× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d651f449d12e6bc75a0c875b4dae19d8b3ec8b3933b6c744942b5763d5df08d
File name: 00000001.exe
Detection ratio: 44 / 56
Analysis date: 2016-04-27 19:35:49 UTC ( 2 months ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.34789 20160427
AVG ScreenLocker_s.KG 20160427
AVware Trojan.Win32.Generic.pak!cobra 20160427
Ad-Aware Gen:Variant.Symmi.34789 20160427
AhnLab-V3 Win-Trojan/Agent.89088.HX 20160427
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20160427
Arcabit Trojan.Symmi.D87E5 20160427
Avast Win32:Evo-gen [Susp] 20160427
Avira (no cloud) TR/Dldr.Dofoil.U.269 20160427
Baidu-International Trojan.Win32.Zurgop.AZ 20160427
BitDefender Gen:Variant.Symmi.34789 20160427
Bkav W32.GarielQ.Trojan 20160427
Comodo UnclassifiedMalware 20160427
Cyren W32/Trojan.LUTB-5228 20160427
DrWeb Trojan.Siggen5.60588 20160427
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AZ 20160427
Emsisoft Gen:Variant.Symmi.34789 (B) 20160427
F-Secure Gen:Variant.Symmi.34789 20160427
Fortinet W32/Zbot.PKDP!tr 20160427
GData Gen:Variant.Symmi.34789 20160427
Ikarus Trojan-Spy.Win32.Zbot 20160427
Jiangmin Trojan/Generic.bawzu 20160427
K7AntiVirus Trojan-Downloader ( 00423be71 ) 20160427
K7GW Trojan-Downloader ( 00423be71 ) 20160427
Kaspersky HEUR:Trojan.Win32.Generic 20160427
Kingsoft Win32.Troj.Undef.(kcloud) 20160427
Malwarebytes Spyware.Zbot.ED 20160427
McAfee Generic.dx!DC0DBF82E756 20160427
McAfee-GW-Edition BehavesLike.Win32.Sality.mh 20160427
eScan Gen:Variant.Symmi.34789 20160427
Microsoft VirTool:Win32/Obfuscator.AAO 20160427
NANO-Antivirus Trojan.Win32.Agent.cjwcgl 20160427
Panda Trj/Dtcontx.I 20160427
Qihoo-360 Win32/Trojan.e6d 20160427
Sophos Mal/Generic-S 20160427
Symantec Trojan.Ransomlock.Q 20160427
Tencent Win32.Trojan.Generic.Wqwr 20160427
TheHacker Trojan/Downloader.Zurgop.az 20160426
TrendMicro TROJ_RANSOM.PHP 20160427
TrendMicro-HouseCall TROJ_RANSOM.PHP 20160427
VBA32 Hoax.Foreign 20160427
VIPRE Trojan.Win32.Generic.pak!cobra 20160427
ViRobot Trojan.Win32.Z.Zurgop.89088[h] 20160427
Zillya Downloader.Zurgop.Win32.587 20160427
AegisLab 20160427
Alibaba 20160427
Baidu 20160427
CAT-QuickHeal 20160427
CMC 20160425
ClamAV 20160427
F-Prot 20160427
Rising 20160427
SUPERAntiSpyware 20160427
Yandex 20160427
Zoner 20160427
nProtect 20160427
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2010-2013 - ProperWay Software

Product BLEND VWDExpress IDE Extension
Original name blendvwdext
Internal name BLEND VWDExpress
File version 2.3.1.1
Description BLEND VWDExpress IDE Extension
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-21 23:12:21
Entry Point 0x00001B58
Number of sections 4
PE sections
PE imports
CreateEditableStream
FindTextA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetLocalTime
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
ExitProcess
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
GetErrorInfo
RpcRevertToSelf
CreatePopupMenu
SendMessageW
GetMenu
UpdateWindow
EnumWindowStationsW
SendDlgItemMessageW
FindWindowA
EnableMenuItem
LoadMenuW
DeleteMenu
CoInitialize
PE exports
Number of PE resources by type
RT_ICON 3
RT_BITMAP 3
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
HUNGARIAN DEFAULT 10
ENGLISH US 1
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.1.1

UninitializedDataSize
0

LanguageCode
Hungarian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
33280

EntryPoint
0x1b58

OriginalFileName
blendvwdext

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2010-2013 - ProperWay Software

FileVersion
2.3.1.1

TimeStamp
2013:10:22 00:12:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BLEND VWDExpress

ProductVersion
2.3.1.1

FileDescription
BLEND VWDExpress IDE Extension

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ProperWay Software

CodeSize
54784

ProductName
BLEND VWDExpress IDE Extension

ProductVersionNumber
2.3.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dc0dbf82e756fe110c5fbdd771fe67f5
SHA1 8e09174d2dfae16c729b1f64b6344cc6b230a981
SHA256 5d651f449d12e6bc75a0c875b4dae19d8b3ec8b3933b6c744942b5763d5df08d
ssdeep
1536:5t1cVUoGp5idld5YOgcOHhkuaFExuNTLshW7k:5tuTdld5ecOHhkEwNTLcW7k

authentihash bd67cda6ccc39a6fe2d6fd1f672d492452eda72d4bde07a89fc5c699a367d0a7
imphash bac2ab37f66cbc284c177c1d26a8994e
File size 87.0 KB ( 89088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-23 10:52:27 UTC ( 2 years, 8 months ago )
Last submission 2016-04-27 19:35:49 UTC ( 2 months ago )
File names index.html.FC9EEB6B.html
index.html.F1E6FC6.html.ex
?9de26ff3b66ba82b35e31bf4ea975dfe
index.html.FC9EEB6B[1].html
1.exe
index.html.FC9EEB6B.html.exe
vti-rescan
00000001.exe
174d2dfae16c729b1f64b6344cc6b230a981
blendvwdext
ex1
9.exe_
29124581194-9-36_1.0.hidden1_xor41.exe
BLEND VWDExpress
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
HTTP requests
DNS requests
TCP connections