× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8568543f771777a7ef2360405418c53a36ff0af27a12c8d3ed2f6c5855900870
File name: Fasci.exe
Detection ratio: 18 / 55
Analysis date: 2017-01-07 14:48:41 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.109449 20170107
ALYac Gen:Variant.Razy.109449 20170107
Arcabit Trojan.Razy.D1AB89 20170107
Avast Win32:Trojan-gen 20170107
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170107
BitDefender Gen:Variant.Razy.109449 20170107
CAT-QuickHeal Backdoor.Vawtrak 20170107
Emsisoft Gen:Variant.Razy.109449 (B) 20170107
ESET-NOD32 a variant of Win32/Kryptik.FKXT 20170107
F-Secure Gen:Variant.Razy.109449 20170107
GData Gen:Variant.Razy.109449 20170107
Ikarus Trojan.Win32.PSW 20170107
Kaspersky Backdoor.Win32.Vawtrak.dq 20170107
Microsoft Backdoor:Win32/Vawtrak.E 20170107
eScan Gen:Variant.Razy.109449 20170107
Qihoo-360 Win32/Backdoor.bab 20170107
Rising Malware.Generic!Axt7xyvjK7Q@1 (thunder) 20170107
Tencent Win32.Backdoor.Vawtrak.Hoyk 20170107
AegisLab 20170107
AhnLab-V3 20170107
Alibaba 20170107
Antiy-AVL 20170107
AVG 20170107
Avira (no cloud) 20170107
AVware 20170107
Bkav 20170107
ClamAV 20170107
CMC 20170107
Comodo 20170107
CrowdStrike Falcon (ML) 20161024
Cyren 20170107
DrWeb 20170107
F-Prot 20170107
Fortinet 20170107
Sophos ML 20161216
Jiangmin 20170107
K7AntiVirus 20170107
K7GW 20170107
Kingsoft 20170107
Malwarebytes 20170107
McAfee 20170107
McAfee-GW-Edition 20170107
NANO-Antivirus 20170107
nProtect 20170107
Panda 20170107
Sophos AV 20170107
SUPERAntiSpyware 20170107
Symantec 20170107
TheHacker 20170104
TrendMicro 20170107
TrendMicro-HouseCall 20170107
Trustlook 20170107
VBA32 20170106
VIPRE 20170107
ViRobot 20170107
WhiteArmor 20161221
Yandex 20170106
Zillya 20170104
Zoner 20170107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2015

Product 360 Total Security
Original name Uninstall.exe
Internal name Uninstall
File version 8,6,0,1002
Description Uninstall Module
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-21 09:25:36
Entry Point 0x00001046
Number of sections 8
PE sections
PE imports
IsValidAcl
CryptGetDefaultProviderW
GetUserNameW
CryptDuplicateHash
AccessCheck
GetUserNameA
IsTextUnicode
GetStockObject
CreateJobObjectA
GetConsoleAliasW
GetLocalTime
GetCurrentProcess
FreeEnvironmentStringsW
CommConfigDialogA
GetLocaleInfoW
GetCommModemStatus
WideCharToMultiByte
IsSystemResumeAutomatic
WriteFile
_lopen
GetDiskFreeSpaceA
GetExitCodeProcess
IsWow64Process
FindFirstVolumeMountPointW
CloseConsoleHandle
SetLastError
IsBadWritePtr
GetLargestConsoleWindowSize
GlobalFindAtomA
FoldStringA
GetProfileSectionW
WritePrivateProfileSectionW
ExpungeConsoleCommandHistoryW
GetSystemPowerStatus
MoveFileExW
GetVolumeNameForVolumeMountPointA
LockFileEx
SetConsoleLocalEUDC
GetExitCodeThread
ConvertDefaultLocale
CreateMutexW
GetDateFormatA
GetSystemDirectoryA
AllocateUserPhysicalPages
GetVersion
GetModuleHandleExW
GetCurrencyFormatW
SearchPathA
GetCurrentThreadId
CreateToolhelp32Snapshot
GetSystemWow64DirectoryW
TerminateThread
RequestDeviceWakeup
MoveFileWithProgressW
GetOEMCP
DisableThreadLibraryCalls
VirtualProtect
UnlockFile
GetWindowsDirectoryW
DeleteFileA
GetWindowsDirectoryA
LoadModule
BackupWrite
FindVolumeMountPointClose
GetNamedPipeHandleStateW
AddAtomW
GetTempFileNameW
CreateHardLinkA
CreateDirectoryW
GetTimeFormatA
GetTempFileNameA
SetConsoleActiveScreenBuffer
CreateFileA
RemoveVectoredExceptionHandler
FindFirstVolumeW
BuildCommDCBA
GetLastError
LCMapStringW
AssignProcessToJobObject
GetThreadLocale
BuildCommDCBW
GetEnvironmentStringsW
IsDBCSLeadByte
LockFile
GetCurrentDirectoryW
GetConsoleTitleW
GetCompressedFileSizeW
AddConsoleAliasW
GetConsoleInputExeNameA
LocalHandle
GetCurrentThread
EnumSystemCodePagesW
lstrcpynW
SetFilePointer
ReadFile
GetComputerNameExW
CloseHandle
CreateConsoleScreenBuffer
GetModuleHandleW
SetThreadExecutionState
IsBadStringPtrW
Sleep
I_SystemFocusDialog
GetCaretBlinkTime
LoadMenuA
LoadCursorW
FindWindowW
GetClipboardOwner
GetWindowContextHelpId
GetShellWindow
FindWindowA
GetCaretPos
FlashWindowEx
IsWindow
GetWindowRect
InflateRect
RegisterClassExW
IsWindowUnicode
GetWindow
GetDoubleClickTime
RegisterClassW
IsCharLowerA
IsZoomed
GetWindowPlacement
GetClientRect
GetLastInputInfo
GetSubMenu
GetWindowTextLengthA
CreateMenu
GetTopWindow
CopyRect
GetWindowTextW
GetDesktopWindow
IsRectEmpty
LoadIconW
WmiSetSingleInstanceW
WmiNotificationRegistrationA
WmiExecuteMethodA
WmiQuerySingleInstanceA
WmiSetSingleItemA
WmiFileHandleToInstanceNameA
WmiFreeBuffer
WmiQueryAllDataW
WmiOpenBlock
WmiQueryGuidInformation
WmiSetSingleItemW
WmiQueryAllDataA
WmiCloseBlock
WmiFileHandleToInstanceNameW
WmiMofEnumerateResourcesW
CIBuildQueryNode
SetupCacheEx
CIGetGlobalPropertyList
CollectCIISAPIPerformanceData
Number of PE resources by type
PNG 26
RT_STRING 10
RT_ICON 3
RT_DIALOG 2
FILE 2
RT_RCDATA 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 47
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.6.0.1002

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
152576

EntryPoint
0x1046

OriginalFileName
Uninstall.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2015

FileVersion
8,6,0,1002

TimeStamp
2014:01:21 10:25:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Uninstall

ProductVersion
8,6,0,1002

FileDescription
Uninstall Module

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
111616

ProductName
360 Total Security

ProductVersionNumber
8.6.0.1002

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 262a1a847173d3b151a9e049f06f948e
SHA1 b53eea86c5c68e5c07125a635763d623ff17da07
SHA256 8568543f771777a7ef2360405418c53a36ff0af27a12c8d3ed2f6c5855900870
ssdeep
6144:9TwqmrTHbBZErWm+rp8jOyTqD0sYs7vTmOhDPBI:9Tw7rjNZEmrKj1qDywTmQ

authentihash 802d2e5acc366e50249c8575f8bc38572ba5a220fb28946192a2e77a8f765c95
imphash 045c6e22e8096ae2d42cdbf9bd7dfd2d
File size 380.0 KB ( 389120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-07 14:48:41 UTC ( 2 years, 1 month ago )
Last submission 2017-01-07 14:48:41 UTC ( 2 years, 1 month ago )
File names Uninstall.exe
Fasci.exe
Uninstall
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Searched windows
Runtime DLLs
UDP communications