× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6914b01aa13801db70f6ff2eafb6c8838a9f7e391d2f77711f7c1e372271627f
File name: isheriff_716a5e6263517dfea4b2c7e0e7bb678e.bin
Detection ratio: 44 / 57
Analysis date: 2016-06-04 23:19:32 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.22861 20160604
AegisLab Troj.W32.Generic!c 20160604
AhnLab-V3 Trojan/Win32.Foreign 20160604
ALYac Trojan.GenericKDZ.22861 20160604
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160604
Arcabit Trojan.Generic.D594D 20160604
Avast Win32:Cidox-BN [Rtk] 20160604
AVG Win32/Cryptor 20160604
Avira (no cloud) TR/Spy.ZBot.mtnq 20160604
AVware Trojan.Win32.Reveton.a (v) 20160604
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160603
Baidu-International Trojan.Win32.Injector.AIRR 20160604
BitDefender Trojan.GenericKDZ.22861 20160604
CAT-QuickHeal Trojan.Generic.r5 20160604
Comodo TrojWare.Win32.Spy.Zbot.NTJY 20160604
DrWeb Trojan.PWS.Panda.2401 20160604
Emsisoft Trojan.GenericKDZ.22861 (B) 20160604
ESET-NOD32 a variant of Win32/Injector.AIRR 20160604
F-Secure Trojan.GenericKDZ.22861 20160604
Fortinet W32/Zbot.MTNQ!tr 20160604
GData Trojan.GenericKDZ.22861 20160604
Ikarus Trojan.Win32.Loktrom 20160604
Jiangmin Trojan/Generic.axnxn 20160604
K7AntiVirus Backdoor ( 04c4ed2c1 ) 20160604
K7GW Backdoor ( 04c4ed2c1 ) 20160604
Kaspersky HEUR:Trojan.Win32.Generic 20160604
McAfee PWS-Zbot-FAXY!716A5E626351 20160605
McAfee-GW-Edition BehavesLike.Win32.Ramnit.dc 20160604
Microsoft PWS:Win32/Zbot!CI 20160604
eScan Trojan.GenericKDZ.22861 20160605
NANO-Antivirus Trojan.Win32.Winlock.cqjsrw 20160605
nProtect Trojan-Spy/W32.ZBot.234049 20160603
Panda Trj/CI.A 20160604
Qihoo-360 Win32/Trojan.ad7 20160605
Rising Trojan.Generic-SrSBtcZNTZR (Cloud) 20160604
Sophos AV Mal/EncPk-AKA 20160604
Symantec Packed.Generic.457 20160604
Tencent Win32.Trojan.Spy.Afhq 20160605
TrendMicro TROJ_REVETON.MX 20160604
TrendMicro-HouseCall TROJ_REVETON.MX 20160604
VBA32 BScope.Malware-Cryptor.Oop 20160603
VIPRE Trojan.Win32.Reveton.a (v) 20160604
Yandex TrojanSpy.Zbot!o8zx+XhishA 20160604
Zillya Trojan.Injector.Win32.237222 20160603
Alibaba 20160603
Bkav 20160604
ClamAV 20160604
CMC 20160602
Cyren 20160604
F-Prot 20160604
Kingsoft 20160605
Malwarebytes 20160604
SUPERAntiSpyware 20160604
TheHacker 20160604
TotalDefense 20160604
ViRobot 20160604
Zoner 20160604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2009. AnVir Software

Product AnVir Task Manager
Internal name usbhdd.exe
File version 6, 2, 0, 0
Description Usb HDD temperature monitoring
Comments Usb HDD temperature monitoring
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-27 16:07:14
Entry Point 0x00003C9B
Number of sections 5
PE sections
Overlays
MD5 262e30e572f54c89d8d8cef78677f088
File type data
Offset 229888
Size 4161
Entropy 7.83
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
EnumCalendarInfoExA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetSystemTimeAsFileTime
GetACP
SetComputerNameA
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
FindFirstVolumeMountPointW
CreateFileW
GetStringTypeW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
ReadConsoleOutputA
SetLastError
LeaveCriticalSection
Number of PE resources by type
Struct(13) 3
RT_VERSION 1
Number of PE resources by language
SYRIAC DEFAULT 3
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Usb HDD temperature monitoring

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
ASCII

InitializedDataSize
189952

EntryPoint
0x3c9b

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2009. AnVir Software

FileVersion
6, 2, 0, 0

TimeStamp
2013:06:27 17:07:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
usbhdd.exe

SubsystemVersion
5.0

ProductVersion
6, 2, 0, 0

FileDescription
Usb HDD temperature monitoring

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AnVir Software

CodeSize
38912

ProductName
AnVir Task Manager

ProductVersionNumber
6.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 716a5e6263517dfea4b2c7e0e7bb678e
SHA1 68f7de2a6e1b49b855a3ecfeea84e0df603f0358
SHA256 6914b01aa13801db70f6ff2eafb6c8838a9f7e391d2f77711f7c1e372271627f
ssdeep
3072:MPdo1NCZA7VC1QQQQbRe/1k863ezOwcAwyfzEJRn7o1XBjvRwLKRa64KWiaRdc2:MVobCZ71QQQQbmh63AcyAn0xGLKINqp2

authentihash 95b88e1a5a0a79cec7089302b17f2f2f1fcbd83dc65d831a2da3ba1a96f112bd
imphash 69de03683bec83fa51fa5f7b8e657b16
File size 228.6 KB ( 234049 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-06-27 20:21:11 UTC ( 5 years, 4 months ago )
Last submission 2016-06-04 23:19:32 UTC ( 2 years, 5 months ago )
File names usbhdd.exe
68f7de2a6e1b49b855a3ecfeea84e0df603f0358
ccc.exe
isheriff_716a5e6263517dfea4b2c7e0e7bb678e.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs