× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60aaecfd82f9e9266e8b1f7484c9a4d5a40743c90607a897db8ab78395e05cde
File name: image803.facebook.com
Detection ratio: 3 / 53
Analysis date: 2014-06-10 14:24:44 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Bkav HW32.Laneul.dows 20140606
Kaspersky Trojan.Win32.Agent.aglwy 20140610
Microsoft PWS:Win32/Zbot 20140610
Ad-Aware 20140610
AegisLab 20140610
Yandex 20140610
AhnLab-V3 20140610
AntiVir 20140610
Antiy-AVL 20140610
Avast 20140610
AVG 20140610
Baidu-International 20140610
BitDefender 20140610
ByteHero 20140610
CAT-QuickHeal 20140610
ClamAV 20140610
CMC 20140610
Commtouch 20140610
Comodo 20140610
DrWeb 20140610
Emsisoft 20140610
ESET-NOD32 20140610
F-Prot 20140610
F-Secure 20140610
Fortinet 20140610
GData 20140610
Ikarus 20140610
Jiangmin 20140610
K7AntiVirus 20140610
K7GW 20140610
Kingsoft 20140610
Malwarebytes 20140610
McAfee 20140610
McAfee-GW-Edition 20140609
eScan 20140610
NANO-Antivirus 20140610
Norman 20140610
nProtect 20140610
Panda 20140610
Qihoo-360 20140610
Rising 20140610
Sophos AV 20140610
SUPERAntiSpyware 20140610
Symantec 20140610
Tencent 20140610
TheHacker 20140609
TotalDefense 20140610
TrendMicro 20140610
TrendMicro-HouseCall 20140610
VBA32 20140610
VIPRE 20140610
ViRobot 20140610
Zoner 20140606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1994 - 2013

Publisher OrangeWare, Inc.
Product PthXQCeswZ
Original name TVgapvAsHOgI.exe
Internal name TVgapvAsHOgI.exe
File version 23,7,12,11
Description LWbp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-29 21:08:10
Entry Point 0x000022F5
Number of sections 4
PE sections
PE imports
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegCreateKeyW
RegOpenKeyExA
IsTextUnicode
RegQueryValueExW
PrintDlgExW
GetOpenFileNameW
GetFileTitleW
ChooseFontW
GetSaveFileNameW
FindTextW
ReplaceTextW
CommDlgExtendedError
PageSetupDlgW
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
EnumFontsW
LPtoDP
GetDeviceCaps
DeleteDC
SetBkMode
EndDoc
StartPage
DeleteObject
GetObjectW
CreateDCW
SetAbortProc
GetTextFaceW
GetStockObject
StartDocW
EndPage
GetTextExtentPoint32W
AbortDoc
SetWindowExtEx
SelectObject
SetViewportExtEx
GetStdHandle
GetFileAttributesA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
DebugActiveProcessStop
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
LoadResource
FindClose
TlsGetValue
SetLastError
GetUserDefaultUILanguage
GetWriteWatch
LocalLock
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FoldStringW
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetDateFormatW
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
lstrcpyW
GetBinaryTypeW
GetFileInformationByHandle
FindFirstFileW
lstrcmpW
GetUserDefaultLCID
LocalSize
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LocalUnlock
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
UnmapViewOfFile
GlobalFree
LCMapStringA
GetTimeFormatW
DefineDosDeviceA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
lstrcpynW
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
DragAcceptFiles
DragQueryFileW
DragFinish
ShellAboutW
SetFocus
RegisterWindowMessageW
GetForegroundWindow
GetParent
UpdateWindow
DrawTextExW
EndDialog
GetMessageW
DefWindowProcW
CharUpperW
PostQuitMessage
SetWinEventHook
ShowWindow
MessageBeep
GetDesktopWindow
GetSystemMetrics
SetScrollPos
MessageBoxW
PeekMessageW
RegisterClassExW
SetWindowPlacement
MoveWindow
DialogBoxParamW
SendDlgItemMessageW
LoadIconW
CharLowerW
TranslateMessage
ChildWindowFromPoint
PostMessageW
SendMessageW
SetActiveWindow
DispatchMessageW
CreateWindowExW
GetCursorPos
ReleaseDC
GetDlgCtrlID
CheckMenuItem
GetMenu
GetWindowLongW
WinHelpW
GetWindowPlacement
DestroyWindow
GetClientRect
SetWindowLongW
GetDlgItem
SetDlgItemTextW
SetCursor
UnhookWinEvent
IsIconic
ScreenToClient
InvalidateRect
CreateDialogParamW
GetSubMenu
IsClipboardFormatAvailable
OpenClipboard
LoadImageW
LoadStringW
IsDialogMessageW
EnableWindow
SetWindowTextW
GetWindowTextW
EnableMenuItem
GetMenuState
GetKeyboardLayout
LoadCursorW
GetSystemMenu
GetFocus
GetDC
LoadAcceleratorsW
wsprintfW
CloseClipboard
GetDlgItemTextW
CharNextW
TranslateAcceleratorW
GetPrinterDriverW
ClosePrinter
OpenPrinterW
Number of PE resources by type
RT_RCDATA 32
RT_STRING 10
RT_DIALOG 3
RT_MENU 3
RT_ACCELERATOR 3
RT_VERSION 1
Number of PE resources by language
ENGLISH US 49
ENGLISH *unknown* 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
23.7.12.11

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Hebrew

InitializedDataSize
331264

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1994 - 2013

FileVersion
23,7,12,11

TimeStamp
2014:05:29 22:08:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TVgapvAsHOgI.exe

ProductVersion
23,7,12,11

FileDescription
LWbp

OSVersion
5.0

OriginalFilename
TVgapvAsHOgI.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OrangeWare, Inc.

CodeSize
28160

ProductName
PthXQCeswZ

ProductVersionNumber
23.7.12.11

EntryPoint
0x22f5

ObjectFileType
Executable application

File identification
MD5 c7a562e36f7eae16a1d59ee9e9cea840
SHA1 5a5a3f1b31e04d7a5fe3555cdff8613074341bcc
SHA256 60aaecfd82f9e9266e8b1f7484c9a4d5a40743c90607a897db8ab78395e05cde
ssdeep
3072:UA7P3S5AqNAYHwbpMYKKe0SDixbreraPeEvC0qvgTIiOPISiWAzCeqd4PQ:B/PY8h7wDiZKUFqYTIiOPISiWcYC

authentihash 8048694641906522f1bbebaaaded24164f7991928b0be7c76b199791d4b70fcd
imphash 4a339e764c62ff606ca46aa3b56d90d5
File size 169.0 KB ( 173056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-10 14:24:44 UTC ( 4 years, 9 months ago )
Last submission 2014-06-10 14:24:44 UTC ( 4 years, 9 months ago )
File names image803.facebook.com
TVgapvAsHOgI.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.