× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 58f26f4ed5c167a0465779142e676e5794cf894d7d77285ce5b84aed5391db0d
File name: Axdix.exe
Detection ratio: 43 / 67
Analysis date: 2018-02-28 05:16:17 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.162702 20180228
AhnLab-V3 Malware/Win32.Generic.C1040976 20180228
ALYac Gen:Variant.Zusy.162702 20180228
Antiy-AVL Trojan[Spy]/Win32.Zbot 20180228
Arcabit Trojan.Zusy.D27B8E 20180228
Avast Win32:Malware-gen 20180228
AVG Win32:Malware-gen 20180228
Avira (no cloud) TR/Crypt.Xpack.lka 20180227
AVware Trojan.Win32.Generic!BT 20180228
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9918 20180227
BitDefender Gen:Variant.Zusy.162702 20180228
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20170201
Cybereason malicious.2bfbdd 20180225
Cylance Unsafe 20180228
DrWeb Trojan.PWS.Panda.8087 20180228
Emsisoft Gen:Variant.Zusy.162702 (B) 20180228
Endgame malicious (high confidence) 20180223
ESET-NOD32 Win32/Spy.Zbot.ACB 20180228
F-Secure Gen:Variant.Zusy.162702 20180228
Fortinet W32/Generic.AC.2B0209!tr 20180228
GData Gen:Variant.Zusy.162702 20180228
Sophos ML heuristic 20180121
Jiangmin TrojanSpy.Zbot.etur 20180228
K7AntiVirus Spyware ( 004b89a11 ) 20180227
K7GW Spyware ( 004b89a11 ) 20180228
Kaspersky HEUR:Trojan.Win32.Generic 20180228
MAX malware (ai score=81) 20180228
McAfee Artemis!853240D2BFBD 20180228
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20180228
eScan Gen:Variant.Zusy.162702 20180228
NANO-Antivirus Trojan.Win32.Zbot.dxhpcf 20180228
Panda Trj/Genetic.gen 20180227
Rising Malware.Undefined!8.C (TFE:5:GcKIYaZR9SM) 20180228
SentinelOne (Static ML) static engine - malicious 20180225
Tencent Suspicious.Heuristic.Gen.b.0 20180228
TheHacker Trojan/Spy.Zbot.acb 20180225
TrendMicro TSPY_ZBOT_EJ1900AA.UVPM 20180228
TrendMicro-HouseCall TSPY_ZBOT_EJ1900AA.UVPM 20180228
VIPRE Trojan.Win32.Generic!BT 20180228
Webroot W32.Rogue.Gen 20180228
Yandex TrojanSpy.Zbot!LBpWf8MTZOA 20180228
Zillya Trojan.Zbot.Win32.187770 20180227
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180228
AegisLab 20180228
Alibaba 20180228
Avast-Mobile 20180228
Bkav 20180227
CAT-QuickHeal 20180227
ClamAV 20180227
CMC 20180228
Comodo 20180228
Cyren 20180228
eGambit 20180228
F-Prot 20180228
Ikarus 20180227
Kingsoft 20180228
Malwarebytes 20180228
Microsoft 20180228
nProtect 20180228
Palo Alto Networks (Known Signatures) 20180228
Qihoo-360 20180228
Sophos AV 20180228
SUPERAntiSpyware 20180227
Symantec 20180228
Symantec Mobile Insight 20180220
Trustlook 20180228
VBA32 20180227
ViRobot 20180228
WhiteArmor 20180223
Zoner 20180228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2001-2011 Rustici Software

Product SawTree
Original name thinkpoint.exe
Internal name SawTree
File version 7.0.1311.7348
Description SawTree
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-12 10:10:58
Entry Point 0x00002A7B
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GlobalFree
GetOEMCP
QueryPerformanceCounter
HeapDestroy
GetTickCount
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
GlobalAlloc
RtlUnwind
GetModuleFileNameA
QueryPerformanceFrequency
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
CreateDirectoryW
GetCommandLineA
GetProcAddress
TlsFree
GetStartupInfoW
ExitProcess
GetFileTime
CreateEventW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
ResetEvent
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
GetProcessHeap
IsDebuggerPresent
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
WriteProfileStringW
VirtualFree
InterlockedDecrement
Sleep
GetFileType
IsBadReadPtr
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
Ord(156)
Ord(48)
Ord(74)
Ord(154)
Ord(58)
Ord(152)
Ord(136)
Ord(162)
Ord(138)
Ord(160)
Ord(24)
Ord(37)
Ord(167)
Ord(173)
Ord(165)
Ord(132)
Ord(31)
Ord(28)
Ord(72)
Ord(26)
Ord(64)
Ord(75)
Ord(49)
Ord(155)
Ord(147)
Ord(59)
Ord(61)
Ord(153)
Ord(68)
Ord(139)
Ord(63)
Ord(176)
Ord(69)
Ord(166)
Ord(170)
Ord(30)
Ord(29)
Ord(150)
AddPrinterDriverExW
EnumFormsW
ReadPrinter
SetJobW
GetPrinterDataW
DeletePortW
SetFormW
ResetPrinterW
OpenPrinterW
DeletePrinter
GetPrinterDataExW
GetPrinterW
ConfigurePortW
AddPrinterConnectionW
DeleteMonitorW
ClosePrinter
DeletePrinterConnectionW
EndPagePrinter
ScheduleJob
DeletePrinterDataW
EnumMonitorsW
GetJobW
DeletePrinterKeyW
AddPrintProcessorW
DeletePrinterDriverW
GetFormW
AddPrinterW
EnumJobsW
DeletePrintProvidorW
GetPrinterDriverW
DeletePrinterDataExW
AddPrintProvidorW
DeleteFormW
PrinterMessageBoxW
DeletePrinterDriverExW
DeletePrintProcessorW
GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryW
EndDocPrinter
AddPrinterDriverW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.1311.7348

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
135168

EntryPoint
0x2a7b

OriginalFileName
thinkpoint.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2001-2011 Rustici Software

FileVersion
7.0.1311.7348

TimeStamp
2015:09:12 11:10:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SawTree

ProductVersion
7.0.1311.7348

FileDescription
SawTree

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Rustici Software

CodeSize
151552

ProductName
SawTree

ProductVersionNumber
7.0.1311.7348

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 853240d2bfbdd82a9d3ff4790db2a2ba
SHA1 4663a80c8f188cd42408752410f923eef7fb6fbc
SHA256 58f26f4ed5c167a0465779142e676e5794cf894d7d77285ce5b84aed5391db0d
ssdeep
6144:6hbmHW++LR2pfdHD2vG0jbYAovES2Gzb+0vFUTlY:WCHE23j2vJjK2GP+0v+

authentihash ea72526c6665545ec8c781a01d656a94616e20ac14896c263c54a4d99d30421e
imphash ccdf47d59a4d7b48f7693a96b6ca508a
File size 260.0 KB ( 266240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-02-28 05:16:17 UTC ( 1 year ago )
Last submission 2018-02-28 05:16:17 UTC ( 1 year ago )
File names SawTree
Axdix.exe
thinkpoint.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs