× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96c9590538e380fa64826759c650753e81e81ed64ca304b6a55217eecaef8f97
File name: 22bd4d678ad6c56ac4373364435632a3
Detection ratio: 29 / 54
Analysis date: 2014-07-31 12:01:59 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1775437 20140731
Yandex TrojanSpy.Zbot!zu4B8KY0npk 20140730
AhnLab-V3 Trojan/Win32.Inject 20140731
AntiVir TR/Crypt.ZPACK.88505 20140731
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140731
Avast Win32:Malware-gen 20140731
AVG Crypt3.AGBR 20140731
Baidu-International Trojan.Win32.Kryptik.bCHIP 20140731
BitDefender Trojan.GenericKD.1775437 20140731
Comodo UnclassifiedMalware 20140731
Emsisoft Trojan.GenericKD.1775437 (B) 20140731
ESET-NOD32 a variant of Win32/Kryptik.CHIP 20140731
F-Secure Trojan.GenericKD.1775437 20140731
Fortinet W32/Zbot.CHIP!tr 20140731
GData Trojan.GenericKD.1775437 20140731
Ikarus Trojan.Win32.Kryptik 20140731
Kaspersky Trojan-Spy.Win32.Zbot.tpnz 20140731
Malwarebytes Trojan.Agent.ED 20140731
McAfee RDN/Generic PWS.y!b2m 20140731
McAfee-GW-Edition RDN/Generic PWS.y!b2m 20140731
Microsoft PWS:Win32/Zbot 20140731
eScan Trojan.GenericKD.1775437 20140731
Norman Suspicious_Gen4.GUVAB 20140731
nProtect Trojan.GenericKD.1775437 20140730
Panda Trj/CI.A 20140731
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140731
Sophos AV Mal/Generic-S 20140731
Tencent Win32.Trojan-spy.Zbot.Hqvt 20140731
TrendMicro-HouseCall Suspicious_GEN.F47V0724 20140731
AegisLab 20140731
AVware 20140731
Bkav 20140731
ByteHero 20140731
CAT-QuickHeal 20140731
ClamAV 20140731
CMC 20140731
Commtouch 20140731
DrWeb 20140731
F-Prot 20140731
Jiangmin 20140725
K7AntiVirus 20140730
K7GW 20140730
Kingsoft 20140731
NANO-Antivirus 20140731
Qihoo-360 20140731
SUPERAntiSpyware 20140731
Symantec 20140731
TheHacker 20140728
TotalDefense 20140731
TrendMicro 20140731
VBA32 20140731
VIPRE 20140731
ViRobot 20140731
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
D-Link Corp. All rights reserved.

Publisher D-Link Corp.
Product Stream Client Control Object
Original name CliCtrl
Internal name application/clictrl-plug-in
File version 1.0.1.17
Description Stream Client Control Object
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-05 17:10:39
Entry Point 0x00004344
Number of sections 4
PE sections
PE imports
ChooseColorW
CreatePatternBrush
GetObjectA
LineTo
ExtTextOutW
DeleteDC
CreateBitmap
BitBlt
GetStockObject
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GlobalFree
GetConsoleCP
GetModuleHandleW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
HeapCreate
SizeofResource
GetCurrentDirectoryW
GetConsoleMode
DecodePointer
LocalAlloc
LockResource
lstrlenW
WideCharToMultiByte
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
lstrcatW
EncodePointer
GetStartupInfoW
SetStdHandle
WriteFile
lstrcpyW
RaiseException
UnhandledExceptionFilter
GlobalReAlloc
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
GetEnvironmentVariableW
SetUnhandledExceptionFilter
lstrcpyA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
FreeResource
FreeLibrary
LocalFree
FindResourceA
TerminateProcess
LocalSize
IsValidCodePage
LoadResource
SetLastError
CreateFileW
GlobalAlloc
GlobalLock
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
WriteConsoleW
InterlockedIncrement
AlphaBlend
SysFreeString
OleLoadPicture
SysAllocString
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
Ord(680)
SHCreateDirectoryExW
StrChrW
StrCpyNW
SHCreateStreamOnFileW
GetMessageA
GetForegroundWindow
GetClassInfoExW
GetMenuInfo
RegisterWindowMessageW
EndDialog
BeginPaint
DefWindowProcW
DefWindowProcA
ShowWindow
SetMenuInfo
GetClipboardData
GetParent
EnumDisplayMonitors
MessageBoxW
GetMenu
DispatchMessageA
EndPaint
TranslateMessage
GetDlgItemTextW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
SendMessageW
SendDlgItemMessageA
SetClipboardData
SendDlgItemMessageW
SendMessageA
GetClientRect
GetDlgItem
SetScrollPos
RegisterClassA
IsClipboardFormatAvailable
LoadCursorA
LoadIconA
GetMenuItemCount
CheckDlgButton
EmptyClipboard
wsprintfW
CloseClipboard
CharNextW
OpenClipboard
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CreateBindCtx
CreateURLMoniker
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.1.17

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
31232

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
D-Link Corp. All rights reserved.

FileVersion
1.0.1.17

TimeStamp
2013:11:05 18:10:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
application/clictrl-plug-in

FileAccessDate
2014:07:31 13:49:01+01:00

ProductVersion
1.0.1.17

FileDescription
Stream Client Control Object

OSVersion
5.1

FileCreateDate
2014:07:31 13:49:01+01:00

OriginalFilename
CliCtrl

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
D-Link Corp.

CodeSize
164864

ProductName
Stream Client Control Object

ProductVersionNumber
1.0.1.17

EntryPoint
0x4344

ObjectFileType
Executable application

File identification
MD5 22bd4d678ad6c56ac4373364435632a3
SHA1 962e24cc413a52c3efa303c5e4762344aa10aa6e
SHA256 96c9590538e380fa64826759c650753e81e81ed64ca304b6a55217eecaef8f97
ssdeep
3072:LB7UkJAyC8P2aHuZBk9s3uPhxUX9PuyegLdYoKhBfpJvqZoURkTLzMI:SkJAd8uaHuws3uY1HdJc7yF+j

imphash 08cb2b81d454883669994e80673cdffa
File size 192.5 KB ( 197120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-24 12:00:29 UTC ( 4 years, 7 months ago )
Last submission 2014-07-24 12:00:29 UTC ( 4 years, 7 months ago )
File names CliCtrl
clictrl-plug-in
22bd4d678ad6c56ac4373364435632a3
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.