× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c40a451c148a3e996fba26186b35befb3ddef4c9a2f2f693361922e77e99b39
File name: PCI-Z.exe
Detection ratio: 1 / 50
Analysis date: 2014-04-20 21:47:10 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
CMC Packed.Win32.Zcrypt.3!O 20140417
AVG 20140420
Ad-Aware 20140420
AegisLab 20140420
Yandex 20140420
AhnLab-V3 20140420
AntiVir 20140420
Antiy-AVL 20140420
Avast 20140420
Baidu-International 20140419
BitDefender 20140420
Bkav 20140418
ByteHero 20140420
CAT-QuickHeal 20140418
ClamAV 20140420
Commtouch 20140420
Comodo 20140420
DrWeb 20140420
ESET-NOD32 20140420
Emsisoft 20140420
F-Prot 20140420
F-Secure 20140420
Fortinet 20140420
GData 20140420
Ikarus 20140420
Jiangmin 20140420
K7AntiVirus 20140418
K7GW 20140418
Kaspersky 20140420
Kingsoft 20140420
Malwarebytes 20140420
McAfee 20140420
McAfee-GW-Edition 20140420
eScan 20140420
Microsoft 20140420
NANO-Antivirus 20140420
Norman 20140420
Panda 20140420
Qihoo-360 20140411
Rising 20140420
SUPERAntiSpyware 20140420
Sophos 20140420
Symantec 20140420
TheHacker 20140419
TotalDefense 20140420
TrendMicro 20140420
TrendMicro-HouseCall 20140420
VBA32 20140418
VIPRE 20140420
ViRobot 20140420
nProtect 20140420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Freeware

Product PCI-Z
Original name PCI-Z.exe
Internal name PCI-Z
File version 1.3
Description PCI-Z uses PCI ID Repository to detect PCI(-E/-X) devices without drivers.
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:33 PM 2/19/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-20 21:45:50
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 cda4eca637ba8f9b4524bba52fb61e98
File type data
Offset 656896
Size 6912
Entropy 7.62
PE imports
GetUserNameA
ImageList_GetIconSize
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Replace
ImageList_Create
CreateStatusWindowA
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Add
GetOpenFileNameA
GetSaveFileNameA
SetDIBits
CreatePen
SetStretchBltMode
GetObjectType
GetObjectA
CreateDCA
LineTo
DeleteDC
SetPixel
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
CreateBitmap
MoveToEx
GetStockObject
GetDIBits
CreateCompatibleDC
StretchBlt
StretchDIBits
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
CreateToolhelp32Snapshot
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
ReadFile
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
FlushFileBuffers
GetVersionExA
LoadLibraryA
GetLocalTime
CreatePipe
GetCurrentProcess
SetConsoleCtrlHandler
GetCurrentProcessId
ReleaseSemaphore
WaitForMultipleObjects
AllocConsole
DeleteFileA
GetCurrentDirectoryA
Module32First
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
GetCurrentThread
GlobalUnlock
SetFilePointer
QueryPerformanceFrequency
CreateSemaphoreA
CreateThread
TlsFree
GetModuleHandleA
DeleteCriticalSection
FindFirstFileA
WriteFile
SetConsoleTitleA
CloseHandle
FreeConsole
GetComputerNameA
GlobalMemoryStatusEx
DuplicateHandle
HeapReAlloc
GlobalLock
SetFileAttributesA
GetDriveTypeA
GetProcessAffinityMask
CreateProcessA
GetTimeZoneInformation
WriteConsoleA
WideCharToMultiByte
InitializeCriticalSection
HeapCreate
CreateFileW
GlobalAlloc
VirtualFree
FindClose
TlsGetValue
Sleep
GetTickCount
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
strncmp
rand
malloc
sscanf
setlocale
pow
fread
fclose
strcat
_stricmp
_setjmp3
printf
fflush
fopen
strlen
strncpy
frexp
fabs
mktime
fwrite
wcslen
wcscmp
_strdup
sprintf
localtime
memset
longjmp
tolower
gmtime
free
ceil
atoi
atof
memcpy
strstr
memmove
floor
_CIpow
strcpy
modf
_strnicmp
strcmp
RevokeDragDrop
CoInitialize
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
ShellExecuteExA
MapWindowPoints
GetForegroundWindow
RedrawWindow
DrawStateA
DestroyMenu
SetWindowPos
IsWindow
DispatchMessageA
ScreenToClient
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetWindowTextLengthA
GetActiveWindow
LoadImageA
MsgWaitForMultipleObjects
GetWindowTextA
EnumPropsExA
GetKeyState
DestroyWindow
GetMessageA
GetParent
SetPropA
EnumWindows
ShowWindow
GetPropA
CreateIconFromResourceEx
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetIconInfo
SetClipboardData
GetSystemMetrics
IsZoomed
RegisterClassA
GetWindowLongA
CreateMenu
FillRect
GetSysColorBrush
CreateAcceleratorTableA
IsChild
SetFocus
SetCapture
GetScrollPos
RegisterWindowMessageA
DefWindowProcA
GetClipboardData
CharLowerA
GetWindowRect
PostMessageA
ReleaseCapture
EnumChildWindows
SetWindowLongA
RemovePropA
CreatePopupMenu
CreateWindowExA
BringWindowToTop
ClientToScreen
LoadCursorA
LoadIconA
TrackPopupMenu
DestroyAcceleratorTable
ValidateRect
CreateIconFromResource
SetForegroundWindow
OpenClipboard
EmptyClipboard
DrawTextA
FindWindowA
GetWindowThreadProcessId
AppendMenuA
DrawFrameControl
SetMenu
MoveWindow
MessageBoxA
AdjustWindowRectEx
GetSysColor
RegisterClassExA
SystemParametersInfoA
DestroyIcon
IsWindowVisible
SetCursorPos
SetRect
InvalidateRect
DefFrameProcA
SetWindowTextA
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
timeBeginPeriod
__WSAFDIsSet
recv
socket
bind
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
ioctlsocket
connect
sendto
recvfrom
htons
closesocket
gethostbyaddr
select
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.0.1

Email
info@pci-z.com

Website
http://www.pci-z.com/

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
PCI-Z uses PCI ID Repository to detect PCI(-E/-X) devices without drivers.

CharacterSet
Unicode

InitializedDataSize
302080

EntryPoint
0x1000

OriginalFileName
PCI-Z.exe

MIMEType
application/octet-stream

LegalCopyright
Freeware

FileVersion
1.3

TimeStamp
2014:04:20 22:45:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PCI-Z

ProductVersion
1.3

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Bruno Banelli

CodeSize
365568

ProductName
PCI-Z

ProductVersionNumber
1.3.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 49fd41d7aa73bde2f55acf110afff170
SHA1 9c13d9ccf279c12c5a984738a9771ef69bb97623
SHA256 5c40a451c148a3e996fba26186b35befb3ddef4c9a2f2f693361922e77e99b39
ssdeep
12288:V9j9tTLHS7zQ6UFOKNXm/qbYJSCg3iPZGzOx4nijMVuqMvBXps0J5J3dnfImupTY:Tj9tTLHS3REOKdm/qbYJSCg3iPZGzOxo

authentihash ad908016dfd0c29381d79d0fd8b9151026063956e4aae1e1205a0839197a87f7
imphash 598c8e2ffad88fb6f820dfcbbce42e8e
File size 648.3 KB ( 663808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-04-20 21:47:10 UTC ( 2 years, 10 months ago )
Last submission 2015-11-27 00:44:31 UTC ( 1 year, 3 months ago )
File names PCI-Z.exe
PCI-Z.exe
PCI-Z
PCI-Z.1.3.0.1.exe
PCI-Z.exe
pci-z.exe
PCI-Z.exe
PCI-Z.exe
5C40A451C148A3E996FBA26186B35BEFB3DDEF4C9A2F2F693361922E77E99B39
5c40a451c148a3e996fba26186b35befb3ddef4c9a2f2f693361922e77e99b39.exe
PCI-Z.exe
PCI-Z.exe
43971061
pci-z.exe
PCI-Z.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
screen-capture

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.