× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4871d2db4623340d66d4c73ac0183f63ce319b715e6b09624e84f360ec703476
File name: WebSplashGiNi
Detection ratio: 21 / 52
Analysis date: 2014-06-03 18:49:54 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KD.19940 20140603
AntiVir TR/Gendal.KD.19940 20140603
Avast Win32:Malware-gen 20140603
BitDefender Trojan.Generic.KD.19940 20140603
Bkav W32.Clod924.Trojan.6ac2 20140603
Commtouch W32/Trojan.NKBN-0440 20140603
Comodo UnclassifiedMalware 20140603
Emsisoft Trojan.Generic.KD.19940 (B) 20140603
F-Secure Trojan.Generic.KD.19940 20140603
GData Trojan.Generic.KD.19940 20140603
Ikarus Trojan.SuspectCRC 20140603
Kingsoft Win32.Troj.Generic.kd.(kcloud) 20140603
McAfee Artemis!5F74037F4E8A 20140603
McAfee-GW-Edition Artemis!5F74037F4E8A 20140603
eScan Trojan.Generic.KD.19940 20140603
Norman Suspicious_Gen4.BRNKY 20140603
nProtect Trojan.Generic.KD.19940 20140603
Qihoo-360 Win32/Trojan.d02 20140603
Rising PE:Trojan.Win32.Generic.12594691!307840657 20140603
Tencent Win32.Trojan.Generic.Szbw 20140603
VIPRE Trojan.Win32.Generic!BT 20140603
AegisLab 20140603
Yandex 20140602
AhnLab-V3 20140603
Antiy-AVL 20140603
AVG 20140603
Baidu-International 20140603
ByteHero 20140603
CAT-QuickHeal 20140603
ClamAV 20140603
CMC 20140530
DrWeb 20140603
ESET-NOD32 20140603
F-Prot 20140603
Fortinet 20140603
Jiangmin 20140531
K7AntiVirus 20140603
K7GW 20140603
Kaspersky 20140603
Malwarebytes 20140603
Microsoft 20140603
NANO-Antivirus 20140603
Panda 20140603
Sophos AV 20140603
SUPERAntiSpyware 20140603
Symantec 20140603
TheHacker 20140602
TotalDefense 20140603
TrendMicro 20140603
TrendMicro-HouseCall 20140603
VBA32 20140603
ViRobot 20140603
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2003-2006 eKsys Corporation

Publisher M&Soft
Internal name WebSplashGiNi
File version 1.0.1.3
Description SmartUpdater for M&Soft SpeedNavi GiNi
Comments eKsys - http://www.eksys.co.kr/
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-11-19 05:31:56
Entry Point 0x000AA820
Number of sections 3
PE sections
PE imports
RegCloseKey
BitBlt
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
OleDraw
VariantInit
ShellExecuteA
VerQueryValueA
InternetOpenA
Number of PE resources by type
RT_STRING 15
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 4
RT_RCDATA 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 44
KOREAN 6
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Splash
*OriginalFilename

LinkerVersion
5.0

ImageVersion
0.0

FileVersionNumber
1.0.1.3

UninitializedDataSize
442368

LanguageCode
Korean

FileFlagsMask
0x003f

CharacterSet
Windows, Korea (Shift - KSC 5601)

InitializedDataSize
24576

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003-2006 eKsys Corporation

FileVersion
1.0.1.3

TimeStamp
2007:11:19 06:31:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WebSplashGiNi

FileAccessDate
2014:06:03 19:57:03+01:00

FileDescription
SmartUpdater for M&Soft SpeedNavi GiNi

OSVersion
4.0

FileCreateDate
2014:06:03 19:57:03+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
M&Soft

CodeSize
253952

FileSubtype
0

ProductVersionNumber
1.0.1.2

EntryPoint
0xaa820

ObjectFileType
Executable application

Tag00
X Comments

Compressed bundles
File identification
MD5 5f74037f4e8aed2c2f8a28fbe86e82ee
SHA1 76e00d3e35dea1b62884d73c83aea87ecf45e334
SHA256 4871d2db4623340d66d4c73ac0183f63ce319b715e6b09624e84f360ec703476
ssdeep
6144:dcAIDW3/JKV/Pcdq8KfkApgvWcx2C86+MuEwc+n+pNT/+x/PK:dBIDs/y8K8Apglxr869OkNChS

imphash f7939f6b392dae0b90b5763069a62694
File size 270.5 KB ( 276992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2008-02-20 04:00:07 UTC ( 11 years, 1 month ago )
Last submission 2012-04-24 20:02:56 UTC ( 6 years, 11 months ago )
File names htYy2T67ND.xls
qNkj5eDi.vsd
websplashgini.exe
WebSplashGiNi
4871d2db4623340d66d4c73ac0183f63ce319b715e6b09624e84f360ec703476
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications