× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a03426e12618fc4ca43331db716d2ab2870b743c63a7decfef2c1ca5a86b96b
File name: 40d23873681f4a5da1cf2dde97c58eb405e734b4
Detection ratio: 34 / 57
Analysis date: 2016-11-19 13:32:56 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.107389 20161119
AhnLab-V3 Backdoor/Win32.Vawtrak.C1672025 20161118
ALYac Gen:Variant.Razy.107389 20161119
Arcabit Trojan.Razy.D1A37D 20161119
Avast Win32:Trojan-gen 20161119
AVG SHeur4.CLQO 20161119
Avira (no cloud) TR/Crypt.Xpack.sqhpz 20161119
AVware Trojan.Win32.Generic!BT 20161119
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161118
BitDefender Gen:Variant.Razy.107389 20161119
Bkav HW32.Packed.E5B3 20161119
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.ZSAP-4272 20161119
DrWeb Trojan.PWS.Papras.2166 20161119
Emsisoft Gen:Variant.Razy.107389 (B) 20161119
ESET-NOD32 a variant of Win32/Kryptik.FJXC 20161119
F-Secure Gen:Variant.Razy.107389 20161119
GData Gen:Variant.Razy.107389 20161119
Ikarus Trojan.Win32.Crypt 20161119
Sophos ML backdoor.win32.vawtrak.o 20161018
K7AntiVirus Trojan ( 004fdf251 ) 20161119
K7GW Trojan ( 004fdf251 ) 20161119
Kaspersky Backdoor.Win32.Vawtrak.gd 20161119
McAfee Vawtrak-FCY!D68905BA80C4 20161119
McAfee-GW-Edition BehavesLike.Win32.Ramnit.ch 20161119
Microsoft Backdoor:Win32/Vawtrak.E 20161119
eScan Gen:Variant.Razy.107389 20161119
Panda Trj/GdSda.A 20161119
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161119
Rising Malware.Generic!ExLkWob02sO@2 (thunder) 20161119
Sophos AV Mal/Generic-S 20161119
TrendMicro-HouseCall TROJ_GEN.R021H0CKI16 20161119
VIPRE Trojan.Win32.Generic!BT 20161119
Yandex Backdoor.Vawtrak! 20161118
AegisLab 20161119
Alibaba 20161118
Antiy-AVL 20161119
CAT-QuickHeal 20161118
ClamAV 20161119
CMC 20161119
Comodo 20161119
F-Prot 20161119
Fortinet 20161119
Jiangmin 20161119
Kingsoft 20161119
Malwarebytes 20161119
NANO-Antivirus 20161119
nProtect 20161119
SUPERAntiSpyware 20161119
Symantec 20161119
Tencent 20161119
TheHacker 20161117
TotalDefense 20161119
TrendMicro 20161119
VBA32 20161118
ViRobot 20161119
Zillya 20161118
Zoner 20161119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 1998-2016 F-Secure Corporation. All rights reserved.

Product F-Secure Management Agent
Original name FSMA32.EXE
Internal name VCH
File version 8.30.43245
Description F-Secure Management Agent
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-11 06:51:46
Entry Point 0x00004A91
Number of sections 9
PE sections
PE imports
GetSidIdentifierAuthority
GetSidLengthRequired
InitiateSystemShutdownW
AllocateLocallyUniqueId
GetStockObject
CreateToolhelp32Snapshot
GetLastError
IsProcessorFeaturePresent
TerminateThread
GlobalFree
ExitProcess
GetCommMask
VirtualProtect
CopyFileW
FoldStringA
GetCurrentProcess
GetDateFormatA
CompareFileTime
SetTimeZoneInformation
CopyFileExA
GetCalendarInfoW
GetCommandLineW
GetCommandLineA
lstrcatW
Process32FirstW
GetCurrentThread
CreateDirectoryExA
GetCommModemStatus
GetConsoleFontInfo
lstrcmpA
SetComputerNameW
GlobalFlags
WriteFile
DeleteAtom
CloseHandle
GetSystemTimeAsFileTime
CreateWaitableTimerA
SetThreadIdealProcessor
LocalFree
AddLocalAlternateComputerNameW
ConvertThreadToFiber
GetNumberFormatA
CreateFileW
GlobalAlloc
GetDiskFreeSpaceExW
Sleep
FormatMessageA
EnumDateFormatsA
GetFileAttributesExA
DeleteTimerQueueEx
GetCurrentThreadId
GetNumberFormatW
CreateHardLinkW
GetForegroundWindow
LoadMenuA
CharUpperW
GetClassInfoExA
GetWindowContextHelpId
GetCaretPos
UnionRect
GetWindowRect
RegisterClassExW
LoadCursorW
GetWindowDC
GetWindow
GetClipboardSequenceNumber
RegisterClassExA
GetClientRect
IsCharAlphaNumericW
IsCharLowerW
FindWindowW
GetThreadDesktop
GetKeyNameTextW
AnimateWindow
LoadIconA
GetActiveWindow
GetDesktopWindow
IsRectEmpty
IsMenu
FindWindowExW
CharNextW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
20480

FileDescription
F-Secure Management Agent

InitializedDataSize
176128

ImageVersion
0.0

ProductName
F-Secure Management Agent

FileVersionNumber
8.30.43245.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
FSMA32.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.30.43245

TimeStamp
2014:04:11 07:51:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VCH

SubsystemVersion
4.0

ProductVersion
8.30 Build 43245

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows 32-bit

LegalCopyright
1998-2016 F-Secure Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
F-Secure Corporation

LegalTrademarks
Windows (TM) is a trademark of Microsoft Corporation

FileSubtype
0

ProductVersionNumber
8.30.43245.0

EntryPoint
0x4a91

ObjectFileType
Executable application

File identification
MD5 d68905ba80c46ae0b1b9a868c23a6ac6
SHA1 40d23873681f4a5da1cf2dde97c58eb405e734b4
SHA256 7a03426e12618fc4ca43331db716d2ab2870b743c63a7decfef2c1ca5a86b96b
ssdeep
3072:321MDpy9CLlvbRbkeB4K4qYgZyJd3ZAlpYXp1:m1MNuMlzTZ4x1ZAlpC

authentihash 522041f8d8aeb830b5caa7a854e8d2731172a5a5ef2ae9eda6b303b77b601925
imphash f4554fb5902f8a751849bbaf8c34ce56
File size 168.0 KB ( 172032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-19 13:32:56 UTC ( 2 years, 5 months ago )
Last submission 2016-11-19 13:32:56 UTC ( 2 years, 5 months ago )
File names VCH
FSMA32.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications