× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 884e2bfd4745cc6cf9b5b90dc2f9ca5158f464afbc0b24ae294594ce0e7ec36d
File name: PWToolM.exe
Detection ratio: 0 / 47
Analysis date: 2013-07-03 15:57:46 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Yandex 20130703
AhnLab-V3 20130703
AntiVir 20130703
Antiy-AVL 20130702
Avast 20130703
AVG 20130703
BitDefender 20130701
ByteHero 20130613
CAT-QuickHeal 20130703
ClamAV 20130702
Commtouch 20130703
Comodo 20130703
DrWeb 20130703
Emsisoft 20130703
eSafe 20130703
ESET-NOD32 20130703
F-Prot 20130703
F-Secure 20130703
Fortinet 20130703
GData 20130703
Ikarus 20130703
Jiangmin 20130703
K7AntiVirus 20130703
K7GW 20130703
Kaspersky 20130703
Kingsoft 20130506
Malwarebytes 20130703
McAfee 20130703
McAfee-GW-Edition 20130703
Microsoft 20130703
eScan 20130702
NANO-Antivirus 20130703
Norman 20130703
nProtect 20130703
Panda 20130703
PCTools 20130703
Rising 20130703
Sophos 20130703
SUPERAntiSpyware 20130703
Symantec 20130703
TheHacker 20130703
TotalDefense 20130703
TrendMicro 20130703
TrendMicro-HouseCall 20130703
VBA32 20130702
VIPRE 20130703
ViRobot 20130703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
2012 © Para-Welt.com

File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x0011BF40
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
Ord(16)
CoInitialize
Number of PE resources by type
RT_ICON 12
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 26
ENGLISH US 1
PE resources
File identification
MD5 71681d9cd0e65c2a4b3a3739887c7599
SHA1 3ec0c821440689c22abb634833796b9d665302ef
SHA256 884e2bfd4745cc6cf9b5b90dc2f9ca5158f464afbc0b24ae294594ce0e7ec36d
ssdeep
12288:A6Wq4aaE6KwyF5L0Y2D1PqL+abbD9/CgPocPuXlsSYsOh:WthEVaPqLBYg4sS/Oh

File size 725.4 KB ( 742797 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-03 15:57:46 UTC ( 3 years, 10 months ago )
Last submission 2013-07-03 15:57:46 UTC ( 3 years, 10 months ago )
File names PWToolM.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created processes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications