× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 923c6180567c07194faecdbb1426eb7de4e6df9a6d51a6d30b062d484c34dbca
File name: 28a96fd94f187f18c565c60d391fa8e2ecc2bd31
Detection ratio: 23 / 57
Analysis date: 2016-11-25 13:31:05 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Avast Win32:Trojan-gen 20161125
Avira (no cloud) TR/Crypt.Xpack.fftpk 20161125
AVware Trojan.Win32.Generic!BT 20161125
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161125
Bkav W32.eHeur.Malware03 20161125
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
ESET-NOD32 a variant of Win32/GenKryptik.LHB 20161125
Fortinet W32/Kryptick.HL!tr 20161125
GData Win32.Trojan.Agent.M0D72C 20161125
Ikarus Trojan.Win32.Krypt 20161125
Sophos ML backdoor.win32.zegost.ad 20161018
K7AntiVirus Trojan ( 004fe93f1 ) 20161125
K7GW Trojan ( 004fe93f1 ) 20161125
Kaspersky Backdoor.Win32.Vawtrak.gu 20161125
Microsoft Backdoor:Win32/Vawtrak.E 20161125
Panda Trj/GdSda.A 20161125
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161125
Rising Backdoor.Vawtrak!8.11D-VU7cX6khE1D (cloud) 20161125
Sophos AV Mal/Generic-S 20161125
Symantec Heur.AdvML.B 20161125
TrendMicro TROJ_GEN.R00JC0DKN16 20161125
TrendMicro-HouseCall TROJ_GEN.R00JC0DKN16 20161125
VIPRE Trojan.Win32.Generic!BT 20161125
Ad-Aware 20161125
AegisLab 20161125
AhnLab-V3 20161125
Alibaba 20161125
ALYac 20161125
Antiy-AVL 20161125
Arcabit 20161125
AVG 20161125
BitDefender 20161125
CAT-QuickHeal 20161125
ClamAV 20161125
CMC 20161125
Comodo 20161125
Cyren 20161125
DrWeb 20161125
Emsisoft 20161125
F-Prot 20161125
F-Secure 20161125
Jiangmin 20161124
Kingsoft 20161125
Malwarebytes 20161125
McAfee 20161125
McAfee-GW-Edition 20161125
eScan 20161125
NANO-Antivirus 20161125
nProtect 20161125
SUPERAntiSpyware 20161125
Tencent 20161125
TheHacker 20161124
TotalDefense 20161125
Trustlook 20161125
VBA32 20161125
ViRobot 20161125
WhiteArmor 20161125
Yandex 20161124
Zillya 20161124
Zoner 20161125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2013-2016 F-Secure Corporation

Product F-Secure Safe Search Application
Original name ssapp_customization_handler.exe
Internal name ssapp_customization_handler
File version 1.07.117.0
Description F-Secure SafeSearch Application Customization Handler
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-24 07:27:27
Entry Point 0x000043C4
Number of sections 5
PE sections
PE imports
GetStockObject
CreateToolhelp32Snapshot
GetLastError
FindFirstChangeNotificationW
GetStdHandle
LCMapStringW
lstrlenA
GetModuleFileNameW
FreeLibrary
CreateTimerQueue
IsDebuggerPresent
DebugBreak
CallNamedPipeA
VirtualProtect
GetProcAddress
LoadLibraryA
DeleteFileA
GlobalFindAtomW
CreatePipe
GetCommTimeouts
GetDateFormatA
GetCurrentDirectoryW
GetLocaleInfoA
GetCurrentProcessId
AddAtomA
DebugActiveProcessStop
ChangeTimerQueueTimer
CreateDirectoryA
GetProcessHeaps
OpenFileMappingA
GetDateFormatW
GetBinaryTypeA
lstrcatW
GetCalendarInfoA
GetLocaleInfoW
RemoveDirectoryW
GetTimeFormatW
Heap32ListNext
RaiseException
CreateDirectoryExW
LoadLibraryW
CreateHardLinkA
LocalFree
InterlockedExchange
FindNextVolumeMountPointW
CloseHandle
GetSystemTimeAsFileTime
GetNamedPipeHandleStateW
SetThreadIdealProcessor
CreateConsoleScreenBuffer
GetModuleHandleW
FreeResource
SetConsoleCP
MoveFileA
FindAtomW
CreateProcessA
GetProcessShutdownParameters
CreateProcessW
GetFileSizeEx
GetLongPathNameA
GetSystemWindowsDirectoryW
GetCurrentThread
GetModuleHandleExA
LocalAlloc
MulDiv
GetForegroundWindow
GetMenuInfo
GetKeyboardLayoutNameA
LoadMenuA
OffsetRect
GetShellWindow
LoadMenuW
GetClipboardViewer
GetMenu
GetClassLongW
RegisterClassW
UnionRect
CreateMenu
GetKeyboardLayout
GetMenuItemCount
CharNextA
GetDesktopWindow
LoadIconW
GetFocus
GetWindowLongW
GetMenuContextHelpId
IsChild
memset
exit
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
106496

ImageVersion
0.0

ProductName
F-Secure Safe Search Application

FileVersionNumber
1.7.117.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
F-Secure SafeSearch Application Customization Handler

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
ssapp_customization_handler.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.07.117.0

TimeStamp
2014:04:24 08:27:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ssapp_customization_handler

ProductVersion
1.07.117.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (c) 2013-2016 F-Secure Corporation

MachineType
Intel 386 or later, and compatibles

CompanyName
F-Secure Corporation

CodeSize
174080

FileSubtype
0

ProductVersionNumber
1.7.117.0

EntryPoint
0x43c4

ObjectFileType
Executable application

File identification
MD5 24b4e8154392644f63ab0060e79872cb
SHA1 28a96fd94f187f18c565c60d391fa8e2ecc2bd31
SHA256 923c6180567c07194faecdbb1426eb7de4e6df9a6d51a6d30b062d484c34dbca
ssdeep
3072:DGRrpQ8C9LHCUvO3KzTI2nP8LlQ4jQB6brY0wsK9fSP:D4pb8DnO3CTI2kRKB6vY0I

authentihash fd35c00a26096812dedd9cd99fc79bc267f04c9d490bc77aa824bc57fd9734e3
imphash 347e184510c7cc451cbf34c6c4692f58
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-25 13:31:05 UTC ( 2 years, 3 months ago )
Last submission 2016-11-25 13:31:05 UTC ( 2 years, 3 months ago )
File names ssapp_customization_handler
ssapp_customization_handler.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Code injections in the following processes
Created mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications