× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c4c2c18bf7f703d00d69b9af7e3f2c40e280de996aca3547c28ad5af9e76a5a
File name: 0d2733fec8c37441c1e49b332e9e64e2b79feb0a
Detection ratio: 24 / 54
Analysis date: 2014-11-04 00:29:40 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1946689 20141104
Avast Win32:Malware-gen 20141104
Avira (no cloud) TR/Spy.ZBot.315392 20141104
AVware Trojan.Win32.Generic!BT 20141104
Baidu-International Trojan.Win32.Zbot.AVx 20141103
BitDefender Trojan.GenericKD.1946689 20141104
ByteHero Trojan.Malware.Obscu.Gen.006 20141104
Cyren W32/Trojan.JAOQ-6511 20141104
Emsisoft Trojan.GenericKD.1946689 (B) 20141104
ESET-NOD32 Win32/Spy.Zbot.ACB 20141104
F-Secure Trojan.GenericKD.1946689 20141104
Fortinet W32/Zbot.ACB!tr.spy 20141104
GData Trojan.GenericKD.1946689 20141104
Kaspersky Trojan-Spy.Win32.Zbot.umeh 20141104
Malwarebytes Trojan.Zbot 20141104
McAfee PWSZbot-FAFA!C9345E03F2A8 20141104
McAfee-GW-Edition PWSZbot-FAFA!C9345E03F2A8 20141104
NANO-Antivirus Trojan.Win32.ZBot.dhpsqt 20141104
nProtect Trojan.GenericKD.1946689 20141103
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20141104
Sophos AV Mal/Generic-S 20141104
TrendMicro TROJ_FORUCON.BMC 20141104
TrendMicro-HouseCall TROJ_FORUCON.BMC 20141104
VIPRE Trojan.Win32.Generic!BT 20141104
AegisLab 20141104
Yandex 20141103
AhnLab-V3 20141103
Antiy-AVL 20141104
AVG 20141104
Bkav 20141104
CAT-QuickHeal 20141104
ClamAV 20141104
CMC 20141104
Comodo 20141104
DrWeb 20141104
F-Prot 20141104
Ikarus 20141104
Jiangmin 20141103
K7AntiVirus 20141103
K7GW 20141104
Kingsoft 20141104
Microsoft 20141104
eScan 20141104
Norman 20141104
Rising 20141103
SUPERAntiSpyware 20141104
Symantec 20141104
Tencent 20141104
TheHacker 20141104
TotalDefense 20141103
VBA32 20141103
ViRobot 20141104
Zillya 20141103
Zoner 20141031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2011

Publisher EFD Software
Product HD Tune Pro
Original name HDTunePro.EXE
Internal name HD Tune Pro
File version 5, 0, 0, 0
Description HD Tune Pro
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-24 17:20:01
Entry Point 0x00002FD6
Number of sections 4
PE sections
PE imports
GetServiceKeyNameW
RegReplaceKeyA
GetServiceDisplayNameW
GetUserNameW
RegQueryValueA
GetSidIdentifierAuthority
RegQueryValueExA
RegQueryMultipleValuesW
IsTokenRestricted
GetUserNameA
GetServiceDisplayNameA
RegQueryValueW
GetServiceKeyNameA
RegOpenKeyExA
IsTokenUntrusted
RegQueryValueExW
RegQueryMultipleValuesA
PrintDlgA
GetFileTitleA
ReplaceTextA
FindTextA
GetFileTitleW
GetOpenFileNameW
PrintDlgExW
PrintDlgW
GetSaveFileNameW
PageSetupDlgA
GetOpenFileNameA
ChooseFontW
FindTextW
CommDlgExtendedError
PrintDlgExA
PageSetupDlgW
GetSaveFileNameA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
CreateJobObjectA
EnterCriticalSection
LCMapStringW
SetHandleCount
CreateNamedPipeW
GetModuleFileNameW
GetConsoleCP
CreateMailslotW
GetConsoleAliasW
QueryPerformanceCounter
CreateJobSet
HeapAlloc
TlsAlloc
GetConsoleAliasExesW
GetEnvironmentStringsW
CreateMailslotA
GetModuleFileNameA
CreateNamedPipeA
LoadLibraryA
GetStdHandle
CreatePipe
GetCurrentProcess
GetLocaleInfoA
RtlUnwind
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
GetConsoleAliasExesLengthW
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
Sleep
GetProcAddress
GetConsoleAliasesA
GetStringTypeA
GetStartupInfoW
ExitProcess
CreateMutexA
GetStringTypeW
GetTempPathA
GetCPInfo
TlsFree
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CreateMemoryResourceNotification
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetModuleHandleW
GetVersion
CreateJobObjectW
GetOEMCP
TerminateProcess
CreateProcessA
LCMapStringA
InterlockedDecrement
IsValidCodePage
OutputDebugStringW
TlsGetValue
VirtualFree
IsDebuggerPresent
CreateMutexW
GetFileType
TlsSetValue
GetTickCount
OutputDebugStringA
LeaveCriticalSection
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
GetForegroundWindow
LoadBitmapW
IsWindowVisible
GetMessagePos
GetDesktopWindow
IsWindowUnicode
GetCursor
GetWindowTextLengthW
GetMessageTime
LoadCursorA
Number of PE resources by type
RT_ICON 9
RT_RCDATA 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
281600

ImageVersion
0.0

ProductName
HD Tune Pro

FileVersionNumber
5.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
HD Tune Pro

CharacterSet
Unicode

LinkerVersion
9.0

OriginalFilename
HDTunePro.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5, 0, 0, 0

TimeStamp
2014:10:24 18:20:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
HD Tune Pro

FileAccessDate
2014:11:04 09:41:25+01:00

ProductVersion
5, 0, 0, 0

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:11:04 09:41:25+01:00

FileOS
Win32

LegalCopyright
Copyright (C) 2011

MachineType
Intel 386 or later, and compatibles

CompanyName
EFD Software

CodeSize
32256

FileSubtype
0

ProductVersionNumber
5.0.0.0

EntryPoint
0x2fd6

ObjectFileType
Executable application

File identification
MD5 c9345e03f2a8d835a4ed81a4451046fd
SHA1 0d2733fec8c37441c1e49b332e9e64e2b79feb0a
SHA256 6c4c2c18bf7f703d00d69b9af7e3f2c40e280de996aca3547c28ad5af9e76a5a
ssdeep
6144:BRYLYn6zBoruYiUCWkTvefjJzHBR5ERkVb2:BRYqeBoruNWWvefjJDBHmq2

authentihash 47c11054c7d94f639f939809d7ee120d406745ebf8325ae0150cecdede318f4c
imphash 6623abdc19350bc9b8fe1786d87f984d
File size 308.0 KB ( 315392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows Screen Saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-28 00:26:05 UTC ( 4 years, 4 months ago )
Last submission 2014-10-28 00:26:05 UTC ( 4 years, 4 months ago )
File names HDTunePro.EXE
0d2733fec8c37441c1e49b332e9e64e2b79feb0a
HD Tune Pro
6c4c2c18bf7f703d00d69b9af7e3f2c40e280de996aca3547c28ad5af9e76a5a.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.