× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 695d5cc9d38ea8f7a3d6c9c227fc7fdbc42d31626adc1842e442d77c87502b9a
File name: f01d45e547d9e1149d4fda7b6685f470.virus
Detection ratio: 27 / 56
Analysis date: 2016-06-26 20:52:08 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.72771 20160626
AhnLab-V3 Malware/Win32.Generic.C1489405 20160626
Antiy-AVL Trojan/Win32.Yakes 20160626
Arcabit Trojan.Razy.D11C43 20160626
Avast Win32:Trojan-gen 20160626
AVG Generic_r.KIJ 20160626
Avira (no cloud) TR/Crypt.ZPACK.kjbk 20160626
AVware Trojan.Win32.Generic.pak!cobra 20160626
Baidu Win32.Trojan.WisdomEyes.151026.9950.9992 20160624
BitDefender Gen:Variant.Razy.72771 20160626
DrWeb Trojan.Siggen6.58358 20160626
Emsisoft Gen:Variant.Razy.72771 (B) 20160626
ESET-NOD32 a variant of Win32/Kryptik.FATA 20160626
F-Secure Gen:Variant.Razy.72771 20160626
Fortinet W32/Yakes.FATA!tr 20160626
GData Gen:Variant.Razy.72771 20160626
K7AntiVirus Trojan ( 004f2a8f1 ) 20160626
K7GW Trojan ( 004f2a8f1 ) 20160626
Kaspersky Trojan.Win32.Yakes.pwut 20160626
McAfee Artemis!F01D45E547D9 20160626
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dm 20160626
Microsoft Trojan:Win32/Dorv.D!rfn 20160626
eScan Gen:Variant.Razy.72771 20160626
Panda Trj/GdSda.A 20160626
Qihoo-360 QVM20.1.Malware.Gen 20160626
Sophos AV Mal/Generic-S 20160626
VIPRE Trojan.Win32.Generic.pak!cobra 20160626
AegisLab 20160624
Alibaba 20160624
ALYac 20160626
Baidu-International 20160614
Bkav 20160625
CAT-QuickHeal 20160625
ClamAV 20160626
CMC 20160620
Comodo 20160626
Cyren 20160626
F-Prot 20160626
Ikarus 20160626
Jiangmin 20160626
Kingsoft 20160626
Malwarebytes 20160626
NANO-Antivirus 20160626
nProtect 20160624
SUPERAntiSpyware 20160626
Symantec 20160626
Tencent 20160626
TheHacker 20160625
TotalDefense 20160626
TrendMicro 20160626
TrendMicro-HouseCall 20160626
VBA32 20160625
ViRobot 20160626
Yandex 20160626
Zillya 20160625
Zoner 20160626
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2000-2012 Cortado AG

Product ThinPrint Virtual Channel Gateway
Original name TPVCGateway.exe
Internal name TPVCGateway
File version 8,6,239,2
Description ThinPrint Virtual Channel Gateway Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-24 16:41:55
Entry Point 0x00002610
Number of sections 4
PE sections
PE imports
RegOpenKeyW
RegQueryValueExW
ImageList_GetImageCount
ImageList_BeginDrag
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
ImageList_SetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
ImageList_AddMasked
SetMetaRgn
AddFontResourceA
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
CreateHalftonePalette
GdiFlush
GetTextCharset
GetROP2
DeleteEnhMetaFile
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GdiGetBatchLimit
RestoreDC
SetBkMode
StretchBlt
CreateFontW
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
BitBlt
SetTextColor
GetTextExtentPointW
CreatePatternBrush
ExtTextOutW
FillPath
CreateBitmap
MoveToEx
DeleteColorSpace
GetStockObject
EnumFontFamiliesExW
AbortPath
UnrealizeObject
SetTextAlign
SetBrushOrgEx
CreateCompatibleDC
StartDocW
CloseEnhMetaFile
CreateHatchBrush
SetROP2
EndPage
CloseFigure
SelectObject
BeginPath
AbortDoc
CloseMetaFile
CancelDC
SetWindowOrgEx
DPtoLP
SetBkColor
OffsetWindowOrgEx
GetTextExtentPoint32W
CreateCompatibleBitmap
DeleteMetaFile
EndPath
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetProcAddress
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetTimeZoneInformation
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
SetLastError
PeekNamedPipe
TlsGetValue
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetModuleHandleA
SetFileAttributesW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
VirtualAllocEx
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
FindResourceW
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
GetTempPathW
Sleep
GetClipboardViewer
CreateMenu
GetDoubleClickTime
LoadIconA
CountClipboardFormats
EndMenu
GetInputState
GetCapture
GetDialogBaseUnits
LoadIconW
GetClipboardOwner
GetClipboardSequenceNumber
GetCursor
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 12
RT_DIALOG 4
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 51
NEUTRAL 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
151552

ImageVersion
0.0

ProductName
ThinPrint Virtual Channel Gateway

FileVersionNumber
8.6.239.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ThinPrint Virtual Channel Gateway Service

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
TPVCGateway.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8,6,239,2

TimeStamp
2016:06:24 17:41:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TPVCGateway

ProductVersion
8,6,239,2

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2000-2012 Cortado AG

MachineType
Intel 386 or later, and compatibles

CompanyName
Cortado AG

CodeSize
109056

FileSubtype
0

ProductVersionNumber
8.6.239.2

EntryPoint
0x2610

ObjectFileType
Executable application

File identification
MD5 f01d45e547d9e1149d4fda7b6685f470
SHA1 fe3115298a3de20b05ae00f2760fef55741315e6
SHA256 695d5cc9d38ea8f7a3d6c9c227fc7fdbc42d31626adc1842e442d77c87502b9a
ssdeep
3072:ae+3gF0kJkgmAMbAtsrLnVEFBwDbZ0/NIcUW0bfOFMbJJ:wwJktAM8sVEFyC/

authentihash 1462b42b629b2b58f7782d2189a5d4cd4348b7bf8e6f625dbfaa29e46217afa7
imphash 39685d50b49807a4481a12c5268b6bc3
File size 255.0 KB ( 261120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-26 20:52:08 UTC ( 2 years, 9 months ago )
Last submission 2016-06-26 20:52:08 UTC ( 2 years, 9 months ago )
File names TPVCGateway.exe
TPVCGateway
f01d45e547d9e1149d4fda7b6685f470.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications