× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a1ed6935539137e308de3e820be14ecf120b4b25361156eb072a703859cd866
File name: 3e9e14cd7158c7f9d8d8f8c165ad0476.virus
Detection ratio: 29 / 56
Analysis date: 2016-10-15 00:41:24 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.99629 20161015
AhnLab-V3 Win-Trojan/Cerber.Gen 20161014
ALYac Gen:Variant.Razy.99629 20161014
Arcabit Trojan.Razy.D1852D 20161015
Avast Win32:Malware-gen 20161015
AVG Agent5.AUGO 20161015
Avira (no cloud) TR/Crypt.XPACK.Gen2 20161014
AVware Trojan.Win32.Reveton.a (v) 20161014
BitDefender Gen:Variant.Razy.99629 20161015
Bkav W32.eHeur.Malware08 20161014
CrowdStrike Falcon (ML) malicious_confidence_72% (D) 20160725
DrWeb Trojan.DownLoader22.62211 20161015
Emsisoft Gen:Variant.Razy.99629 (B) 20161015
ESET-NOD32 Win32/Agent.RTG 20161015
F-Secure Gen:Variant.Razy.99629 20161015
Fortinet W32/Agent.RTG!tr 20161015
GData Gen:Variant.Razy.99629 20161015
Sophos ML virus.win32.sality.at 20160928
Kaspersky Trojan-Downloader.Win32.Kuluoz.wgk 20161014
McAfee Artemis!3E9E14CD7158 20161015
McAfee-GW-Edition Artemis 20161015
Microsoft Trojan:Win32/Dynamer!ac 20161014
eScan Gen:Variant.Razy.99629 20161015
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161015
Sophos AV Mal/Generic-S 20161015
Symantec Heur.AdvML.B 20161015
TrendMicro TROJ_GEN.R011C0DJE16 20161015
TrendMicro-HouseCall TROJ_GEN.R011C0DJE16 20161015
VIPRE Trojan.Win32.Reveton.a (v) 20161015
AegisLab 20161014
Alibaba 20161014
Antiy-AVL 20161014
Baidu 20161014
CAT-QuickHeal 20161014
ClamAV 20161015
CMC 20161014
Comodo 20161014
Cyren 20161015
F-Prot 20161015
Ikarus 20161014
Jiangmin 20161014
K7AntiVirus 20161014
K7GW 20161014
Kingsoft 20161015
Malwarebytes 20161014
NANO-Antivirus 20161015
nProtect 20161014
Panda 20161014
Rising 20161015
SUPERAntiSpyware 20161015
Tencent 20161015
TheHacker 20161014
VBA32 20161014
ViRobot 20161014
Yandex 20161014
Zillya 20161013
Zoner 20161015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 1998-2014 by AceBIT GmbH

Product Password Depot
Original name pdVirtKbd.exe
Internal name pdVirtKbd
File version 8.1.8.0
Description Password Depot Virtual Keyboard
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-10 09:26:00
Entry Point 0x00009E90
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegQueryValueExA
AccessCheck
OpenServiceW
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
RegOpenKeyA
OpenProcessToken
QueryServiceStatus
DuplicateToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyW
GetUserNameW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegEnumValueW
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_Destroy
ImageList_AddMasked
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_Create
ImageList_EndDrag
ImageList_Replace
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
CreatePatternBrush
GetTextMetricsW
SetMapMode
CreateFontIndirectW
OffsetRgn
CreatePen
DeleteObject
GdiFlush
ExtFloodFill
MaskBlt
GetEnhMetaFileW
SetStretchBltMode
DeleteEnhMetaFile
GetPixel
Rectangle
Polygon
GetDeviceCaps
ExcludeClipRect
PlayEnhMetaFile
CreateCompatibleDC
DeleteDC
SetBkMode
CreateBitmap
StretchBlt
SetPixel
EndDoc
Arc
StartPage
GetRegionData
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreateSolidBrush
GetClipBox
GetBkColor
CreateEnhMetaFileW
ExtTextOutW
GetTextExtentPoint32W
CreateDCW
GetStockObject
SetViewportOrgEx
SelectPalette
GetOutlineTextMetricsW
ExtCreateRegion
ExtSelectClipRgn
SetBrushOrgEx
SelectClipRgn
RoundRect
StartDocW
StretchDIBits
PolyBezier
CloseEnhMetaFile
CreateHatchBrush
SetROP2
EndPage
CreateRectRgn
SelectObject
SetPolyFillMode
Pie
Ellipse
SetWindowExtEx
GetEnhMetaFileHeader
SetWindowOrgEx
Polyline
GetObjectType
SetBkColor
PolyPolygon
SetViewportExtEx
CreateCompatibleBitmap
GetProcAddress
GetModuleHandleA
Sleep
LoadLibraryA
StrToIntW
StrFormatByteSizeW
StrFormatKBSizeW
ChangeDisplaySettingsW
GetForegroundWindow
SetWindowPos
DdeDisconnect
EndPaint
DdeGetData
DdeCreateStringHandleW
SetActiveWindow
GetDC
ReleaseDC
SendMessageW
UnregisterClassW
DdeInitializeW
CallNextHookEx
DdeFreeDataHandle
IsClipboardFormatAvailable
DdeQueryStringW
ShowCursor
GetWindowTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
DestroyWindow
UpdateWindow
GetMessageW
ShowWindow
ValidateRgn
PeekMessageW
EnableWindow
GetClipboardFormatNameW
GetSystemMenu
ChildWindowFromPoint
RegisterClassW
DdeConnect
CreateMenu
DdeClientTransaction
CreateAcceleratorTableW
WaitForInputIdle
DdeCreateDataHandle
GetDialogBaseUnits
GetWindowLongW
RegisterWindowMessageW
BeginPaint
keybd_event
KillTimer
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
PostMessageW
SetWindowTextW
SetTimer
DdeGetLastError
BringWindowToTop
LoadCursorA
PostThreadMessageW
DdeFreeStringHandle
AttachThreadInput
DestroyAcceleratorTable
ValidateRect
SetWindowsHookExW
LoadCursorW
EnumDisplaySettingsW
FindWindowExW
SetForegroundWindow
ExitWindowsEx
OpenClipboard
EmptyClipboard
HideCaret
MessageBeep
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
DdeUninitialize
UnhookWindowsHookEx
DdePostAdvise
AppendMenuW
GetWindowDC
AdjustWindowRectEx
RegisterClipboardFormatW
GetKeyState
GetDoubleClickTime
IsWindowVisible
DdeNameService
SystemParametersInfoW
UnionRect
GetClassNameW
ModifyMenuW
IsRectEmpty
wsprintfW
CloseClipboard
SetCursor
SetMenu
TranslateAcceleratorW
Number of PE resources by type
RT_STRING 21
RT_ICON 12
RT_BITMAP 10
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 39
NEUTRAL 25
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
101888

ImageVersion
0.0

ProductName
Password Depot

FileVersionNumber
8.1.8.0

LanguageCode
Unknown (1407)

FileFlagsMask
0x003f

FileDescription
Password Depot Virtual Keyboard

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
pdVirtKbd.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.1.8.0

TimeStamp
2016:10:10 10:26:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pdVirtKbd

ProductVersion
8.1.8

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
1998-2014 by AceBIT GmbH

MachineType
Intel 386 or later, and compatibles

CompanyName
AceBIT GmbH

CodeSize
38400

FileSubtype
0

ProductVersionNumber
8.1.8.0

EntryPoint
0x9e90

ObjectFileType
Executable application

File identification
MD5 3e9e14cd7158c7f9d8d8f8c165ad0476
SHA1 94da525314586bfa74d4a33e06f332969a695440
SHA256 8a1ed6935539137e308de3e820be14ecf120b4b25361156eb072a703859cd866
ssdeep
1536:mt1I2OeJVgdVCJi4NlkMDz51Ywu8xLqoW8V9y63F65XZDuxBf7U:HEgdoiu1zbVu8x2oW8K63IXZD4f7

authentihash afd3a390792b9bee42854733d8bfa0a72f56fca4d97b26098bd25b4c4ea7661f
imphash a43107251d4691d61d38f9b23bcc1561
File size 137.5 KB ( 140800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe suspicious-dns

VirusTotal metadata
First submission 2016-10-15 00:41:24 UTC ( 2 years, 4 months ago )
Last submission 2016-10-15 00:41:24 UTC ( 2 years, 4 months ago )
File names 3e9e14cd7158c7f9d8d8f8c165ad0476.virus
pdVirtKbd
pdVirtKbd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications