× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 738fc37048c60831c1597d5a8e52d70cb306eb26087fcae20669c73075fc37f1
File name: Ravial.exe
Detection ratio: 19 / 56
Analysis date: 2015-07-14 07:59:02 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2562588 20150714
Arcabit Trojan.Generic.D271A1C 20150714
Avast Win32:Malware-gen 20150714
AVG Zbot.AFAS 20150714
Avira (no cloud) TR/Spy.ZBot.352256.2 20150714
Baidu-International Trojan.Win32.Zbot.ACB 20150714
BitDefender Trojan.GenericKD.2562588 20150714
DrWeb Trojan.PWS.Panda.8087 20150714
Emsisoft Trojan.GenericKD.2562588 (B) 20150714
ESET-NOD32 Win32/Spy.Zbot.ACB 20150714
F-Secure Trojan.GenericKD.2562588 20150714
Fortinet W32/Zbot.ACB!tr.spy 20150714
GData Trojan.GenericKD.2562588 20150714
Kaspersky Trojan-Spy.Win32.Zbot.vseb 20150714
eScan Trojan.GenericKD.2562588 20150714
Panda Trj/Chgt.O 20150713
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150713
TrendMicro TROJ_FORUCON.BMC 20150714
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150714
AegisLab 20150714
Yandex 20150713
AhnLab-V3 20150714
Alibaba 20150714
ALYac 20150714
Antiy-AVL 20150714
AVware 20150714
Bkav 20150713
ByteHero 20150714
CAT-QuickHeal 20150714
ClamAV 20150714
Comodo 20150714
Cyren 20150714
F-Prot 20150714
Ikarus 20150714
Jiangmin 20150713
K7AntiVirus 20150714
K7GW 20150714
Kingsoft 20150714
Malwarebytes 20150714
McAfee 20150714
McAfee-GW-Edition 20150714
Microsoft 20150714
NANO-Antivirus 20150714
nProtect 20150713
Qihoo-360 20150714
Sophos AV 20150714
SUPERAntiSpyware 20150714
Symantec 20150714
Tencent 20150714
TheHacker 20150713
TotalDefense 20150713
VBA32 20150713
VIPRE 20150714
ViRobot 20150714
Zillya 20150714
Zoner 20150714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2002-2012 Inflection

Product PitchWrite
Original name motionprovide.exe
Internal name PitchWrite
File version 3.2.9136.1367
Description PitchWrite
Comments Heavy glass century bought PitchWrite
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-11 11:56:57
Entry Point 0x00028AB5
Number of sections 4
PE sections
PE imports
SetMapMode
PatBlt
SaveDC
TextOutA
LineTo
GetClipBox
GetDeviceCaps
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SetPixel
DeleteObject
SetTextColor
MoveToEx
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
StretchBlt
ScaleViewportExtEx
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
Escape
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
RaiseException
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetVersion
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GlobalDeleteAtom
OpenProcess
GetWindowsDirectoryA
GlobalLock
SetSystemTimeAdjustment
GetProcessHeap
GlobalReAlloc
lstrcmpA
FindFirstFileA
CompareStringA
FindNextFileA
lstrcmpW
GetProcAddress
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
SizeofResource
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
GetMessagePos
UnregisterHotKey
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
GrayStringA
GetMessageTime
GetDC
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
GetTopWindow
LockWindowUpdate
GetMenuItemInfoA
GetWindowTextA
PtInRect
GetMessageA
GetParent
SetPropA
EnumWindows
GetClassInfoExA
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateMenu
CopyRect
GetSysColorBrush
DestroyWindow
MapWindowPoints
OffsetRect
KillTimer
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
CreateWindowExA
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetMenuItemID
SetForegroundWindow
ReleaseDC
EndDialog
GetCapture
DrawTextExA
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
UnhookWindowsHookEx
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
WinHelpA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
ScriptStringGetOrder
ScriptShape
ScriptStringOut
ScriptString_pSize
ScriptStringCPtoX
ScriptCacheGetHeight
ScriptGetProperties
ScriptGetCMap
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptFreeCache
ScriptItemize
ScriptGetGlyphABCWidth
ScriptGetFontProperties
ScriptCPtoX
ScriptGetLogicalWidths
ScriptString_pcOutChars
ScriptString_pLogAttr
ScriptStringFree
ScriptXtoCP
ScriptStringValidate
ScriptStringAnalyse
ScriptStringXtoCP
ScriptBreak
ScriptIsComplex
ScriptTextOut
ScriptRecordDigitSubstitution
ScriptStringGetLogicalWidths
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Heavy glass century bought PitchWrite

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.9136.1367

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
PitchWrite

CharacterSet
Unicode

InitializedDataSize
5398528

EntryPoint
0x28ab5

OriginalFileName
motionprovide.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2002-2012 Inflection

FileVersion
3.2.9136.1367

TimeStamp
2015:07:11 12:56:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PitchWrite

ProductVersion
3.2.9136.1367

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Inflection

CodeSize
229376

ProductName
PitchWrite

ProductVersionNumber
3.2.9136.1367

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2a4ba5e500a5a63f69ff444ecfe15548
SHA1 ed5306e158cbc9ce8437d7e48f63d3501c99b863
SHA256 738fc37048c60831c1597d5a8e52d70cb306eb26087fcae20669c73075fc37f1
ssdeep
6144:s4Zb4Xb5rNgT9+6phLqr2AChWnaGZ2zVoDnHsAoBAgL8k:EIT9vp9qr2bo2zVAHsFL

authentihash 0d095898902113b22fb8f71fe8ae0d48c141bcf79859260acc13a44014f78cca
imphash bdb8458f7fee42ec6816670ef9a2b8b1
File size 344.0 KB ( 352256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-13 18:20:14 UTC ( 3 years, 8 months ago )
Last submission 2018-02-24 10:44:27 UTC ( 1 year ago )
File names PitchWrite
motionprovide.exe
Ravial.exe
3989.TMP
738FC37048C60831C1597D5A8E52D70CB306EB26087FCAE20669C73075FC37F1.dat
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs