× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 71831ac12c1c1fd8ab20dd41d011da56a5e2731a6b337ca7e620654996e36bd3
File name: yvupitat.exe
Detection ratio: 31 / 54
Analysis date: 2016-08-24 09:00:59 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3485725 20160824
AegisLab Uds.Dangerousobject.Multi!c 20160824
AhnLab-V3 Backdoor/Win32.Androm.N2087192298 20160824
ALYac Trojan.GenericKD.3485725 20160824
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160824
Arcabit Trojan.Generic.D35301D 20160824
AVG Ransom_s.DO 20160824
AVware Trojan.Win32.Generic.pak!cobra 20160824
Baidu Win32.Trojan.Kryptik.anp 20160824
BitDefender Trojan.GenericKD.3485725 20160824
Bkav HW32.Packed.7888 20160823
Cyren W32/Cerber.F.gen!Eldorado 20160824
DrWeb Trojan.PWS.Siggen1.56053 20160824
Emsisoft Trojan.GenericKD.3485725 (B) 20160824
ESET-NOD32 a variant of Win32/Kryptik.FEYW 20160824
F-Prot W32/Cerber.F.gen!Eldorado 20160824
F-Secure Trojan.GenericKD.3485725 20160824
Fortinet W32/Kryptik.FENR!tr 20160824
GData Trojan.GenericKD.3485725 20160824
K7GW Trojan ( 004f6bfe1 ) 20160824
Kaspersky Backdoor.Win32.Androm.kmhr 20160823
Malwarebytes Ransom.Crypt0L0cker 20160824
McAfee GenericR-IIG!E4DAF8D8CC96 20160824
McAfee-GW-Edition BehavesLike.Win32.Dropper.gc 20160824
Microsoft Ransom:Win32/Ranscrape 20160824
eScan Trojan.GenericKD.3485725 20160824
Panda Trj/GdSda.A 20160823
Rising Malware.XPACK-HIE/Heur!1.9C48-6FEB5DlZv0C (Cloud) 20160824
Sophos AV Mal/Generic-S 20160824
Symantec Trojan.Cryptolocker.H 20160824
VIPRE Trojan.Win32.Generic.pak!cobra 20160824
Alibaba 20160824
CAT-QuickHeal 20160824
ClamAV 20160824
CMC 20160824
Comodo 20160823
Ikarus 20160823
Jiangmin 20160824
K7AntiVirus 20160824
Kingsoft 20160824
NANO-Antivirus 20160824
nProtect 20160824
Qihoo-360 20160824
SUPERAntiSpyware 20160823
Tencent 20160824
TheHacker 20160824
TotalDefense 20160824
TrendMicro 20160824
TrendMicro-HouseCall 20160824
VBA32 20160823
ViRobot 20160824
Yandex 20160823
Zillya 20160820
Zoner 20160824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Total Commander udministrator Tool
Comments Tool used internally by Total Commander, do not start directly!
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-23 21:13:15
Entry Point 0x000578E0
Number of sections 4
PE sections
PE imports
GetTokenInformation
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
GetUserNameW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
ImageList_GetImageCount
ImageList_BeginDrag
ImageList_Draw
ImageList_GetIconSize
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_GetIcon
InitCommonControlsEx
ImageList_DragEnter
ImageList_EndDrag
GetSaveFileNameW
GetOpenFileNameW
GetTextMetricsW
SetMapMode
GetWindowOrgEx
CreateMetaFileA
GetPaletteEntries
CombineRgn
GetViewportOrgEx
GetObjectType
CreateMetaFileW
GetBoundsRect
SetLayout
SetPixel
EndDoc
SetPixelV
IntersectClipRect
GetTextExtentPointW
CreateEllipticRgn
GetTextFaceW
CreatePalette
CreateDIBitmap
SetTextAlign
StretchBlt
ScaleViewportExtEx
SetWindowExtEx
SetViewportExtEx
SetBkColor
GetBkColor
SetRectRgn
GetTextCharsetInfo
DeleteEnhMetaFile
TextOutW
GetSystemPaletteEntries
OffsetRgn
CreateRectRgnIndirect
LPtoDP
GetBitmapBits
GetLayout
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
EnumFontFamiliesW
PtInRegion
BitBlt
FillRgn
FrameRgn
ScaleWindowExtEx
PtVisible
ExtSelectClipRgn
SelectPalette
SetROP2
GetNearestPaletteIndex
SetDIBColorTable
GetTextColor
Escape
DeleteObject
GetWindowExtEx
SetBitmapBits
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GetMapMode
CreateFontIndirectW
GetObjectW
CreateDCW
CreateBitmapIndirect
RealizePalette
CreateHatchBrush
CreatePatternBrush
ExtTextOutW
SetPaletteEntries
CreateBitmap
RectVisible
GetStockObject
SelectClipRgn
RoundRect
SetWindowOrgEx
GetViewportExtEx
OffsetWindowOrgEx
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
GetRgnBox
SaveDC
RestoreDC
GetPixel
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
SetPolyFillMode
CopyMetaFileW
Ellipse
CreateSolidBrush
Polyline
DPtoLP
AbortDoc
CreateCompatibleBitmap
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
GetLastError
IsDBCSLeadByte
LoadLibraryA
TerminateThread
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetPrivateProfileIntA
SetEvent
HeapAlloc
CreateDirectoryA
GetVersionExA
GlobalUnlock
GetFileAttributesW
RemoveDirectoryA
GetShortPathNameA
CreateEventA
FreeLibrary
GetStartupInfoA
GetVolumeInformationA
LoadLibraryExA
SizeofResource
GetCurrentDirectoryA
GetPrivateProfileStringA
LocalAlloc
lstrcatA
LockResource
SetFileTime
DeleteFileA
GetWindowsDirectoryA
ExitProcess
_llseek
GetCommandLineA
GlobalLock
GetSystemInfo
GetProcessHeap
