× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 748ab597fb8a4feb570be89ca1928b37e035053f595221df39f4e15d80dcd584
File name: fd0c66579f90373afa310c939c7b7cf87e5cbe2d
Detection ratio: 29 / 56
Analysis date: 2016-04-29 00:56:14 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3183189 20160429
AhnLab-V3 Trojan/Win32.Zegost 20160428
ALYac Gen:Variant.Graftor.282308 20160429
Arcabit Trojan.Generic.D309255 20160429
Avast Win32:Malware-gen 20160429
AVG Generic37.BFHK 20160429
Avira (no cloud) TR/Crypt.ZPACK.nfel 20160429
AVware Trojan.Win32.Generic!BT 20160429
Baidu Win32.Trojan.WisdomEyes.151026.9950.9990 20160428
BitDefender Trojan.GenericKD.3183189 20160429
DrWeb Trojan.Encoder.4433 20160429
Emsisoft Trojan.GenericKD.3183189 (B) 20160429
ESET-NOD32 Win32/Filecoder.TorrentLocker.A 20160428
Fortinet W32/Cryptolocker.D584!tr 20160428
GData Trojan.GenericKD.3183189 20160428
Ikarus Trojan.Win32.Filecoder 20160428
K7GW Trojan ( 004e24c81 ) 20160428
Kaspersky Backdoor.Win32.Androm.jntz 20160428
Malwarebytes Ransom.TorrentLocker 20160428
McAfee Artemis!7019B716D4EC 20160428
McAfee-GW-Edition BehavesLike.Win32.Pate.hh 20160428
Microsoft Ransom:Win32/Teerac 20160428
eScan Trojan.GenericKD.3183189 20160428
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160429
Rising Malware.XPACK-HIE/Heur!1.9C48 20160428
Sophos AV Mal/Generic-S 20160428
Symantec Trojan.Cryptolocker.H 20160428
Tencent Win32.Trojan.Filecoder.Adan 20160429
VIPRE Trojan.Win32.Generic!BT 20160429
AegisLab 20160428
Alibaba 20160428
Antiy-AVL 20160429
Baidu-International 20160428
Bkav 20160428
CAT-QuickHeal 20160428
ClamAV 20160429
CMC 20160428
Comodo 20160429
Cyren 20160429
F-Prot 20160429
Jiangmin 20160428
K7AntiVirus 20160428
Kingsoft 20160429
NANO-Antivirus 20160428
nProtect 20160428
Panda 20160428
SUPERAntiSpyware 20160428
TheHacker 20160429
TotalDefense 20160426
TrendMicro 20160429
TrendMicro-HouseCall 20160429
VBA32 20160428
ViRobot 20160429
Yandex 20160428
Zillya 20160428
Zoner 20160428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Headlight Software, Inc. All rights reserved.

