× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 881474d98735a8ce7b3fedbc8fa35d461edeb6c978b07c7081fe91b983b6eaa8
File name: WPL protclient UI
Detection ratio: 54 / 68
Analysis date: 2018-08-03 10:58:06 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.85279 20180803
AegisLab Troj.Spy.W32.Zbot.rzrm!c 20180803
AhnLab-V3 Malware/Win32.Generic.R102098 20180803
ALYac Gen:Variant.Zusy.85279 20180803
Antiy-AVL Trojan/Win32.AGeneric 20180803
Arcabit Trojan.Zusy.D14D1F 20180803
Avast Sf:Crypt-K [Trj] 20180802
AVG Sf:Crypt-K [Trj] 20180802
Avira (no cloud) TR/Crypt.ZPACK.Gen7 20180803
AVware Trojan.Win32.Generic!BT 20180727
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180802
BitDefender Gen:Variant.Zusy.85279 20180803
Bkav W32.eHeur.Malware12 20180803
CAT-QuickHeal Trojan.Generic.B4 20180803
Cybereason malicious.171ade 20180225
Cylance Unsafe 20180803
Cyren W32/Trojan.EPSC-8538 20180803
DrWeb Trojan.PWS.Panda.2977 20180803
Emsisoft Gen:Variant.Zusy.85279 (B) 20180803
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Zbot.AAO 20180803
F-Secure Gen:Variant.Zusy.85279 20180803
Fortinet W32/Zbot.ACB!tr 20180803
GData Gen:Variant.Zusy.85279 20180803
Ikarus Virus.Win32.Cryptor 20180803
Sophos ML heuristic 20180717
Jiangmin TrojanSpy.Zbot.euyr 20180803
K7AntiVirus Spyware ( 004b908d1 ) 20180803
K7GW Spyware ( 004b908d1 ) 20180803
Kaspersky Trojan-Spy.Win32.Zbot.rzrm 20180803
Malwarebytes Spyware.Zbot.VXGen 20180803
MAX malware (ai score=85) 20180803
McAfee Generic-FAWS!03C6972171AD 20180803
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20180803
Microsoft PWS:Win32/Zbot 20180803
eScan Gen:Variant.Zusy.85279 20180803
NANO-Antivirus Trojan.Win32.Panda.cuillx 20180803
Palo Alto Networks (Known Signatures) generic.ml 20180803
Panda Trj/Genetic.gen 20180802
Qihoo-360 Win32/Trojan.b44 20180803
Rising Malware.Undefined!8.C (TFE:5:1qxTxFUWv1B) 20180803
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Zbot-PS 20180803
Symantec ML.Attribute.HighConfidence 20180803
Tencent Win32.Trojan-spy.Zbot.Fry 20180803
TrendMicro TROJ_GEN.R002C0PGV18 20180803
TrendMicro-HouseCall TROJ_GEN.R002C0PGV18 20180803
VBA32 TrojanSpy.Zbot 20180803
VIPRE Trojan.Win32.Generic!BT 20180803
ViRobot Trojan.Win32.Z.Zbot.253440.AD 20180803
Webroot W32.InfoStealer.Zeus 20180803
Yandex Trojan.Agent!2Ntkj2uiGLo 20180803
Zillya Trojan.Zbot.Win32.152013 20180802
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.rzrm 20180803
Alibaba 20180713
Avast-Mobile 20180802
Babable 20180725
ClamAV 20180803
CMC 20180803
Comodo 20180803
CrowdStrike Falcon (ML) 20180723
eGambit 20180803
F-Prot 20180803
Kingsoft 20180803
SUPERAntiSpyware 20180803
Symantec Mobile Insight 20180801
TACHYON 20180803
TheHacker 20180802
TotalDefense 20180803
Trustlook 20180803
Zoner 20180803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 GleosSoftware Develop

Product WPL Protection Client UI
Original name wplprotui
Internal name WPL protclient UI
File version 4.5.0.2
Description WPL Protection Client UI
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-02 21:20:18
Entry Point 0x00005711
Number of sections 5
PE sections
PE imports
ExtFloodFill
AddFontResourceA
SelectObject
GetStockObject
TextOutA
DeleteObject
SetBkMode
CreateCompatibleDC
EnumFontFamiliesA
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetCPInfo
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
WriteFile
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
GetFileSize
SetLastError
LeaveCriticalSection
VariantInit
VariantClear
GetSubMenu
LoadCursorA
GetParent
GetMenu
DrawTextA
EndPaint
RegisterClassW
GetDesktopWindow
GetSysColorBrush
ValidateRect
GetWindowTextLengthW
GetClipboardData
GetDlgItem
CreateWindowExW
PostQuitMessage
GetWindow
GetClientRect
GetDC
DestroyMenu
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_DIALOG 1
Struct(241) 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.5.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WPL Protection Client UI

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
214016

EntryPoint
0x5711

OriginalFileName
wplprotui

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 GleosSoftware Develop

FileVersion
4.5.0.2

TimeStamp
2014:03:02 22:20:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WPL protclient UI

ProductVersion
4.5.0.2

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GleosSoftware Develop

CodeSize
38400

ProductName
WPL Protection Client UI

ProductVersionNumber
4.5.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 03c6972171adeecd323c7c8810a17b3a
SHA1 1d3d5949fac3fae5b6cf5bcd482034077cd9ffb0
SHA256 881474d98735a8ce7b3fedbc8fa35d461edeb6c978b07c7081fe91b983b6eaa8
ssdeep
6144:q2qPeNT0HFsX/DrWXhXepvpBtnK1xjaMV8:QeN2sX/uXhuD/nPMV

authentihash 31762493e814c8a04bec9cc52d6dcfb154c2c3d5b4285a37112eddd9b4f552a8
imphash e06787340fdeb261b1a522dde4ef1897
File size 247.5 KB ( 253440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-27 15:55:35 UTC ( 4 years, 7 months ago )
Last submission 2014-03-27 15:55:35 UTC ( 4 years, 7 months ago )
File names WPL protclient UI
1d3d5949fac3fae5b6cf5bcd482034077cd9ffb0
wplprotui
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
DNS requests