× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d651f449d12e6bc75a0c875b4dae19d8b3ec8b3933b6c744942b5763d5df08d
File name: ?9de26ff3b66ba82b35e31bf4ea975dfe
Detection ratio: 39 / 49
Analysis date: 2016-07-04 08:12:37 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.34789 20160704
AVG ScreenLocker_s.KG 20160704
Ad-Aware Gen:Variant.Symmi.34789 20160704
AegisLab Troj.W32.Generic!c 20160704
AhnLab-V3 Spyware/Win32.Zbot.R86411 20160703
Arcabit Trojan.Symmi.D87E5 20160704
Avast Win32:Evo-gen [Susp] 20160704
Avira (no cloud) TR/Dldr.Dofoil.U.269 20160703
BitDefender Gen:Variant.Symmi.34789 20160704
Bkav W32.GarielQ.Trojan 20160702
Comodo UnclassifiedMalware 20160704
Cyren W32/Trojan.LUTB-5228 20160704
DrWeb Trojan.Siggen5.60588 20160704
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AZ 20160704
Emsisoft Gen:Variant.Symmi.34789 (B) 20160704
F-Secure Gen:Variant.Symmi.34789 20160704
Fortinet W32/Zbot.PKDP!tr 20160704
GData Gen:Variant.Symmi.34789 20160704
Ikarus Trojan-Spy.Win32.Zbot 20160704
Jiangmin Trojan/Generic.bawzu 20160704
K7AntiVirus Trojan-Downloader ( 00423be71 ) 20160704
K7GW Trojan-Downloader ( 00423be71 ) 20160704
Kaspersky HEUR:Trojan.Win32.Generic 20160703
Malwarebytes Spyware.Zbot.ED 20160704
McAfee Generic.dx!DC0DBF82E756 20160704
McAfee-GW-Edition Generic.dx!DC0DBF82E756 20160703
eScan Gen:Variant.Symmi.34789 20160704
Microsoft VirTool:Win32/Obfuscator.AAO 20160704
NANO-Antivirus Trojan.Win32.Agent.cjwcgl 20160704
Panda Trj/Dtcontx.I 20160704
Qihoo-360 Win32/Trojan.e6d 20160704
Sophos Mal/Generic-S 20160704
Symantec Trojan.Ransomlock.Q 20160701
Tencent Win32.Trojan.Generic.Wqwr 20160704
TheHacker Trojan/Downloader.Zurgop.az 20160702
TrendMicro-HouseCall TROJ_RANSOM.PHP 20160704
VBA32 Hoax.Foreign 20160703
ViRobot Trojan.Win32.Z.Zurgop.89088[h] 20160704
Zillya Downloader.Zurgop.Win32.587 20160703
AVware 20160704
Alibaba 20160704
Antiy-AVL 20160704
Baidu 20160704
CAT-QuickHeal 20160704
CMC 20160704
ClamAV 20160704
F-Prot 20160704
Kingsoft 20160704
SUPERAntiSpyware 20160704
TrendMicro 20160704
VIPRE 20160704
Zoner 20160704
nProtect 20160701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2010-2013 - ProperWay Software

Product BLEND VWDExpress IDE Extension
Original name blendvwdext
Internal name BLEND VWDExpress
File version 2.3.1.1
Description BLEND VWDExpress IDE Extension
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-21 23:12:21
Entry Point 0x00001B58
Number of sections 4
PE sections
PE imports
CreateEditableStream
FindTextA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetLocalTime
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
ExitProcess
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
GetErrorInfo
RpcRevertToSelf
CreatePopupMenu
SendMessageW
GetMenu
UpdateWindow
EnumWindowStationsW
SendDlgItemMessageW
FindWindowA
EnableMenuItem
LoadMenuW
DeleteMenu
CoInitialize
PE exports
Number of PE resources by type
RT_ICON 3
RT_BITMAP 3
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
HUNGARIAN DEFAULT 10
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.1.1

UninitializedDataSize
0

LanguageCode
Hungarian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
33280

EntryPoint
0x1b58

OriginalFileName
blendvwdext

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2010-2013 - ProperWay Software

FileVersion
2.3.1.1

TimeStamp
2013:10:22 00:12:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BLEND VWDExpress

ProductVersion
2.3.1.1

FileDescription
BLEND VWDExpress IDE Extension

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ProperWay Software

CodeSize
54784

ProductName
BLEND VWDExpress IDE Extension

ProductVersionNumber
2.3.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dc0dbf82e756fe110c5fbdd771fe67f5
SHA1 8e09174d2dfae16c729b1f64b6344cc6b230a981
SHA256 5d651f449d12e6bc75a0c875b4dae19d8b3ec8b3933b6c744942b5763d5df08d
ssdeep
1536:5t1cVUoGp5idld5YOgcOHhkuaFExuNTLshW7k:5tuTdld5ecOHhkEwNTLcW7k

authentihash bd67cda6ccc39a6fe2d6fd1f672d492452eda72d4bde07a89fc5c699a367d0a7
imphash bac2ab37f66cbc284c177c1d26a8994e
File size 87.0 KB ( 89088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-23 10:52:27 UTC ( 2 years, 10 months ago )
Last submission 2016-07-04 08:12:37 UTC ( 1 month, 3 weeks ago )
File names index.html.FC9EEB6B.html
index.html.F1E6FC6.html.ex
?9de26ff3b66ba82b35e31bf4ea975dfe
index.html.FC9EEB6B[1].html
1.exe
index.html.FC9EEB6B.html.exe
vti-rescan
00000001.exe
174d2dfae16c729b1f64b6344cc6b230a981
blendvwdext
ex1
9.exe_
29124581194-9-36_1.0.hidden1_xor41.exe
BLEND VWDExpress
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
HTTP requests
DNS requests
TCP connections