× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79c87da18b330a32314a484e20ce42f1b38bf61333cdb0dff73749af1398b874
File name: 0092e5ccdb9c786c86bfff38968b9d8a.virus
Detection ratio: 26 / 57
Analysis date: 2016-11-24 17:30:03 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Avast Win32:Malware-gen 20161124
AVG SHeur4.CLTA 20161124
Avira (no cloud) TR/AD.Vawtrak.xftop 20161124
AVware Trojan.Win32.Generic!BT 20161124
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161124
Bkav HW32.Packed.7823 20161124
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.PWS.Papras.2166 20161124
ESET-NOD32 a variant of Win32/Kryptik.FKDC 20161124
Fortinet W32/Vawtrak.FKDC!tr.bdr 20161124
GData Win32.Trojan.Agent.OZ0AT0 20161124
Ikarus Trojan.Win32.Crypt 20161124
Sophos ML ransom.win32.nymaim.f 20161018
K7AntiVirus Trojan ( 004fe7661 ) 20161124
K7GW Trojan ( 004fe7661 ) 20161124
Kaspersky Backdoor.Win32.Vawtrak.gt 20161124
McAfee Artemis!0092E5CCDB9C 20161124
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20161124
Microsoft Backdoor:Win32/Vawtrak.E 20161124
NANO-Antivirus Trojan.Win32.Vawtrak.eiqhoh 20161124
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161124
Rising Backdoor.Vawtrak!8.11D-psfkitSBBNK (cloud) 20161124
Sophos AV Mal/Generic-S 20161124
Symantec Heur.AdvML.B 20161124
TrendMicro-HouseCall TROJ_GEN.R00JH0CKN16 20161124
VIPRE Trojan.Win32.Generic!BT 20161124
Ad-Aware 20161124
AegisLab 20161124
AhnLab-V3 20161124
Alibaba 20161124
ALYac 20161124
Antiy-AVL 20161124
Arcabit 20161124
BitDefender 20161124
CAT-QuickHeal 20161124
ClamAV 20161124
CMC 20161124
Comodo 20161124
Cyren 20161124
Emsisoft 20161124
F-Prot 20161124
F-Secure 20161124
Jiangmin 20161124
Kingsoft 20161124
Malwarebytes 20161124
eScan 20161124
nProtect 20161124
Panda 20161124
SUPERAntiSpyware 20161124
Tencent 20161124
TheHacker 20161124
TotalDefense 20161124
TrendMicro 20161124
Trustlook 20161124
VBA32 20161124
ViRobot 20161124
WhiteArmor 20161018
Yandex 20161124
Zillya 20161124
Zoner 20161124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2000-2010 FRISK Software International

Product F-PROT Antivirus for Windows
Original name fptrayproc
File version 1.3.8.21
Description Handling of upfates (F-PROT Antivirus)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-09 02:22:14
Entry Point 0x0000553D
Number of sections 7
PE sections
PE imports
GetSystemTime
GetLastError
GetSystemInfo
GetThreadPriorityBoost
DeactivateActCtx
GetVersionExW
FreeLibrary
LocalAlloc
DeleteTimerQueueEx
DisableThreadLibraryCalls
VirtualProtect
LoadLibraryA
GetCurrentProcess
GetDateFormatA
AddConsoleAliasA
SetThreadPriority
TerminateThread
AddAtomA
CopyFileExA
BuildCommDCBAndTimeoutsW
CreateDirectoryW
GetCompressedFileSizeA
GetProcAddress
AddAtomW
GetCurrentThread
GetTempFileNameW
GetTimeFormatW
RaiseException
GetModuleHandleA
InterlockedExchange
BackupWrite
lstrcpyA
CancelWaitableTimer
CompareStringA
DeleteFileW
GetPriorityClass
MoveFileExA
SetThreadExecutionState
IsBadStringPtrW
LocalFree
GetLogicalDriveStringsA
GetNumberFormatW
GetCurrentThreadId
SleepEx
GetTimeFormatA
GetForegroundWindow
IntersectRect
GetKeyboardLayoutNameW
CharPrevW
GetDoubleClickTime
GetClipboardViewer
IsWindow
GetWindowRect
GetDialogBaseUnits
GetClipboardFormatNameW
IsCharAlphaA
IsWindowEnabled
GetWindow
CreatePopupMenu
GetMenu
GetKeyboardLayoutList
GetThreadDesktop
GetKeyboardLayout
GetActiveWindow
GetWindowTextW
IsWindowUnicode
IsCharUpperW
GetWindowTextLengthW
GetMenuItemCount
Number of PE resources by type
RT_ICON 9
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
200704

ImageVersion
0.0

ProductName
F-PROT Antivirus for Windows

FileVersionNumber
1.3.8.21

Website
http://www.f-prot.com

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Handling of upfates (F-PROT Antivirus)

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
fptrayproc

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.3.8.21

TimeStamp
2014:10:09 03:22:14+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT

LegalCopyright
Copyright 2000-2010 FRISK Software International

MachineType
Intel 386 or later, and compatibles

CompanyName
FRISK Software International

CodeSize
24576

FileSubtype
0

ProductVersionNumber
6.0.9.0

EntryPoint
0x553d

ObjectFileType
Executable application

File identification
MD5 0092e5ccdb9c786c86bfff38968b9d8a
SHA1 77368d178c39f134226550b36e1420216303b4d3
SHA256 79c87da18b330a32314a484e20ce42f1b38bf61333cdb0dff73749af1398b874
ssdeep
3072:zGZbuXMmn/MvnI8ESET1RKJV8mlNnEOOOjCt5p/y0wS/:z71n/MvlwT10NPCtT/y0X

authentihash ed981641c6a9f2af087a08eb024a7cd05f2d1d73a47bdd5ecf971b89dd1bf27c
imphash 247621301ee9313f3fef83e8ed0ce385
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-24 17:30:03 UTC ( 2 years, 3 months ago )
Last submission 2016-11-24 17:30:03 UTC ( 2 years, 3 months ago )
File names fptrayproc
0092e5ccdb9c786c86bfff38968b9d8a.virus
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications