× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 767d9d0033cafe63b0b80ce6a7418bdcc044df41ac8a12a95fb55ebe7b93bc1a
File name: b017abbffb0374e49dc561119c4e9859.virus
Detection ratio: 33 / 54
Analysis date: 2016-07-05 20:31:13 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Androm.Gen.1 20160705
AhnLab-V3 Malware/Win32.Generic.N2034927909 20160705
ALYac Trojan.Androm.Gen.1 20160705
Antiy-AVL Trojan/Win32.Yakes 20160705
Arcabit Trojan.Androm.Gen.1 20160705
Avast Win32:Trojan-gen 20160705
AVG Generic_r.KLL 20160705
Avira (no cloud) TR/Crypt.Xpack.iyrk 20160705
AVware Trojan.Win32.Generic!BT 20160705
Baidu Win32.Trojan.WisdomEyes.151026.9950.9988 20160705
BitDefender Trojan.Androm.Gen.1 20160705
Cyren W32/Trojan.DMSO-6524 20160705
Emsisoft Trojan.Androm.Gen.1 (B) 20160704
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160705
F-Secure Trojan.Androm.Gen.1 20160705
GData Trojan.Androm.Gen.1 20160705
Ikarus Trojan-Downloader.Win32.Agent 20160705
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160705
K7GW Trojan-Downloader ( 004e141d1 ) 20160705
Kaspersky Trojan.Win32.Yakes.pxjy 20160705
McAfee GenericR-HYU!B017ABBFFB03 20160705
McAfee-GW-Edition BehavesLike.Win32.PackedAP.dh 20160705
Microsoft TrojanDownloader:Win32/Talalpek.A 20160705
eScan Trojan.Androm.Gen.1 20160705
NANO-Antivirus Trojan.Win32.Xpack.eedmkj 20160705
nProtect Trojan.Androm.Gen.1 20160705
Panda Trj/GdSda.A 20160705
Qihoo-360 QVM20.1.Malware.Gen 20160705
Sophos AV Mal/Generic-S 20160705
Symantec Packed.Generic.459 20160705
Tencent Win32.Trojan.Yakes.Paux 20160705
TrendMicro TROJ_GEN.R00XC0DG216 20160705
VIPRE Trojan.Win32.Generic!BT 20160705
AegisLab 20160705
Alibaba 20160705
Bkav 20160705
CAT-QuickHeal 20160705
ClamAV 20160705
CMC 20160704
Comodo 20160705
DrWeb 20160705
F-Prot 20160705
Fortinet 20160705
Jiangmin 20160705
Kingsoft 20160705
Malwarebytes 20160705
SUPERAntiSpyware 20160705
TheHacker 20160705
TotalDefense 20160705
TrendMicro-HouseCall 20160705
VBA32 20160705
ViRobot 20160705
Zillya 20160705
Zoner 20160705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name TabTip.exe
Internal name TabTip.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Tablet PC Input Panel Accessory
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-27 17:10:41
Entry Point 0x00001DB0
Number of sections 4
PE sections
PE imports
RegOpenKeyW
RegQueryValueExW
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
ImageList_SetIconSize
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
SetMetaRgn
AddFontResourceA
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
CreateHalftonePalette
GdiFlush
GetTextCharset
GetROP2
DeleteEnhMetaFile
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GdiGetBatchLimit
RestoreDC
SetBkMode
StretchBlt
CreateFontW
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
BitBlt
SetTextColor
GetTextExtentPointW
CreatePatternBrush
ExtTextOutW
FillPath
CreateBitmap
MoveToEx
DeleteColorSpace
GetStockObject
EnumFontFamiliesExW
AbortPath
SetTextAlign
SetBrushOrgEx
CreateCompatibleDC
StartDocW
CloseEnhMetaFile
CreateHatchBrush
SetROP2
EndPage
BeginPath
SelectObject
CloseFigure
AbortDoc
CloseMetaFile
CancelDC
SetWindowOrgEx
DPtoLP
SetBkColor
OffsetWindowOrgEx
GetTextExtentPoint32W
CreateCompatibleBitmap
DeleteMetaFile
EndPath
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetProcAddress
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetTimeZoneInformation
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
SetLastError
PeekNamedPipe
TlsGetValue
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
SetFileAttributesW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
VirtualAllocEx
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
FindResourceW
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
GetTempPathW
Sleep
GetClipboardViewer
CreateMenu
GetDoubleClickTime
LoadIconA
CountClipboardFormats
EndMenu
GetCapture
GetDialogBaseUnits
LoadIconW
GetClipboardOwner
GetClipboardSequenceNumber
GetCursor
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
FileDescription
Tablet PC Input Panel Accessory

OleSelfRegister
D

InitializedDataSize
189440

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
TabTip.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2016:06:27 18:10:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TabTip.exe

SubsystemVersion
5.0

ProductVersion
6.1.7600.16385

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
113664

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x1db0

ObjectFileType
Executable application

File identification
MD5 b017abbffb0374e49dc561119c4e9859
SHA1 c48971038516cdde2b4ee663ade3152d5361c42f
SHA256 767d9d0033cafe63b0b80ce6a7418bdcc044df41ac8a12a95fb55ebe7b93bc1a
ssdeep
6144:XTdX8eSTVFTzi/ix1KBM0o+swVPVlZmvJ12P:jdXrSTVFTOBMeJ7ZIJo

authentihash a436cc2b5e494b0dc83e9eb310b6d04b0a23e58f35bef3e390e2f38f4b8ecd93
imphash 37ee877dd28c03a0faba472d7726a8d4
File size 297.0 KB ( 304128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-05 20:31:13 UTC ( 2 years, 8 months ago )
Last submission 2016-07-05 20:31:13 UTC ( 2 years, 8 months ago )
File names TabTip.exe
b017abbffb0374e49dc561119c4e9859.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications