× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8521fe3960aa08b30fa5f8c04336087e89755ab7bec6cd143edc94cb20ca132d
File name: protectwindowsmanager.exe
Detection ratio: 46 / 57
Analysis date: 2015-09-26 22:46:18 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Ad-Aware Win32.Sality.3 20150926
Yandex Win32.Sality.AP.Gen 20150926
AhnLab-V3 Win32/Kashu.E 20150926
ALYac Win32.Sality.3 20150926
Antiy-AVL Virus/Win32.Sality.gen 20150926
Arcabit Win32.Sality.3 20150926
Avast Win32:Kukacka 20150926
AVG Win32/Sality 20150926
Avira (no cloud) W32/Sality.AG 20150926
AVware Virus.Win32.Sality.at (v) 20150926
Baidu-International Virus.Win32.Sality.$Emu 20150926
BitDefender Win32.Sality.3 20150926
Bkav W32.Sality.PE 20150925
CAT-QuickHeal W32.Sality.U 20150926
Comodo Virus.Win32.Sality.gen 20150926
Cyren W32/Sality.gen2 20150926
DrWeb Win32.Sector.30 20150926
Emsisoft Win32.Sality.3 (B) 20150926
ESET-NOD32 Win32/Sality.NBA 20150926
F-Prot W32/Sality.gen2 20150926
F-Secure Win32.Sality.3 20150925
GData Win32.Sality.3 20150926
Ikarus Virus.Win32.Sality 20150926
Jiangmin Win32/HLLP.Kuku.Gen 20150926
K7AntiVirus Virus ( f10001f11 ) 20150926
K7GW Virus ( f10001f11 ) 20150926
Kaspersky Virus.Win32.Sality.gen 20150926
McAfee W32/Sality.gen.z 20150926
McAfee-GW-Edition BehavesLike.Win32.Dropper.bh 20150926
Microsoft Virus:Win32/Sality.AT 20150926
eScan Win32.Sality.3 20150926
NANO-Antivirus Virus.Win32.Sality.yusp 20150926
nProtect Virus/W32.Sality.D 20150925
Panda W32/Sality.AA 20150926
Rising PE:Virus.Sality!1.A09C[F1] 20150926
Sophos AV Mal/Sality-D 20150926
Symantec W32.Sality.AE 20150925
TheHacker W32/Sality.gen 20150926
TotalDefense Win32/Sality.AA 20150926
TrendMicro PE_SALITY.RL 20150926
TrendMicro-HouseCall PE_SALITY.RL 20150926
VBA32 Virus.Win32.Sality.bakb 20150926
VIPRE Virus.Win32.Sality.at (v) 20150926
ViRobot Win32.Sality.Gen.A[h] 20150926
Zillya Virus.Sality.Win32.23 20150926
Zoner Win32.Sality 20150926
AegisLab 20150926
Alibaba 20150925
ByteHero 20150926
ClamAV 20150926
CMC 20150925
Fortinet 20150926
Kingsoft 20150926
Malwarebytes 20150926
Qihoo-360 20150926
SUPERAntiSpyware 20150926
Tencent 20150926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) DTools by 2001

Publisher DTools LIMITED
Product DTools
Original name DTools.exe
Internal name SysTool.exe
File version 20.0.0.2294
Description DTools
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-27 07:18:51
Entry Point 0x00042CAF
Number of sections 5
PE sections
Overlays
MD5 f3dfc68dc40ee6de9be63a7d8ab02f6e
File type data
Offset 772096
Size 5800
Entropy 7.40
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
DeleteService
CryptHashData
RegQueryValueExW
CryptCreateHash
QueryServiceStatusEx
ChangeServiceConfig2W
ConvertStringSidToSidW
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
SetTokenInformation
CreateServiceW
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
CryptAcquireContextA
SetServiceStatus
CreateProcessAsUserW
CryptDestroyHash
StartServiceW
RegSetValueExW
EnumDependentServicesW
CryptGetHashParam
OpenSCManagerW
ReportEventW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CloseServiceHandle
GetStdHandle
GetDriveTypeW
VerifyVersionInfoA
InterlockedPopEntrySList
WaitForSingleObject
SignalObjectAndWait
CreateTimerQueue
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
FreeLibraryAndExitThread
GetConsoleMode
UnhandledExceptionFilter
SetFilePointer
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
InitializeSListHead
FileTimeToSystemTime
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
ResumeThread
SetEvent
LocalFree
GetThreadPriority
InterlockedPushEntrySList
CreateEventW
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
EncodePointer
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
DeviceIoControl
InitializeCriticalSection
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
GetUserDefaultLCID
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
DeleteTimerQueueTimer
RegisterWaitForSingleObject
CreateThread
GetSystemDirectoryW
MoveFileExW
InterlockedFlushSList
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
CreateSemaphoreW
GetModuleHandleExW
GlobalAlloc
ChangeTimerQueueTimer
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SleepEx
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
OpenProcess
GetWindowsDirectoryA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
QueryDepthSList
CompareStringW
GetFileInformationByHandle
CreateTimerQueueTimer
IsValidLocale
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
IsValidCodePage
LCMapStringW
GetShortPathNameW
GlobalFree
GetConsoleCP
UnregisterWaitEx
TlsGetValue
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
Process32NextW
SwitchToThread
UnregisterWait
GetCurrentProcessId
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
RaiseException
SetThreadAffinityMask
Process32FirstW
GetCurrentThread
GetSystemDefaultLangID
ReadConsoleW
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FileTimeToLocalFileTime
GetNumaHighestNodeNumber
GetCurrentDirectoryW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
wsprintfW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
DeleteUrlCacheEntryW
Ord(301)
Ord(50)
Ord(27)
Ord(22)
Ord(60)
Ord(79)
Ord(46)
Ord(30)
Ord(211)
Ord(143)
Ord(200)
Ord(33)
Ord(32)
Ord(26)
Ord(41)
Ord(35)
getaddrinfo
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
htons
WSASetLastError
select
gethostname
getsockopt
closesocket
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
WSACleanup
getpeername
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 2
EXE_NTX 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
CHINESE SIMPLIFIED 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
223744

ImageVersion
0.0

ProductName
DTools

FileVersionNumber
20.0.0.2294

LanguageCode
English (British)

FileFlagsMask
0x003f

FileDescription
DTools

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
DTools.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
20.0.0.2294

TimeStamp
2015:07:27 08:18:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SysTool.exe

ProductVersion
20.0.0.2294

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) DTools by 2001

MachineType
Intel 386 or later, and compatibles

CompanyName
DTools LIMITED

CodeSize
487424

FileSubtype
0

ProductVersionNumber
20.0.0.2294

EntryPoint
0x42caf

ObjectFileType
Executable application

File identification
MD5 f210f58bc832f2cb867af08911fc9212
SHA1 cc94b9b0e100a9a3321efdae78f5804fd1dbac17
SHA256 8521fe3960aa08b30fa5f8c04336087e89755ab7bec6cd143edc94cb20ca132d
ssdeep
12288:OoimRm8kEyvLYag4kEe0GC776Fp1G6z/pXRUPynlgoxg5cPuiLdWhT3kvylNbG:UYmpHA/pa6lpg7T3V3G

authentihash 4ce386e3753d837ac73a47e367173a623629763ec3793cf69eddbeb3f79508e2
imphash 6d16f42e388a64fc6f59b7e94b258200
File size 759.7 KB ( 777896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-26 22:46:18 UTC ( 3 years, 8 months ago )
Last submission 2015-09-26 22:46:18 UTC ( 3 years, 8 months ago )
File names DTools.exe
SysTool.exe
protectwindowsmanager.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications