× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 503a03322363cc3766c76eacc02c3ef70bb836b0ae98c3a90518e5933f3cd5fc
File name: Protection_ID.eXe
Detection ratio: 5 / 55
Analysis date: 2016-10-31 18:02:42 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9612 20161031
Sophos ML virus.win32.parite.b 20161018
Microsoft VirTool:Win32/Obfuscator.AX 20161031
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161031
SUPERAntiSpyware Trojan.Agent/Generic 20161031
Ad-Aware 20161031
AegisLab 20161031
AhnLab-V3 20161031
Alibaba 20161031
ALYac 20161031
Antiy-AVL 20161031
Arcabit 20161031
Avast 20161031
AVG 20161031
Avira (no cloud) 20161031
AVware 20161031
BitDefender 20161031
Bkav 20161031
CAT-QuickHeal 20161031
ClamAV 20161031
CMC 20161031
Comodo 20161031
CrowdStrike Falcon (ML) 20161024
Cyren 20161031
DrWeb 20161031
Emsisoft 20161031
ESET-NOD32 20161031
F-Prot 20161031
F-Secure 20161031
Fortinet 20161031
GData 20161031
Ikarus 20161031
Jiangmin 20161031
K7AntiVirus 20161031
K7GW 20161031
Kaspersky 20161031
Kingsoft 20161031
Malwarebytes 20161031
McAfee 20161031
McAfee-GW-Edition 20161031
eScan 20161031
NANO-Antivirus 20161031
nProtect 20161028
Panda 20161031
Rising 20161031
Sophos AV 20161031
Symantec 20161031
Tencent 20161031
TheHacker 20161029
TrendMicro 20161031
TrendMicro-HouseCall 20161031
VBA32 20161031
VIPRE 20161031
ViRobot 20161031
Yandex 20161031
Zillya 20161031
Zoner 20161031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © [PiD Team] 2002-2016

Product PiD Team's Protection ID v0.6.8.0
Original name Protection_ID.eXe
Internal name [PiD Team] Protection ID v0.6.8.0
File version 0.6.8.0
Description PiD Team's Protection ID
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 11:13 PM 5/18/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-31 18:02:00
Entry Point 0x0000D56C
Number of sections 10
PE sections
Overlays
MD5 2c09cd8f460e852b53582273747ae74e
File type data
Offset 1208320
Size 4504
Entropy 7.38
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AccessCheck
InitializeAcl
RegCreateKeyExA
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
RegFlushKey
RegOpenKeyA
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
ImpersonateSelf
RegEnumKeyExW
OpenThreadToken
GetUserNameA
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
RevertToSelf
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
ImageList_Create
Ord(17)
ImageList_GetIcon
ImageList_AddIcon
FindTextA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
CreatePen
TextOutA
GetPixel
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
SetBkMode
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateDCA
MoveToEx
GetStockObject
GetPath
SelectClipRgn
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetFileTime
GetTempPathA
WideCharToMultiByte
LocalFree
WriteFile
GetCommandLineA
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
ExitProcess
FlushFileBuffers
RemoveDirectoryA
lstrcmpiW
GetPriorityClass
LoadLibraryExA
SetThreadPriority
MultiByteToWideChar
GetSystemPowerStatus
FlushInstructionCache
FindNextChangeNotification
SetFilePointer
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetPriorityClass
GlobalMemoryStatus
FindCloseChangeNotification
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
EnterCriticalSection
lstrcmpiA
SetEvent
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
ExitThread
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GlobalLock
GetTempFileNameW
FindFirstFileA
ResetEvent
GetComputerNameA
FindNextFileA
TerminateProcess
GetProcAddress
GetProcessAffinityMask
CreateFileW
CreateEventA
CreateFileA
LeaveCriticalSection
GetLastError
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetEnvironmentStringsA
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetModuleFileNameA
FindFirstChangeNotificationW
CreateProcessW
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
SetThreadAffinityMask
GetCurrentThread
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetVolumeInformationA
GetVersion
CreateProcessA
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
OpenEventA
VirtualAlloc
VariantClear
VariantInit
SHGetFileInfoA
SHAddToRecentDocs
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
RedrawWindow
CharLowerBuffA
DrawStateA
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
EndPaint
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
SendMessageW
SendMessageA
GetClientRect
SetMenuDefaultItem
EnumDisplaySettingsA
IsClipboardFormatAvailable
ClientToScreen
LoadImageA
GetMenuItemInfoA
GetMenuStringA
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
ShowWindow
SetClassLongA
DrawFrameControl
SetDlgItemInt
EnableWindow
LockWindowUpdate
GetDlgItemTextA
IsWindowEnabled
CreatePopupMenu
SetClipboardData
EnableMenuItem
InvertRect
GetWindowLongA
SetTimer
FillRect
GetSysColorBrush
IsWindowUnicode
DestroyWindow
SetFocus
PostMessageA
BeginPaint
GetScrollPos
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
CheckDlgButton
SetWindowTextA
DrawFocusRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
GetScrollRange
EndDialog
FindWindowA
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
AppendMenuA
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
FrameRect
DeleteMenu
InvalidateRect
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
PE exports
Number of PE resources by type
RT_ICON 146
RT_GROUP_ICON 140
RT_DIALOG 52
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 342
PE resources
Debug information
ExifTool file metadata
PreReleaseBuild
Please do NOT release / distribute / leak this release to the pubic

SubsystemVersion
4.0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.6.8.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0003

FileDescription
PiD Team's Protection ID

CharacterSet
Windows, Latin1

InitializedDataSize
1517568

EntryPoint
0xd56c

OriginalFileName
Protection_ID.eXe

MIMEType
application/octet-stream

LegalCopyright
Copyright [PiD Team] 2002-2016

FileVersion
0.6.8.0

TimeStamp
2016:10:31 19:02:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
[PiD Team] Protection ID v0.6.8.0

ProductVersion
0.6.8.0

UninitializedDataSize
10240

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
[PiD Team] (CDKiller/TippeX)

CodeSize
465920

ProductName
PiD Team's Protection ID v0.6.8.0

ProductVersionNumber
0.6.8.0

FileTypeExtension
exe

ObjectFileType
Executable application

Build
0.6.8.0

Compressed bundles
File identification
MD5 18513c3863e882c4f5d6ef25fa15782a
SHA1 8837609df92b862589b1a638fd6eb5fbb0c009d2
SHA256 503a03322363cc3766c76eacc02c3ef70bb836b0ae98c3a90518e5933f3cd5fc
ssdeep
24576:c8tggHkHfTAduwL1RU3LBEzT+NAYGCDV5B/RXkUx1aXU0CAMX4LP:L7osduwL/UgT+NdGk//RUU1YIA8o

authentihash 0e12b33f83a91fc4c4e1cdf179eb52aa01957cfc65ba94569d25171daa51e627
imphash 413562afc9cc4d93433481fea2627abe
File size 1.2 MB ( 1212824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-31 18:02:42 UTC ( 11 months, 3 weeks ago )
Last submission 2017-05-18 22:13:42 UTC ( 5 months ago )
File names Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID 0680.eXe
Protection_ID.exe
PROTECTION_ID.EXE
[PiD Team] Protection ID v0.6.8.0
protection_id.exe
Protection_ID.eXe
Protection_ID.exe
Protection_ID.ex~
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1031.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs