× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d651f449d12e6bc75a0c875b4dae19d8b3ec8b3933b6c744942b5763d5df08d
File name: ?9de26ff3b66ba82b35e31bf4ea975dfe
Detection ratio: 45 / 54
Analysis date: 2016-02-01 11:47:44 UTC ( 5 days, 22 hours ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.34789 20160130
AVG ScreenLocker_s.KG 20160130
Ad-Aware Gen:Variant.Symmi.34789 20160130
AegisLab Troj.W32.Generic!c 20160130
AhnLab-V3 Win-Trojan/Agent.89088.HX 20160129
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20160130
Arcabit Trojan.Symmi.D87E5 20160130
Avast Win32:Malware-gen 20160130
Avira TR/Dldr.Dofoil.U.269 20160130
Baidu-International Trojan.Win32.Zurgop.AZ 20160129
BitDefender Gen:Variant.Symmi.34789 20160130
Bkav W32.GarielQ.Trojan 20160129
CAT-QuickHeal TrojanDownloader.Dofoil.r4 20160201
Comodo UnclassifiedMalware 20160130
Cyren W32/Trojan.LUTB-5228 20160201
DrWeb Trojan.Siggen5.60588 20160201
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AZ 20160201
Emsisoft Gen:Variant.Symmi.34789 (B) 20160201
F-Secure Gen:Variant.Symmi.34789 20160129
Fortinet W32/Zbot.PKDP!tr 20160201
GData Gen:Variant.Symmi.34789 20160201
Ikarus Trojan-Spy.Win32.Zbot 20160201
Jiangmin Trojan/Generic.bawzu 20160201
K7AntiVirus Trojan-Downloader ( 00423be71 ) 20160201
K7GW Trojan-Downloader ( 00423be71 ) 20160201
Kaspersky HEUR:Trojan.Win32.Generic 20160201
Malwarebytes Spyware.Zbot.ED 20160201
McAfee Generic.dx!DC0DBF82E756 20160201
McAfee-GW-Edition BehavesLike.Win32.Downloader.mh 20160201
MicroWorld-eScan Gen:Variant.Symmi.34789 20160201
Microsoft TrojanDownloader:Win32/Dofoil.U 20160201
NANO-Antivirus Trojan.Win32.Agent.cjwcgl 20160201
Panda Trj/Dtcontx.I 20160201
Qihoo-360 Win32/Trojan.e6d 20160201
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160201
Sophos Mal/Generic-S 20160201
Symantec Trojan.Ransomlock.Q 20160201
Tencent Win32.Trojan.Generic.Wqwr 20160201
TheHacker Trojan/Downloader.Zurgop.az 20160130
TrendMicro TROJ_RANSOM.PHP 20160201
TrendMicro-HouseCall TROJ_RANSOM.PHP 20160201
VBA32 Hoax.Foreign 20160201
VIPRE Trojan.Win32.Generic.pak!cobra 20160130
ViRobot Trojan.Win32.Z.Zurgop.89088[h] 20160129
Zillya Downloader.Zurgop.Win32.587 20160130
Agnitum 20160129
Alibaba 20160129
ByteHero 20160201
CMC 20160130
ClamAV 20160130
F-Prot 20160129
SUPERAntiSpyware 20160201
Zoner 20160130
nProtect 20160201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2010-2013 - ProperWay Software

Product BLEND VWDExpress IDE Extension
Original name blendvwdext
Internal name BLEND VWDExpress
File version 2.3.1.1
Description BLEND VWDExpress IDE Extension
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-21 23:12:21
Link date 12:12 AM 10/22/2013
Entry Point 0x00001B58
Number of sections 4
PE sections
PE imports
CreateEditableStream
FindTextA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetLocalTime
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
ExitProcess
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
GetErrorInfo
RpcRevertToSelf
CreatePopupMenu
SendMessageW
GetMenu
UpdateWindow
EnumWindowStationsW
SendDlgItemMessageW
FindWindowA
EnableMenuItem
LoadMenuW
DeleteMenu
CoInitialize
PE exports
Number of PE resources by type
RT_ICON 3
RT_BITMAP 3
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
HUNGARIAN DEFAULT 10
ENGLISH US 1
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
33280

ImageVersion
0.0

ProductName
BLEND VWDExpress IDE Extension

FileVersionNumber
2.3.1.1

UninitializedDataSize
0

LanguageCode
Hungarian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
blendvwdext

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.3.1.1

TimeStamp
2013:10:22 00:12:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BLEND VWDExpress

ProductVersion
2.3.1.1

FileDescription
BLEND VWDExpress IDE Extension

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2010-2013 - ProperWay Software

MachineType
Intel 386 or later, and compatibles

CompanyName
ProperWay Software

CodeSize
54784

FileSubtype
0

ProductVersionNumber
2.3.1.1

EntryPoint
0x1b58

ObjectFileType
Executable application

File identification
MD5 dc0dbf82e756fe110c5fbdd771fe67f5
SHA1 8e09174d2dfae16c729b1f64b6344cc6b230a981
SHA256 5d651f449d12e6bc75a0c875b4dae19d8b3ec8b3933b6c744942b5763d5df08d
ssdeep
1536:5t1cVUoGp5idld5YOgcOHhkuaFExuNTLshW7k:5tuTdld5ecOHhkEwNTLcW7k

authentihash bd67cda6ccc39a6fe2d6fd1f672d492452eda72d4bde07a89fc5c699a367d0a7
imphash bac2ab37f66cbc284c177c1d26a8994e
File size 87.0 KB ( 89088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-23 10:52:27 UTC ( 2 years, 3 months ago )
Last submission 2016-02-01 11:47:44 UTC ( 5 days, 22 hours ago )
File names index.html.FC9EEB6B.html
index.html.F1E6FC6.html.ex
?9de26ff3b66ba82b35e31bf4ea975dfe
index.html.FC9EEB6B[1].html
1.exe
index.html.FC9EEB6B.html.exe
vti-rescan
174d2dfae16c729b1f64b6344cc6b230a981
blendvwdext
9.exe_
29124581194-9-36_1.0.hidden1_xor41.exe
BLEND VWDExpress
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
HTTP requests
DNS requests
TCP connections