× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 44ac5e2dc741bcf3f98391729fd48f900d5844557e413250c02e7c082c6024d2
File name: Protection_ID.eXe
Detection ratio: 3 / 54
Analysis date: 2015-12-24 14:23:10 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Microsoft VirTool:Win32/Obfuscator.AX 20151224
Rising PE:Malware.XPACK/RDM!5.1 [F] 20151224
SUPERAntiSpyware Trojan.Agent/Generic 20151224
Ad-Aware 20151224
AegisLab 20151224
Yandex 20151224
AhnLab-V3 20151224
Alibaba 20151208
ALYac 20151224
Antiy-AVL 20151224
Arcabit 20151224
Avast 20151224
AVG 20151224
Avira (no cloud) 20151224
AVware 20151224
Baidu-International 20151224
BitDefender 20151224
Bkav 20151224
ByteHero 20151224
CAT-QuickHeal 20151224
ClamAV 20151224
CMC 20151217
Comodo 20151224
Cyren 20151224
DrWeb 20151224
Emsisoft 20151224
ESET-NOD32 20151224
F-Prot 20151224
F-Secure 20151224
Fortinet 20151224
GData 20151224
Ikarus 20151224
Jiangmin 20151224
K7AntiVirus 20151224
K7GW 20151224
Kaspersky 20151224
Malwarebytes 20151224
McAfee 20151224
McAfee-GW-Edition 20151224
eScan 20151224
NANO-Antivirus 20151224
nProtect 20151224
Panda 20151224
Sophos 20151224
Symantec 20151223
Tencent 20151224
TheHacker 20151223
TrendMicro 20151224
TrendMicro-HouseCall 20151224
VBA32 20151224
VIPRE 20151219
ViRobot 20151224
Zillya 20151223
Zoner 20151224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © [PiD Team] 2002-2015

Product PiD Team's Protection ID v0.6.7.5
Original name Protection_ID.eXe
Internal name [PiD Team] Protection ID v0.6.7.5
File version 0.6.7.5
Description PiD Team's Protection ID
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:16 AM 5/26/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-24 13:15:19
Entry Point 0x0000D2C0
Number of sections 10
PE sections
Overlays
MD5 f842335c15aa650a1b3cfef114041d62
File type data
Offset 1196544
Size 4504
Entropy 7.38
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AccessCheck
InitializeAcl
RegCreateKeyExA
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
RegFlushKey
RegOpenKeyA
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
ImpersonateSelf
RegEnumKeyExW
OpenThreadToken
GetUserNameA
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
RevertToSelf
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
ImageList_Create
Ord(17)
ImageList_GetIcon
ImageList_AddIcon
FindTextA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
CreatePen
TextOutA
GetPixel
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
SetBkMode
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateDCA
MoveToEx
GetStockObject
GetPath
SelectClipRgn
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetFileTime
GetTempPathA
WideCharToMultiByte
LocalFree
WriteFile
GetCommandLineA
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
ExitProcess
FlushFileBuffers
RemoveDirectoryA
lstrcmpiW
GetPriorityClass
LoadLibraryExA
SetThreadPriority
MultiByteToWideChar
GetSystemPowerStatus
FlushInstructionCache
FindNextChangeNotification
SetFilePointer
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetPriorityClass
GlobalMemoryStatus
FindCloseChangeNotification
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
EnterCriticalSection
lstrcmpiA
SetEvent
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
ExitThread
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GlobalLock
GetTempFileNameW
FindFirstFileA
ResetEvent
GetComputerNameA
FindNextFileA
TerminateProcess
GetProcAddress
GetProcessAffinityMask
CreateFileW
CreateEventA
CreateFileA
LeaveCriticalSection
GetLastError
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetEnvironmentStringsA
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetModuleFileNameA
FindFirstChangeNotificationW
CreateProcessW
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
SetThreadAffinityMask
GetCurrentThread
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetVolumeInformationA
GetVersion
CreateProcessA
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
OpenEventA
VirtualAlloc
VariantClear
VariantInit
SHGetFileInfoA
SHAddToRecentDocs
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
RedrawWindow
CharLowerBuffA
DrawStateA
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
EndPaint
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
SendMessageW
SendMessageA
GetClientRect
SetMenuDefaultItem
EnumDisplaySettingsA
IsClipboardFormatAvailable
ClientToScreen
LoadImageA
GetMenuItemInfoA
GetMenuStringA
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
ShowWindow
SetClassLongA
DrawFrameControl
SetDlgItemInt
EnableWindow
LockWindowUpdate
GetDlgItemTextA
IsWindowEnabled
CreatePopupMenu
SetClipboardData
EnableMenuItem
InvertRect
GetWindowLongA
SetTimer
FillRect
GetSysColorBrush
IsWindowUnicode
DestroyWindow
SetFocus
PostMessageA
BeginPaint
GetScrollPos
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
CheckDlgButton
SetWindowTextA
DrawFocusRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
GetScrollRange
EndDialog
FindWindowA
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
AppendMenuA
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
FrameRect
DeleteMenu
InvalidateRect
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
PE exports
Number of PE resources by type
RT_ICON 146
RT_GROUP_ICON 140
RT_DIALOG 52
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 341
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.6.7.5

UninitializedDataSize
10240

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
1509376

EntryPoint
0xd2c0

OriginalFileName
Protection_ID.eXe

MIMEType
application/octet-stream

LegalCopyright
Copyright [PiD Team] 2002-2015

FileVersion
0.6.7.5

TimeStamp
2015:12:24 14:15:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
[PiD Team] Protection ID v0.6.7.5

ProductVersion
0.6.7.5

FileDescription
PiD Team's Protection ID

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
[PiD Team] (CDKiller/TippeX)

CodeSize
461312

ProductName
PiD Team's Protection ID v0.6.7.5

ProductVersionNumber
0.6.7.5

FileTypeExtension
exe

ObjectFileType
Executable application

Build
0.6.7.5

File identification
MD5 62df63b92f8bdf36a82769196e0923c7
SHA1 00129a5fc75ffe05222d60c42fd5b8c165bd1d25
SHA256 44ac5e2dc741bcf3f98391729fd48f900d5844557e413250c02e7c082c6024d2
ssdeep
24576:TgpEhLRS0U69f3zzjn5IJToa6tftuS1xMPVOW76U0CAMX4Yy:k+40U69fDRoToamftuDv6IA8e

authentihash f6ed476eaeeccfe374809240a8ec70d4f08bc3a225cb3101202e49028331d3e8
imphash 413562afc9cc4d93433481fea2627abe
File size 1.1 MB ( 1201048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (73.3%)
Win32 Dynamic Link Library (generic) (11.6%)
Win32 Executable (generic) (7.9%)
Generic Win/DOS Executable (3.5%)
DOS Executable Generic (3.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-24 14:23:10 UTC ( 1 year, 6 months ago )
Last submission 2017-05-26 00:16:26 UTC ( 1 month ago )
File names Protection_ID.eXe
Protection_ID.eXe
Protection_ID (2).eXe
[PiD Team] Protection ID v0.6.7.5
Protection ID v0.6.7.5.exe
Хуйня проверяющая хуйню.eXe
Protection_ID.eXe
protection_id.exe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.exe
Protection_ID.eXe
Protection ID.exe
Protection_ID.eXe
vi.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
pen.eXe
44AC5E2DC741BCF3F98391729FD48F900D5844557E413250C02E7C082C6024D2.dat
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R03EC0SBD16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
UDP communications