GetTempPathA
CreateMutexA
GetModuleHandleA
_lclose
DosDateTimeToFileTime
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
ReadFile
CreateFileA
WriteFile
_lopen
FindFirstFileA
ResetEvent
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetProcAddress
FreeResource
SetFileAttributesA
GetExitCodeProcess
LocalFree
CreateProcessA
GetModuleFileNameA
GetCurrentProcess
LoadResource
lstrcpyA
GlobalAlloc
LocalFileTimeToFileTime
FindClose
FormatMessageA
GetDriveTypeA
GetTickCount
FindResourceA
VirtualAlloc
SetCurrentDirectoryA
CloseHandle
ShellExecuteA
SHGetSpecialFolderPathA
UrlUnescapeW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathFindExtensionW
StrFormatKBSizeW
PathStripToRootW
RedrawWindow
GetMessagePos
SetWindowRgn
UnregisterHotKey
SetMenuItemBitmaps
DrawTextW
SetRectEmpty
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
GetNextDlgTabItem
IsWindow
GrayStringW
EndPaint
WindowFromPoint
CopyRect
DrawIcon
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
IsDialogMessageW
CharUpperW
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DefWindowProcW
SetMenuDefaultItem
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
GetKeyboardState
ClientToScreen
GetTopWindow
RegisterHotKey
GetWindowTextW
SetDlgItemTextW
DialogBoxIndirectParamW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
InvalidateRgn
CopyImage
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
EqualRect
SetClassLongW
EnumWindows
GetMenuState
MapVirtualKeyExW
GetMessageW
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
SetPropW
ValidateRect
DefMDIChildProcW
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
MapVirtualKeyW
LockWindowUpdate
GetClassInfoW
LoadIconW
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
GetDlgItemInt
RegisterClassW
GetIconInfo
SetParent
SetClipboardData
FindWindowExW
IsZoomed
GetWindowPlacement
DestroyWindow
DrawMenuBar
IsCharLowerW
IsIconic
InvertRect
TrackPopupMenuEx
GetSubMenu
SetTimer
UnhookWinEvent
GetActiveWindow
ShowOwnedPopups
EnableWindow
EnumThreadWindows
MonitorFromPoint
SetWindowContextHelpId
GetSysColorBrush
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
GetMenuStringW
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
OpenInputDesktop
CreateAcceleratorTableW
EmptyClipboard
BeginPaint
OffsetRect
SetFocus
GetScrollPos
CopyIcon
KillTimer
TrackMouseEvent
GetComboBoxInfo
GetClipboardData
GetClassInfoExW
ToUnicodeEx
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetScrollRange
RemovePropW
SendDlgItemMessageW
PostMessageW
GetKeyNameTextW
EndDialog
DrawTextExW
WaitMessage
CreatePopupMenu
CheckDlgButton
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
CharUpperBuffW
SetWindowTextW
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
IsDlgButtonChecked
DestroyAcceleratorTable
BeginDeferWindowPos
SetDlgItemInt
SetWindowsHookExW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetDC
InsertMenuW
SetForegroundWindow
NotifyWinEvent
OpenClipboard
GetAsyncKeyState
CreateDialogIndirectParamW
MapDialogRect
IntersectRect
SetLayeredWindowAttributes
GetScrollInfo
HideCaret
GetKeyboardLayout
SendInput
GetCapture
SetWinEventHook
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
CheckMenuItem
MessageBoxW
GetMenu
DestroyIcon
RegisterClassExW
SetMenu
MoveWindow
AppendMenuW
GetWindowDC
AdjustWindowRectEx
GetSysColor
DispatchMessageW
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
EnableMenuItem
EnumDisplayMonitors
DefFrameProcW
IsWindowVisible
WinHelpW
LoadBitmapW
GetDesktopWindow
SubtractRect
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
GetLastInputInfo
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
ModifyMenuW
CloseDesktop
IsRectEmpty
IsMenu
GetFocus
wsprintfW
CloseClipboard
GetDlgItemTextW
SetCursor
UnhookWindowsHookEx
TranslateAcceleratorW
OleLockRunning
CoUninitialize
OleTranslateAccelerator
OleUninitialize
OleDestroyMenuDescriptor
DoDragDrop
StgOpenStorageOnILockBytes
StringFromGUID2
CreateStreamOnHGlobal
OleFlushClipboard
ReleaseStgMedium
CoCreateGuid
RegisterDragDrop
CLSIDFromProgID
RevokeDragDrop
CoRegisterMessageFilter
OleGetClipboard
OleDuplicateData
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
CoInitialize
OleInitialize
CoLockObjectExternal
CoTaskMemRealloc
CoCreateInstance
OleRun
CoInitializeEx
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleCreateMenuDescriptor
CoRevokeClassObject
CoFreeUnusedLibraries
IsAccelerator
CoDisconnectObject
OleIsCurrentClipboard
CoTaskMemFree
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN SWISS 6
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Tool used internally by Total Commander, do not start directly!

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
ASCII

InitializedDataSize
110080

EntryPoint
0x578e0

MIMEType
application/octet-stream

TimeStamp
2016:08:23 22:13:15+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Total Commander udministrator Tool

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ghisler Software GmbH

CodeSize
355840

FileSubtype
0

ProductVersionNumber
1.0.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e4daf8d8cc96e7b5f70e9e090b70bff3
SHA1 caab7704c75393a0372139add5c6a63966a2dbe2
SHA256 71831ac12c1c1fd8ab20dd41d011da56a5e2731a6b337ca7e620654996e36bd3
ssdeep
12288:SyzsKH5Gp25+hynnuBb/d2nK595w5l595r595Z5r5b595D595r595n595n5R595j:/gcGhcGb/dyN

authentihash 75edc4a5bd2877ca5db7a2158707a0659bf3dd21009f1d3d789155d602b55355
imphash eea4f557837bdda53eba267b0cb4081a
File size 456.0 KB ( 466944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-22 21:41:17 UTC ( 2 years, 5 months ago )
Last submission 2016-08-24 00:04:12 UTC ( 2 years, 5 months ago )
File names yvupitat.exe
file.exe
ogzdywat.exe
a8b01b9c97be7c4d0cc5533307be218746f1047b
e4daf8d8cc96e7b5f70e9e090b70bff3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications