× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a1fc80e326ccdfac70623b092a6f5db4ec74b3fea27141eb3fd25d8d367cac7
File name: 3ece80a855f04c8618a5ac4ba225134e
Detection ratio: 38 / 41
Analysis date: 2012-08-09 22:45:29 UTC ( 1 year, 8 months ago )
Antivirus Result Update
AVG Win32/Valla.2048 20120808
AhnLab-V3 Win32/Valla.2048 20120808
AntiVir W32/Xorala.b 20120808
Avast Win32:Valhalla 20120808
BitDefender Win32.Valhalla.2048 20120808
CAT-QuickHeal W32.Xorala 20120808
ClamAV W32.Xorala 20120808
Commtouch W32/Harmony.A 20120808
Comodo Virus.Win32.Xorala.b0 20120808
DrWeb Win32.Valhala.2048 20120808
ESET-NOD32 Win32/Xorala.A 20120808
Emsisoft Virus.Win32.Xorala!IK 20120808
F-Prot W32/Harmony.A 20120808
F-Secure Win32.Valhalla.2048 20120808
Fortinet W32/Valla.2048 20120808
GData Win32.Valhalla.2048 20120808
Ikarus Virus.Win32.Xorala 20120808
Jiangmin Hacktool/VB.ASPX.a 20120808
K7AntiVirus Virus 20120808
Kaspersky Virus.Win32.Xorala 20120808
McAfee W32/Valla.a 20120808
McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.J 20120808
Microsoft Virus:Win32/Valla.2048 20120808
Norman W32/Valla.2048 20120808
PCTools Malware.Valla 20120808
Panda W32/Valla.2048 20120808
Rising Win32.Xorala 20120808
Sophos W32/Rox-A 20120808
Symantec W32.Valla.2048 20120808
TheHacker W32/Valla.a 20120808
TotalDefense Win32/Valla.2048 20120807
TrendMicro PE_VALLA.A 20120808
TrendMicro-HouseCall PE_VALLA.A 20120808
VBA32 Win32.Xoralda.2048 20120807
VIPRE Valla.a (v) 20120808
ViRobot Win32.Valla.2048 20120808
VirusBuster Win32.Xorala 20120808
nProtect Virus/W32.Valla 20120808
Antiy-AVL 20120808
ByteHero 20120723
SUPERAntiSpyware 20120808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
(c) 1995-2009 Microsoft Corporation

Publisher Microsoft Corporation
Product Microsoft Genuine Advantage
Original name WgaTray.exe
Internal name WgaNotify
File version 1.9.0040.0
Description Windows Genuine Advantage Notifications
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-11 04:41:54
Entry Point 0x000E4000
Number of sections 5
PE sections
PE imports
RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegOpenKeyExW, RegEnumKeyW, RegDeleteValueW, RegQueryInfoKeyW, RegEnumValueW, CryptImportKey, RegEnumKeyExW, RegEnumKeyExA, GetCurrentHwProfileA, GetCurrentHwProfileW, RegEnumKeyA, CryptAcquireContextA, CryptCreateHash, CryptHashData, CryptDeriveKey, CryptDecrypt, CryptDestroyKey, CryptDestroyHash, CryptReleaseContext, OpenThreadToken, GetLengthSid, CopySid, LookupAccountNameW, OpenProcessToken, GetTokenInformation, RegCreateKeyExA, RegSetValueExA
InitCommonControlsEx
CryptProtectData, CryptUnprotectData, CertEnumCertificatesInStore, CertFindExtension, CryptExportPublicKeyInfo, CertVerifySubjectCertificateContext, CertFreeCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertCreateCertificateContext, CertCloseStore, CertComparePublicKeyInfo, CertOpenStore
SelectObject, CreateCompatibleDC, CreateCompatibleBitmap, CreateFontIndirectW, GetObjectW, CreateDIBSection, BitBlt, SetTextColor, DeleteDC, CreateSolidBrush, SetBkMode, GetStockObject, DeleteObject, GetTextExtentExPointW
GetModuleHandleA, GetProcAddress, VirtualAlloc, CreateWaitableTimerW, VirtualFree, LoadLibraryW, InitializeCriticalSectionAndSpinCount, GetSystemTime, GetExitCodeThread, GetLogicalDriveStringsA, GetVolumeInformationA, GlobalMemoryStatus, GetProcessAffinityMask, SetThreadAffinityMask, ResumeThread, GetLogicalDriveStringsW, GetDriveTypeW, GetVolumeInformationW, GetSystemInfo, lstrlenW, lstrlenA, ReadFile, FindNextFileA, CancelWaitableTimer, DeviceIoControl, GetFileSize, TerminateThread, MapViewOfFile, UnmapViewOfFile, GetComputerNameW, GetPrivateProfileSectionW, GetPrivateProfileStringW, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, SetFileAttributesW, CreateFileW, TryEnterCriticalSection, GetSystemDefaultLCID, DeleteFileA, MoveFileA, GlobalAlloc, GlobalFree, LocalAlloc, LocalFree, GetTempPathA, CreateDirectoryA, GetCurrentDirectoryW, CreateDirectoryW, CreateMutexA, GetDriveTypeA, GetSystemDirectoryW, FindFirstFileW, FindFirstFileA, FindClose, ReadProcessMemory, GetLocalTime, SystemTimeToFileTime, CompareFileTime, FlushFileBuffers, CreateFileA, GetTimeZoneInformation, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetLocaleInfoA, GetUserDefaultLCID, SetWaitableTimer, GetSystemDefaultLangID, ResetEvent, GetStringTypeW, GetStringTypeA, GetConsoleMode, GetConsoleCP, SetFilePointer, CreateFileMappingA, GetFileAttributesA, FreeLibrary, LCMapStringW, WideCharToMultiByte, LCMapStringA, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, RtlUnwind, HeapSize, Sleep, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, HeapCreate, HeapDestroy, GetCurrentThread, TlsFree, GetModuleFileNameA, GetVersionExA, DeleteCriticalSection, GetSystemDirectoryA, WaitForMultipleObjects, CreateThread, CreateEventW, GetTickCount, WaitForSingleObject, ReleaseMutex, HeapSetInformation, InitializeCriticalSection, CreateMutexW, SetProcessWorkingSetSize, GetCurrentProcessId, OpenEventW, SetEvent, CloseHandle, InterlockedIncrement, InterlockedDecrement, SetLastError, GetCurrentThreadId, GetLastError, EnumResourceLanguagesW, GetCurrentProcess, FlushInstructionCache, RaiseException, EnterCriticalSection, LeaveCriticalSection, InterlockedCompareExchange, HeapFree, GetProcessHeap, HeapAlloc, LoadLibraryA, IsProcessorFeaturePresent, GetStartupInfoW, GetSystemTimeAsFileTime, HeapReAlloc, SetUnhandledExceptionFilter, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, SetEndOfFile, GetVersion, VirtualProtect
-, -, -, -, -, -, -, -
SetupDiGetDeviceRegistryPropertyW, SetupDiDestroyDeviceInfoList, SetupDiCreateDeviceInfoList, SetupDiGetClassDevsW, SetupDiGetClassDevsA, SetupDiGetDeviceRegistryPropertyA, SetupDiEnumDeviceInfo
Shell_NotifyIconW, ShellExecuteA, ShellExecuteW, SHAppBarMessage
SHDeleteValueW
PostMessageW, GetMenuItemID, DeleteMenu, GetMenuItemCount, CreateWindowExW, SetWindowLongW, LoadImageW, DestroyIcon, LoadStringW, RegisterWindowMessageW, ShowWindow, UpdateWindow, BroadcastSystemMessageA, wsprintfA, SetMenuDefaultItem, SetWindowPos, SetSysColors, SystemParametersInfoW, GetForegroundWindow, CopyRect, OffsetRect, GetDC, UpdateLayeredWindow, ReleaseDC, MapWindowPoints, InflateRect, SetRect, IsWindow, EndPaint, BeginPaint, SendMessageW, DestroyWindow, DrawTextW, GetFocus, DrawFocusRect, DrawIconEx, GetWindowTextLengthW, SetDlgItemTextW, SendDlgItemMessageW, GetClientRect, GetWindowTextW, GetSysColor, SetLayeredWindowAttributes, InvalidateRect, GetWindowRect, GetDlgItem, GetWindowLongW, EndDialog, GetDlgCtrlID, GetMessageW, TranslateMessage, DispatchMessageW, LoadIconW, LoadCursorW, RegisterClassExW, DefWindowProcW, PostQuitMessage, FindWindowW, IsWindowVisible, GetActiveWindow, DialogBoxParamW, CreateDialogParamW, GetDoubleClickTime, SetTimer, LoadMenuW, GetSubMenu, GetCursorPos, SetForegroundWindow, TrackPopupMenu, DestroyMenu, KillTimer, UnregisterClassA, SystemParametersInfoA, GetDesktopWindow, GetWindowLongA, GetParent, GetSystemMetrics, GetMonitorInfoA, GetClassNameW, SetWindowTextW, SendMessageA
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueA
InternetSetOptionA, InternetOpenA, InternetErrorDlg, InternetAutodial, InternetGetConnectedState, HttpQueryInfoA, HttpSendRequestA, InternetQueryOptionA, HttpOpenRequestA, InternetConnectA, InternetReadFile, InternetCloseHandle
CLSIDFromProgID, CoCreateGuid, StringFromGUID2, CoSetProxyBlanket, CoFreeUnusedLibraries, CoCreateInstance, CoInitializeEx, CoUninitialize, IIDFromString
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
8.0

ImageVersion
21315.20512

FileSubtype
0

FileVersionNumber
1.9.40.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
197632

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
1995-2009 Microsoft Corporation

FileVersion
1.9.0040.0

TimeStamp
2009:03:11 05:41:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WgaNotify

ProductVersion
1.9.0040.0

FileDescription
Windows Genuine Advantage Notifications

OSVersion
6.0

OriginalFilename
WgaTray.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
729088

ProductName
Microsoft Genuine Advantage

ProductVersionNumber
1.9.40.0

EntryPoint
0xe4000

ObjectFileType
Executable application

File identification
MD5 3ece80a855f04c8618a5ac4ba225134e
SHA1 7e8dd1e75d1f58802d02ab00bb2c246725ea403d
SHA256 8a1fc80e326ccdfac70623b092a6f5db4ec74b3fea27141eb3fd25d8d367cac7
ssdeep
24576:MmbOP9ziqR+3vbLfnvZtoGXBaN7njgruT:FbOPNiqRcj7Zto+AtUM

File size 915.0 KB ( 936960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-09 22:45:29 UTC ( 1 year, 8 months ago )
Last submission 2012-08-09 22:45:29 UTC ( 1 year, 8 months ago )
File names 3ece80a855f04c8618a5ac4ba225134e
WgaTray.exe
WgaNotify
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications