× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 571240d750119cc293512dfe2cc1c10df724909ccbdfb7eab279741b27c7e8e8
File name: clictrl-plug-in
Detection ratio: 51 / 56
Analysis date: 2017-02-01 19:03:43 UTC ( 1 year, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Foreign.Gen.2 20170201
AegisLab Troj.W32.Gen.lZ1N 20170201
AhnLab-V3 Trojan/Win32.Inject.R114023 20170201
ALYac Trojan.Foreign.Gen.2 20170201
Antiy-AVL Trojan[Spy]/Win32.Zbot 20170201
Arcabit Trojan.Foreign.Gen.2 20170201
Avast Win32:Malware-gen 20170201
AVG Win32/Cryptor 20170201
Avira (no cloud) TR/Crypt.ZPACK.Gen9 20170201
AVware Trojan.Win32.Generic!SB.0 20170201
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20170125
BitDefender Trojan.Foreign.Gen.2 20170201
CAT-QuickHeal TrojanRansom.Crowti.BB4 20170201
ClamAV Win.Trojan.Zbot-59627 20170201
Comodo UnclassifiedMalware 20170201
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/A-a86e566c!Eldorado 20170201
DrWeb Trojan.PWS.Panda.2401 20170201
Emsisoft Trojan.Foreign.Gen.2 (B) 20170201
ESET-NOD32 Win32/Spy.Zbot.AAO 20170201
F-Prot W32/A-a86e566c!Eldorado 20170201
F-Secure Trojan.Foreign.Gen.2 20170201
Fortinet W32/CPacker.G!tr 20170201
GData Trojan.Foreign.Gen.2 20170201
Ikarus Trojan-PWS.Win32.Zbot 20170201
Sophos ML trojandropper.win32.miniduke.b 20170111
Jiangmin TrojanSpy.Zbot.efgc 20170201
K7AntiVirus Spyware ( 004b908d1 ) 20170201
K7GW Spyware ( 004b908d1 ) 20170201
Kaspersky HEUR:Trojan.Win32.Generic 20170201
Malwarebytes Trojan.Agent.ED 20170201
McAfee PWSZbot-FAVR!ECB46A3D2FFB 20170201
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170201
Microsoft PWS:Win32/Zbot 20170201
eScan Trojan.Foreign.Gen.2 20170201
NANO-Antivirus Trojan.Win32.Zbot.dcrmpa 20170201
nProtect Trojan-Spy/W32.ZBot.265728.AS 20170201
Panda Trj/Chgt.C 20170201
Qihoo-360 Win32/Trojan.Multi.daf 20170201
Rising Spyware.Zbot!8.16B-AaJBZ8bOL0S (cloud) 20170201
Sophos AV Troj/Agent-AIAP 20170201
SUPERAntiSpyware Trojan.Agent/PWS-Zbot 20170201
Symantec Trojan.Zbot 20170201
Tencent Win32.Trojan-spy.Zbot.Anzg 20170201
TotalDefense Win32/Zbot.AHEBaFD 20170201
TrendMicro TSPY_ZBOT.YVAGT 20170201
TrendMicro-HouseCall TSPY_ZBOT.YVAGT 20170201
VBA32 TrojanSpy.Zbot 20170201
VIPRE Trojan.Win32.Generic!SB.0 20170201
Yandex TrojanSpy.Zbot!bahU4d/ESm4 20170201
Zillya Trojan.Zbot.Win32.162954 20170201
Alibaba 20170122
CMC 20170201
Kingsoft 20170201
TheHacker 20170129
Trustlook 20170201
ViRobot 20170201
WhiteArmor 20170123
Zoner 20170201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
D-Link Corp. All rights reserved.

Product Stream Client Control Object
Original name CliCtrl
Internal name application/clictrl-plug-in
File version 1.0.1.17
Description Stream Client Control Object
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-23 12:09:48
Entry Point 0x00005287
Number of sections 4
PE sections
PE imports
capCreateCaptureWindowW
PatBlt
SaveDC
CreateFontIndirectA
GetDeviceCaps
LineTo
DeleteDC
GetBoundsRect
SetBkMode
SetTextColor
GetObjectA
CreateFontA
MoveToEx
GetStockObject
ExtTextOutA
GdiFlush
CreateCompatibleDC
SelectObject
SetDIBColorTable
RestoreDC
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
MulDiv
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
GetFileSize
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetCurrentDirectoryW
DecodePointer
GetCurrentProcessId
lstrcatA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
lstrcpyW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetModuleHandleA
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
lstrcpyA
CreateFileW
GetConsoleWindow
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
LocalAlloc
SetLastError
InterlockedIncrement
GradientFill
VariantClear
VariantInit
ExtractIconA
SHGetPathFromIDListW
SHBrowseForFolderW
StrChrW
SHAutoComplete
StrCpyNW
SHCreateStreamOnFileW
SetFocus
GetMessageA
GetParent
UpdateWindow
GetScrollInfo
DestroyMenu
DefWindowProcA
ShowWindow
SendDlgItemMessageA
BeginDeferWindowPos
DispatchMessageA
SetMenu
AppendMenuW
SetWindowLongA
TranslateMessage
GetDlgItemTextW
EndDialog
GetDC
RegisterClassExA
EndDeferWindowPos
ReleaseDC
SystemParametersInfoA
CheckMenuItem
RedrawWindow
SendDlgItemMessageW
SendMessageA
SetWindowTextW
CreateWindowExA
GetDlgItem
GetWindowLongA
GetWindowTextLengthA
CreateMenu
LoadCursorA
LoadIconA
GetTopWindow
IsDlgButtonChecked
GetClientRect
SetDlgItemTextW
DeferWindowPos
CallWindowProcA
LoadIconW
GetFocus
wsprintfW
GetWindowTextA
CharNextW
IsDialogMessageA
WSAStartup
htons
socket
WSACleanup
CoInitialize
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
86528

ImageVersion
0.0

ProductName
Stream Client Control Object

FileVersionNumber
1.0.1.17

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Stream Client Control Object

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
CliCtrl

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.1.17

TimeStamp
2014:07:23 13:09:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
application/clictrl-plug-in

ProductVersion
1.0.1.17

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
D-Link Corp. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
D-Link Corp.

CodeSize
178176

FileSubtype
0

ProductVersionNumber
1.0.1.17

EntryPoint
0x5287

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ecb46a3d2ffb8274b688222dc11b2873
SHA1 dd8b22381140aaf8875492ebbdf438028d123d1f
SHA256 571240d750119cc293512dfe2cc1c10df724909ccbdfb7eab279741b27c7e8e8
ssdeep
6144:XTn3drtRaSeuGO0j1uPcpJb00UIwcFdCH6qYv:D3XsuTtwJyIlFduA

authentihash e1681d161b6884fc96d8741c7c8ef334aca861819fe20b2adb767900c3cd5e5f
imphash 3f247b69371bd429cc1523eed5de908d
File size 259.5 KB ( 265728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-23 16:43:38 UTC ( 4 years, 3 months ago )
Last submission 2014-08-16 14:31:24 UTC ( 4 years, 3 months ago )
File names Conto Telecom Italia n.7_14.0657894.pdf.pif
ecb46a3d2ffb8274b688222dc11b2873.exe
ecb46a3d2ffb8274b688222dc11b2873
CliCtrl
clictrl-plug-in
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.