 20170201
Sophos ML dialer.win32.porndialer.g 20170111
K7GW Unwanted-Program ( 004bca4b1 ) 20170201
Kaspersky not-a-virus:NetTool.Win32.Portscan.fk 20170201
McAfee PortScan-Angry 20170201
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20170201
NANO-Antivirus Riskware.Win32.Portscan.iaup 20170201
Qihoo-360 Trojan.Generic 20170201
Rising Trojan.Generic-5gJCTL2mgbO (cloud) 20170201
Symantec AngryIPScanner 20170131
TheHacker Posible_Worm32 20170129
TrendMicro HKTL_PORTSCAN 20170201
TrendMicro-HouseCall HKTL_PORTSCAN 20170201
VIPRE Angry IP scanner (fs) (not malicious) 20170201
ViRobot NetTool.Portscan.111104[h] 20170201
Zillya Tool.Portscan.Win32.5 20170131
Ad-Aware 20170201
AhnLab-V3 20170131
Alibaba 20170122
ALYac 20170201
Arcabit 20170201
AVG 20170201
AVware 20170201
Baidu 20170125
BitDefender 20170201
CAT-QuickHeal 20170201
ClamAV 20170201
CrowdStrike Falcon (ML) 20170130
Emsisoft 20170201
GData 20170201
Ikarus 20170131
Jiangmin 20170201
K7AntiVirus 20170131
Kingsoft 20170201
Malwarebytes 20170201
Microsoft 20170201
eScan 20170201
nProtect 20170201
Panda 20170131
Sophos AV 20170201
SUPERAntiSpyware 20170201
Tencent 20170201
TotalDefense 20170131
Trustlook 20170201
VBA32 20170131
WhiteArmor 20170123
Yandex 20170131
Zoner 20170201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2000

Original name ipscan.exe
Internal name ipscan
File version 0, 0, 0, 0
Description Angry IP scanner
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-07 17:48:10
Entry Point 0x00048580
Number of sections 3
PE sections
PE imports
RegCloseKey
SaveDC
LoadLibraryA
ExitProcess
GetProcAddress
SHGetMalloc
OpenPrinterA
getservbyname
GetOpenFileNameA
CoInitialize
Number of PE resources by type
RT_STRING 15
RT_BITMAP 15
RT_DIALOG 13
RT_CURSOR 4
RT_GROUP_CURSOR 3
RT_ICON 2
Struct(240) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 27
RUSSIAN 22
NEUTRAL 4
NEUTRAL DEFAULT 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
8192

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
188416

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
ipscan.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0, 0, 0, 0

TimeStamp
2004:04:07 18:48:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ipscan

ProductVersion
0, 0, 0, 0

FileDescription
Angry IP scanner

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2000

MachineType
Intel 386 or later, and compatibles

CompanyName
Angryziber Software

CodeSize
106496

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x48580

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 6c1bcf0b1297689c8c4c12cc70996a75
SHA1 9d99a2446aa54f00af0b049f54afa52617a6a473
SHA256 40dc213fe4551740e12cac575a9880753a9dacd510533f31bd7f635e743a7605
ssdeep
3072:xRrDKrIdBh3D3GA20Cqx/V8pt4TQtnoWB+:xAsnhrGAzCqLEt48n

authentihash 3d41d20e40f4c730c86f9c4bc64fadec9bbd5db5ca23fde37848d37f9f4348e3
imphash 9368eb48dce6312cc6e8d24b90c63070
File size 108.5 KB ( 111104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (31.0%)
Win32 EXE Yoda's Crypter (30.4%)
Microsoft Visual C++ compiled executable (generic) (18.9%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe upx via-tor

VirusTotal metadata
First submission 2006-05-29 20:26:50 UTC ( 12 years, 9 months ago )
Last submission 2019-02-19 18:21:55 UTC ( 4 days, 8 hours ago )
File names 40dc213fe4551740_ipscan.exe
output.104444137.txt
ms_scan.exe
NetTool.Portscan.exe
output.22063664.txt
bkf8d3.tmp
angry_ip_scanner_2_21.exe
output.22187789.txt
netscan.exe
output.113564548.txt
56566611.exe
scan.exe
IPSCAN221.EXE
output.17578676.txt
ipscan_221-bawday.exe
Angry%20IP%20Scanner.exe
output.104436845.txt
331253630.exe
output.112143654.txt
output.114350250.txt
output.111966885.txt
124203332.exe
bcongunw.ijh
ipscan2.21.exe
IPSCAN.EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!