× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d651f449d12e6bc75a0c875b4dae19d8b3ec8b3933b6c744942b5763d5df08d
File name: ?9de26ff3b66ba82b35e31bf4ea975dfe
Detection ratio: 42 / 57
Analysis date: 2015-02-09 16:57:33 UTC ( 2 weeks, 6 days ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.34789 20150209
AVG ScreenLocker_s.KG 20150209
AVware Trojan.Win32.Generic.pak!cobra 20150209
Ad-Aware Gen:Variant.Symmi.34789 20150209
AhnLab-V3 Win-Trojan/Agent.89088.HX 20150209
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20150209
Avast Win32:Malware-gen 20150209
Avira TR/Dldr.Dofoil.U.269 20150209
Baidu-International Trojan.Win32.Zurgop.bAZ 20150209
BitDefender Gen:Variant.Symmi.34789 20150209
Bkav W32.GarielQ.Trojan 20150209
CAT-QuickHeal TrojanDownloader.Dofoil.r4 20150205
Comodo UnclassifiedMalware 20150209
DrWeb Trojan.Siggen5.60588 20150209
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AZ 20150209
Emsisoft Gen:Variant.Symmi.34789 (B) 20150209
F-Secure Gen:Variant.Symmi.34789 20150209
Fortinet W32/Zbot.PKDP!tr 20150209
GData Gen:Variant.Symmi.34789 20150209
Ikarus Trojan-Ransom.Win32.Foreign 20150209
K7AntiVirus Trojan-Downloader ( 00423be71 ) 20150209
K7GW Trojan-Downloader ( 00423be71 ) 20150209
Kaspersky HEUR:Trojan.Win32.Generic 20150209
Kingsoft Win32.Troj.Undef.(kcloud) 20150209
Malwarebytes Spyware.Zbot.ED 20150209
McAfee Generic.dx!DC0DBF82E756 20150209
McAfee-GW-Edition Generic.dx!DC0DBF82E756 20150209
MicroWorld-eScan Gen:Variant.Symmi.34789 20150209
Microsoft TrojanDownloader:Win32/Dofoil.U 20150209
NANO-Antivirus Trojan.Win32.Agent.cjwcgl 20150209
Norman Kryptik.CCRA 20150209
Panda Trj/Dtcontx.I 20150209
Qihoo-360 Win32/Trojan.e6d 20150209
Sophos Mal/Generic-S 20150209
Symantec Trojan.Ransomlock.Q 20150209
Tencent Win32.Trojan.Generic.Wqwr 20150209
TheHacker Trojan/Downloader.Zurgop.az 20150209
TrendMicro TROJ_RANSOM.PHP 20150209
TrendMicro-HouseCall TROJ_RANSOM.PHP 20150209
VBA32 Hoax.Foreign 20150209
VIPRE Trojan.Win32.Generic.pak!cobra 20150209
Zillya Downloader.Zurgop.Win32.587 20150209
AegisLab 20150209
Agnitum 20150208
Alibaba 20150208
ByteHero 20150209
CMC 20150209
ClamAV 20150209
Cyren 20150209
F-Prot 20150209
Jiangmin 20150208
Rising 20150209
SUPERAntiSpyware 20150208
TotalDefense 20150209
ViRobot 20150209
Zoner 20150209
nProtect 20150209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright (C) 2010-2013 - ProperWay Software

Publisher ProperWay Software
Product BLEND VWDExpress IDE Extension
Original name blendvwdext
Internal name BLEND VWDExpress
File version 2.3.1.1
Description BLEND VWDExpress IDE Extension
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-21 23:12:21
Link date 12:12 AM 10/22/2013
Entry Point 0x00001B58
Number of sections 4
PE sections
PE imports
CreateEditableStream
FindTextA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetLocalTime
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
ExitProcess
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
GetErrorInfo
RpcRevertToSelf
CreatePopupMenu
SendMessageW
GetMenu
UpdateWindow
EnumWindowStationsW
SendDlgItemMessageW
FindWindowA
EnableMenuItem
LoadMenuW
DeleteMenu
CoInitialize
PE exports
Number of PE resources by type
RT_ICON 3
RT_BITMAP 3
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
HUNGARIAN DEFAULT 10
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.1.1

UninitializedDataSize
0

LanguageCode
Hungarian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
33280

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2010-2013 - ProperWay Software

FileVersion
2.3.1.1

TimeStamp
2013:10:22 00:12:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BLEND VWDExpress

FileAccessDate
2015:02:09 17:57:30+01:00

ProductVersion
2.3.1.1

FileDescription
BLEND VWDExpress IDE Extension

OSVersion
5.1

FileCreateDate
2015:02:09 17:57:30+01:00

OriginalFilename
blendvwdext

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ProperWay Software

CodeSize
54784

ProductName
BLEND VWDExpress IDE Extension

ProductVersionNumber
2.3.1.1

EntryPoint
0x1b58

ObjectFileType
Executable application

Compressed bundles
PCAP parents
File identification
MD5 dc0dbf82e756fe110c5fbdd771fe67f5
SHA1 8e09174d2dfae16c729b1f64b6344cc6b230a981
SHA256 5d651f449d12e6bc75a0c875b4dae19d8b3ec8b3933b6c744942b5763d5df08d
ssdeep
1536:5t1cVUoGp5idld5YOgcOHhkuaFExuNTLshW7k:5tuTdld5ecOHhkEwNTLcW7k

authentihash bd67cda6ccc39a6fe2d6fd1f672d492452eda72d4bde07a89fc5c699a367d0a7
imphash bac2ab37f66cbc284c177c1d26a8994e
File size 87.0 KB ( 89088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-23 10:52:27 UTC ( 1 year, 4 months ago )
Last submission 2015-02-09 16:57:33 UTC ( 2 weeks, 6 days ago )
File names index.html.FC9EEB6B.html
index.html.F1E6FC6.html.ex
?9de26ff3b66ba82b35e31bf4ea975dfe
index.html.FC9EEB6B[1].html
1.exe
index.html.FC9EEB6B.html.exe
vti-rescan
174d2dfae16c729b1f64b6344cc6b230a981
blendvwdext
9.exe_
29124581194-9-36_1.0.hidden1_xor41.exe
BLEND VWDExpress
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
HTTP requests
DNS requests
TCP connections