Product (Shared by Headlight Software Products)
Original name udminPrivSetting.exe
Internal name udminPrivSetting.exe
File version 1.0.6.5
Description Change Settings that need udmin Privileges
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-28 15:17:46
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
ImageList_Add
GetSaveFileNameW
GetCharABCWidthsW
SetMapMode
SetColorSpace
RemoveFontResourceTracking
GdiFlush
GetPaletteEntries
GdiIsMetaFileDC
AddFontResourceW
SetICMProfileW
GdiPlayScript
PaintRgn
GdiDeleteLocalDC
EngAlphaBlend
RestoreDC
GetStringBitmapW
SetMetaFileBitsEx
GetCharWidthI
EngLockSurface
FixBrushOrgEx
BitBlt
EngGetCurrentCodePage
CreateBitmapIndirect
GetEnhMetaFileDescriptionW
GetLogColorSpaceA
EnumObjects
GetPath
GetEnhMetaFileBits
EnumFontFamiliesExA
EngUnlockSurface
GdiEntry15
GdiEntry8
Pie
GetEnhMetaFileHeader
AddFontResourceExW
PolyTextOutW
Ellipse
GetTextCharset
TlsGetValue
GlobalMemoryStatus
GetDriveTypeW
GetWindowsDirectoryW
LocalAlloc
GetConsoleAliasExesLengthW
GlobalFlags
InterlockedDecrement
QueryDosDeviceW
DeleteTimerQueue
TlsSetValue
VirtualAlloc
GetModuleHandleW
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SHGetFolderLocation
ShellExecuteExA
SHEmptyRecycleBinW
SHGetFileInfo
DuplicateIcon
SHGetFolderPathA
SHQueryRecycleBinW
SHGetMalloc
ExtractAssociatedIconW
SHGetSettings
FindExecutableW
ShellExecuteExW
SHEmptyRecycleBinA
DragQueryFileA
WOWShellExecute
DragQueryFileAorW
SHFileOperation
StrRChrIA
StrChrW
PathCombineA
StrRChrIW
MapWindowPoints
EmptyClipboard
RegisterClipboardFormatA
RegisterWindowMessageW
SetWindowRgn
GetMenuInfo
UpdateWindow
GetScrollRange
GetScrollInfo
DrawTextW
LoadCursorW
GetScrollPos
GetCapture
GetKeyboardLayoutNameW
CreateCaret
SetSysColors
BroadcastSystemMessageW
GetShellWindow
ShowWindow
DrawFrameControl
SetPropW
DdeImpersonateClient
GetSystemMetrics
SetWindowLongW
MessageBoxW
LoadIconA
GetWindowRect
InflateRect
EndPaint
UnhookWindowsHookEx
SetWindowPlacement
MessageBoxA
GetThreadDesktop
DlgDirSelectComboBoxExW
ChangeMenuW
GetWindowDC
SetWindowPos
MessageBoxExW
ScrollDC
PostMessageW
SetWindowsHookW
GetDC
GetCursorPos
ReleaseDC
BeginPaint
GetIconInfo
SendMessageW
IsWindowVisible
WinHelpW
GetWindowPlacement
SetForegroundWindow
GetClientRect
RemovePropW
SystemParametersInfoW
IsIconic
FrameRect
InSendMessage
InvalidateRect
EnumPropsA
SetTimer
CallWindowProcW
GetClassNameW
LoadStringW
FillRect
KillTimer
DestroyAcceleratorTable
RegisterClipboardFormatW
GetGUIThreadInfo
ExcludeUpdateRgn
GetCursor
RedrawWindow
SetScrollInfo
GetWindowLongW
CloseClipboard
InvalidateRgn
CharNextW
GetKeyboardType
SetMenuItemBitmaps
OpenClipboard
DoDragDrop
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 14
RT_DIALOG 4
RT_ICON 4
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 58
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.6.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
182272

EntryPoint
0x1000

OriginalFileName
udminPrivSetting.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Headlight Software, Inc. All rights reserved.

FileVersion
1.0.6.5

TimeStamp
2016:04:28 16:17:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
udminPrivSetting.exe

ProductVersion
1.0.6.5

FileDescription
Change Settings that need udmin Privileges

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Headlight Software, Inc.

CodeSize
410112

ProductName
(Shared by Headlight Software Products)

ProductVersionNumber
1.0.6.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 7019b716d4ecbad5ef7d2cf157162810
SHA1 43fc9d0c8da881edfa213ade43dd7ccfd137f5cb
SHA256 748ab597fb8a4feb570be89ca1928b37e035053f595221df39f4e15d80dcd584
ssdeep
6144:TWudh44fHyOBSACA1Pl+BEiwRwRQAEkq0gLbFLT8YTBF:TndSUStdWiwSfEk6bFLHB

authentihash 4e233741bb7a9f3ceeec5369b8da348b521ca6a99e4485647c8c3b5c0a15ab06
imphash 3abe17152401b27fd4bc861c1de97076
File size 579.0 KB ( 592896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-27 17:15:25 UTC ( 2 years, 10 months ago )
Last submission 2018-01-31 15:13:52 UTC ( 1 year, 1 month ago )
File names informacion_12874.exe
udminPrivSetting.exe
Adres_Form_PTT.exe
fd0c66579f90373afa310c939c7b7cf87e5cbe2d
ONEGOVCP.EXE.184701.GZQUAR
informacion_12874.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications