× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 657cbe89b97ecb8d2a4f2aed351335f029e1aae152bbdd2373ca0e1bd9ebc8a3
File name: 353d801e021675678ea33dbff1d900370dd42a15
Detection ratio: 6 / 57
Analysis date: 2015-06-17 01:10:14 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150617
AVG FileCryptor.CFL 20150616
ESET-NOD32 Win32/Spy.Zbot.ACB 20150617
Kaspersky UDS:DangerousObject.Multi.Generic 20150617
Malwarebytes Trojan.FakeVER.ED 20150616
Tencent Trojan.Win32.Qudamah.Gen.5 20150617
Ad-Aware 20150617
AegisLab 20150617
Yandex 20150616
AhnLab-V3 20150616
Alibaba 20150616
ALYac 20150617
Antiy-AVL 20150616
Arcabit 20150617
Avira (no cloud) 20150616
AVware 20150617
Baidu-International 20150616
BitDefender 20150617
Bkav 20150616
ByteHero 20150617
CAT-QuickHeal 20150616
ClamAV 20150617
CMC 20150615
Comodo 20150616
Cyren 20150616
DrWeb 20150617
Emsisoft 20150617
F-Prot 20150616
F-Secure 20150616
Fortinet 20150616
GData 20150617
Ikarus 20150617
Jiangmin 20150615
K7AntiVirus 20150616
K7GW 20150616
Kingsoft 20150617
McAfee 20150617
McAfee-GW-Edition 20150616
Microsoft 20150617
eScan 20150617
NANO-Antivirus 20150617
nProtect 20150616
Panda 20150616
Qihoo-360 20150617
Rising 20150616
Sophos AV 20150616
SUPERAntiSpyware 20150617
Symantec 20150617
TheHacker 20150616
TotalDefense 20150616
TrendMicro 20150617
TrendMicro-HouseCall 20150617
VBA32 20150616
VIPRE 20150617
ViRobot 20150617
Zillya 20150616
Zoner 20150615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2008-2015 (c) CrystalIDEA Software. All rights reserved.

Product AnyToISO Converter
Original name anytoiso.exe
Internal name anytoiso.exe
File version 3.6.3.490
Description AnyToISO Converter
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-16 12:53:49
Entry Point 0x0000211D
Number of sections 5
PE sections
PE imports
LineTo
DeleteDC
SetDCPenColor
PatBlt
MoveToEx
CreatePen
GetStockObject
CreateSolidBrush
Rectangle
SelectObject
GdiFlush
CreateDIBSection
GetCharWidth32A
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
IcmpCloseHandle
GetAdaptersInfo
IcmpCreateFile
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GlobalFree
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
SetConsoleCursorPosition
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
DecodePointer
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FillConsoleOutputCharacterA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
EncodePointer
GetStartupInfoW
ExitProcess
WideCharToMultiByte
GetModuleFileNameW
TlsFree
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
GlobalAlloc
GetEnvironmentStringsW
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
OleCreatePictureIndirect
ReleaseDC
OpenClipboard
GetClientRect
EmptyClipboard
EndPaint
EndDialog
BeginPaint
DrawIconEx
MoveWindow
IsWindowVisible
CheckRadioButton
GetUserObjectInformationA
GetDC
IsDlgButtonChecked
CloseClipboard
CharNextW
SetClipboardData
DeleteMenu
CopyImage
inet_addr
Number of PE resources by type
RT_STRING 9
RT_ACCELERATOR 2
RT_RCDATA 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.6.3.490

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
61440

EntryPoint
0x211d

OriginalFileName
anytoiso.exe

MIMEType
application/octet-stream

LegalCopyright
2008-2015 (c) CrystalIDEA Software. All rights reserved.

FileVersion
3.6.3.490

TimeStamp
2015:06:16 13:53:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
anytoiso.exe

ProductVersion
3.6.3.490

FileDescription
AnyToISO Converter

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CrystalIDEA Software

CodeSize
379392

ProductName
AnyToISO Converter

ProductVersionNumber
3.6.3.490

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 22f6a7a0b13a4d71176d5c535eb040d1
SHA1 353d801e021675678ea33dbff1d900370dd42a15
SHA256 657cbe89b97ecb8d2a4f2aed351335f029e1aae152bbdd2373ca0e1bd9ebc8a3
ssdeep
6144:bWYfmZ1OvkDsx8cO22U9+fqGhMy1/fGtd7fLMpVK7bZq24AzGJu2:6YfmZfq8N2uiy1uLLMjKQ2Fx2

authentihash 6254ebc2a3cac03c5b968fafe8288f71e81b53685c3cf9183d95a34c45f8cc16
imphash 3a6d3736af2082fdf57cc4cc77d70b0a
File size 431.5 KB ( 441856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-17 01:10:14 UTC ( 3 years, 9 months ago )
Last submission 2015-06-17 01:10:14 UTC ( 3 years, 9 months ago )
File names anytoiso.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.