× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50bb2850e82387a206fa4d5ebafdbdfeefeb21f8564cf46283b60b756ecc9c9e
File name: LEViewer.exe
Detection ratio: 41 / 55
Analysis date: 2016-01-20 08:22:35 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Yandex Trojan.Yakes!FRibNTtl1ms 20160119
AhnLab-V3 Trojan/Win32.Gen 20160119
ALYac Trojan.GenericKD.2301957 20160120
Antiy-AVL Trojan/Win32.Yakes 20160120
Arcabit Trojan.Generic.D232005 20160120
Avast Win32:Dropper-gen [Drp] 20160120
AVG Downloader.Generic14.SOE 20160120
Avira (no cloud) TR/Crypt.ZPACK.138921 20160120
Baidu-International Trojan.Win32.Yakes.kjcg 20160119
BitDefender Trojan.GenericKD.2301957 20160120
CAT-QuickHeal Trojan.Generic.B4 20160119
Comodo UnclassifiedMalware 20160120
Cyren W32/Trojan.EJAF-6901 20160120
Emsisoft Trojan.GenericKD.2301957 (B) 20160120
ESET-NOD32 Win32/TrojanDownloader.Agent.BFU 20160120
F-Prot W32/Trojan3.OXS 20160120
F-Secure Trojan.GenericKD.2301957 20160120
Fortinet W32/Zbot.ACB!tr.spy 20160120
GData Trojan.GenericKD.2301957 20160120
Ikarus Trojan-Downloader.Win32.Agent 20160120
K7AntiVirus Trojan-Downloader ( 004bda2d1 ) 20160120
K7GW Trojan-Downloader ( 004bda2d1 ) 20160120
Kaspersky Trojan.Win32.Yakes.kjcg 20160120
Malwarebytes Trojan.Agent 20160120
McAfee Artemis!FE9845E81137 20160120
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20160120
Microsoft Trojan:Win32/Skeeyah.A!rfn 20160120
eScan Trojan.GenericKD.2301957 20160120
NANO-Antivirus Trojan.Win32.Yakes.dqtane 20160120
nProtect Trojan.GenericKD.2301957 20160120
Panda Trj/Genetic.gen 20160119
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160120
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160120
Sophos AV Mal/Generic-S 20160120
Symantec Trojan.Gen.SMH 20160119
Tencent Win32.Trojan.Yakes.Egya 20160120
TheHacker Trojan/Downloader.Agent.bfu 20160119
TrendMicro TROJ_GEN.R0CCC0CKF15 20160120
VIPRE Trojan.Win32.Generic!BT 20160120
ViRobot Trojan.Win32.Z.Agent.177664.B[h] 20160120
Zillya Trojan.Yakes.Win32.32252 20160120
AegisLab 20160119
Alibaba 20160120
Bkav 20160119
ByteHero 20160120
ClamAV 20160120
CMC 20160111
DrWeb 20160120
Jiangmin 20160120
Kingsoft 20160120
SUPERAntiSpyware 20160120
TotalDefense 20160120
TrendMicro-HouseCall 20160120
VBA32 20160119
Zoner 20160120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft (R) Visual Studio (R) 2010
Original name LEViewer.exe
Internal name LEViewer.exe
File version 10.0.40219.457
Description LEViewer.exe
Comments LEViewer.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-15 12:01:56
Entry Point 0x000029C0
Number of sections 5
PE sections
PE imports
capCreateCaptureWindowA
CommDlgExtendedError
GetObjectA
GetDeviceCaps
SelectObject
CreateFontA
GetStockObject
SetBkMode
SetTextColor
GetAdapterOrderMap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
EncodePointer
IsDebuggerPresent
GetTickCount
TlsAlloc
SetConsoleCursorPosition
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetEnvironmentStringsW
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetConsoleTitleA
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
CancelIo
GetFileType
SetStdHandle
GetModuleFileNameW
GetModuleHandleA
GetCPInfo
FillConsoleOutputCharacterA
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
SetConsoleTitleA
WaitForSingleObject
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
GetConsoleWindow
CallNamedPipeA
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
CloseHandle
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
WriteConsoleW
InterlockedIncrement
WindowFromAccessibleObject
StrNCatA
GetMessageA
GetParent
UpdateWindow
EndDialog
BeginPaint
EnumWindows
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
FindWindowA
DispatchMessageA
EndPaint
MessageBoxA
DialogBoxParamA
GetDC
DrawTextA
SetWindowTextA
LoadStringA
SendMessageA
CloseClipboard
GetClientRect
GetDlgItem
DeleteMenu
InvalidateRect
wsprintfA
GetWindowTextLengthA
CreateWindowExA
GetWindowTextA
OpenClipboard
GetAncestor
DestroyWindow
Number of PE resources by type
RT_CURSOR 7
RT_BITMAP 3
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
LEViewer.exe

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.40219.457

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LEViewer.exe

CharacterSet
Unicode

InitializedDataSize
105472

EntryPoint
0x29c0

OriginalFileName
LEViewer.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.40219.457

TimeStamp
2015:04:15 13:01:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LEViewer.exe

ProductVersion
10.0.40219.457

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
71168

ProductName
Microsoft (R) Visual Studio (R) 2010

ProductVersionNumber
10.0.40219.457

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
10.0.0.0

Compressed bundles
File identification
MD5 fe9845e8113705be64aa268797a43f58
SHA1 232d218f0725a53add0ea1619a706d11a2b14362
SHA256 50bb2850e82387a206fa4d5ebafdbdfeefeb21f8564cf46283b60b756ecc9c9e
ssdeep
3072:M7B/jyEKMRsDYr8t9SEhzqp7j/dDoesLQI/GGm9OxhISl4oDFKBZVLm9Qa9:M7B/gPk87zqpHFDoB/RTldgZV69H9

authentihash f6b845bf0f2e2571bd44a2dc86d1d5f7200e3f2b0545741573ccb329b1b1d1a6
imphash bbbfc8d1442cec1ad8e361d4e4decaa3
File size 173.5 KB ( 177664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-16 11:21:38 UTC ( 3 years, 3 months ago )
Last submission 2015-09-23 04:04:35 UTC ( 2 years, 10 months ago )
File names beställning_16.04.15.exe
敢瑳泤湬湩彧㘱〮⸴㔱攮數
50BB2850E82387A206FA4D5EBAFDBDFEEFEB21F8564CF46283B60B756ECC9C9E.EXE
best ñllning_16.04.15.exe
best �llning_16.04.15.exe
50BB2850E82387A206FA4D5EBAFDBDFEEFEB21F8564CF46283B60B756ECC9C9E.EXE
LEViewer.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CCC0CKF15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications