× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94c866975505d6489b5137b988e6bcbe41568dad3e669d6b979531ec3f3dc5b8
File name: 8bd727abc4c1922118ce1122a741bd13.virus
Detection ratio: 45 / 57
Analysis date: 2016-03-16 11:27:21 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.CryptoWall.3 20160316
AegisLab Worm.W32.Ngrbot!c 20160316
Yandex Worm.Ngrbot!jgbojp6Bh1s 20160314
AhnLab-V3 Trojan/Win32.Teslacrypt 20160316
ALYac Gen:Heur.CryptoWall.3 20160316
Antiy-AVL Worm/Win32.Ngrbot 20160316
Arcabit Trojan.CryptoWall.3 20160316
Avast Win32:Dorder-T [Trj] 20160316
AVG Generic_r.HFK 20160315
Avira (no cloud) TR/Crypt.Xpack.445195 20160316
AVware Trojan.Win32.Generic!BT 20160316
Baidu-International Adware.Win32.iBryte.ENCT 20160316
BitDefender Gen:Heur.CryptoWall.3 20160316
ByteHero Trojan.Malware.Obscu.Gen.002 20160316
CAT-QuickHeal Worm.Dorkbot.WR4 20160316
Comodo UnclassifiedMalware 20160316
Cyren W32/Agent.XL.gen!Eldorado 20160316
DrWeb Trojan.Encoder.3801 20160316
Emsisoft Gen:Heur.CryptoWall.3 (B) 20160316
ESET-NOD32 a variant of Win32/Kryptik.ENCT 20160316
F-Prot W32/Agent.XL.gen!Eldorado 20160316
F-Secure Gen:Heur.CryptoWall.3 20160316
Fortinet W32/Kryptik.ENCT!tr 20160316
GData Gen:Heur.CryptoWall.3 20160316
Ikarus Trojan-Ransom.Cerber 20160316
Jiangmin TrojanRansom.TeslaCrypt.a 20160316
K7AntiVirus Trojan ( 004ddafb1 ) 20160316
K7GW Trojan ( 004ddafb1 ) 20160316
Kaspersky Trojan-Ransom.Win32.Bitman.iue 20160316
Malwarebytes Ransom.FileLocker 20160316
McAfee FakeAlert-FMN!8BD727ABC4C1 20160316
McAfee-GW-Edition FakeAlert-FMN!8BD727ABC4C1 20160316
Microsoft Worm:Win32/Dorkbot.I 20160316
eScan Gen:Heur.CryptoWall.3 20160316
NANO-Antivirus Trojan.Win32.Ngrbot.easqgm 20160316
Panda Trj/CI.A 20160315
Qihoo-360 Win32/Trojan.f4a 20160316
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160316
Sophos AV Troj/Wonton-VB 20160316
SUPERAntiSpyware Ransom.Filelocker/Variant 20160316
Symantec Trojan.Gen.2 20160316
Tencent Win32.Trojan.Inject.Auto 20160316
TrendMicro TROJ_FORUCON.BMC 20160316
TrendMicro-HouseCall Ransom_CRYPTESLA.SMM1 20160316
VIPRE Trojan.Win32.Generic!BT 20160316
Alibaba 20160316
Baidu 20160315
Bkav 20160315
ClamAV 20160311
CMC 20160316
nProtect 20160316
TheHacker 20160315
TotalDefense 20160316
VBA32 20160315
ViRobot 20160316
Zillya 20160316
Zoner 20160316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © AdTrustMedia 2012-2013. All rights reserved.

Product PrivDog Browser Extension
Original name trustedadssvc.exe
Internal name trustedadssvc.exe
File version 2.2.0.14
Description PrivDog Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-08 03:58:01
Entry Point 0x00003D3D
Number of sections 5
PE sections
PE imports
LookupPrivilegeValueA
RegQueryValueExW
RegDeleteKeyW
GetOpenFileNameA
SetBkColor
CreateFontIndirectA
RectVisible
GetStockObject
CreateRectRgn
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
FindClose
TlsGetValue
SetLastError
CopyFileA
ExitProcess
GetModuleFileNameA
LoadLibraryA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
GetExitCodeThread
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetCommMask
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
ReadProcessMemory
GetProcAddress
GetProcessHeap
FindFirstFileA
FindFirstFileW
EncodeSystemPointer
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
DecodeSystemPointer
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
FindWindowExA
SetWindowTextA
AppendMenuA
DispatchMessageA
ClientToScreen
CopyRect
GetMenuStringA
GetMenuState
MessageBoxA
CharToOemA
MapVirtualKeyW
GetWindowContextHelpId
DialogBoxParamA
GetDlgItemTextW
ModifyMenuA
InvertRect
SetScrollInfo
OpenClipboard
GetRunningObjectTable
CoGetMalloc
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.0.14

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
154624

EntryPoint
0x3d3d

OriginalFileName
trustedadssvc.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright AdTrustMedia 2012-2013. All rights reserved.

FileVersion
2.2.0.14

TimeStamp
2016:02:08 04:58:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
trustedadssvc.exe

ProductVersion
2.2.0.14

FileDescription
PrivDog Service

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AdTrustMedia

CodeSize
53248

ProductName
PrivDog Browser Extension

ProductVersionNumber
2.2.0.14

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8bd727abc4c1922118ce1122a741bd13
SHA1 c537adec148ff7492959589c67742491ff5d3b5b
SHA256 94c866975505d6489b5137b988e6bcbe41568dad3e669d6b979531ec3f3dc5b8
ssdeep
3072:gwJdqhMXVV5wfkPlAXpTikVdiPmsEyyslWq3Dktot8GEaJf+1z5TH0:Iib52VdiPmsEpslW8DkS6awjo

authentihash 4d7525e344dcd3e0bc008846b22f5c62ff4d559812c6984728dfb968e5fc0819
imphash 5ca62b2a243d75cbeeb7d02eb38212a2
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-15 11:51:36 UTC ( 3 years ago )
Last submission 2016-02-15 11:51:36 UTC ( 3 years ago )
File names trustedadssvc.exe
8bd727abc4c1922118ce1122a741bd13.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications