× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f77841cf9f6260f746ecb844dface1cf7216adafa2a4316dd5e48af4ee35d0d
File name: ca3ca965da5f10c75a04803dc6abe54c
Detection ratio: 34 / 57
Analysis date: 2016-09-28 14:12:16 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3557849 20160928
AhnLab-V3 Backdoor/Win32.Vawtrak.N2116207632 20160928
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160928
Arcabit Trojan.Generic.D3649D9 20160928
Avast Win32:Trojan-gen 20160928
AVG Generic_s.KCG 20160928
Avira (no cloud) TR/Agent.Y.53467 20160928
AVware Trojan.Win32.Generic!BT 20160928
Baidu Win32.Trojan.WisdomEyes.151026.9950.9997 20160928
BitDefender Trojan.GenericKD.3557849 20160928
Bkav HW32.Packed.9C66 20160928
ClamAV Win.Trojan.Agent-1714414 20160928
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Papras.HODI-1164 20160928
DrWeb Trojan.PWS.Papras.2166 20160928
Emsisoft Trojan.GenericKD.3557849 (B) 20160928
ESET-NOD32 Win32/PSW.Papras.EJ 20160928
F-Secure Trojan.GenericKD.3557849 20160928
GData Trojan.GenericKD.3557849 20160928
Ikarus Trojan.Win32.PSW 20160928
Sophos ML virus.win32.sality.at 20160917
Kaspersky Backdoor.Win32.Androm.kvrg 20160928
Malwarebytes Backdoor.VawTrak 20160928
McAfee Artemis!CA3CA965DA5F 20160928
McAfee-GW-Edition BehavesLike.Win32.Flyagent.ch 20160927
eScan Trojan.GenericKD.3557849 20160928
Panda Trj/GdSda.A 20160928
Rising Malware.Generic!9ChBRStwNpK@2 (thunder) 20160928
Sophos AV Troj/Agent-ATXL 20160928
Symantec Trojan.Snifula.F 20160928
Tencent Win32.Backdoor.Androm.Syhw 20160928
TrendMicro TSPY_FAREIT.YYSZQ 20160928
TrendMicro-HouseCall TSPY_FAREIT.YYSZQ 20160928
VIPRE Trojan.Win32.Generic!BT 20160928
AegisLab 20160928
Alibaba 20160928
ALYac 20160928
CAT-QuickHeal 20160928
CMC 20160928
Comodo 20160928
F-Prot 20160926
Fortinet 20160928
Jiangmin 20160928
K7AntiVirus 20160928
K7GW 20160928
Kingsoft 20160928
Microsoft 20160928
NANO-Antivirus 20160927
nProtect 20160928
Qihoo-360 20160928
SUPERAntiSpyware 20160928
TheHacker 20160927
VBA32 20160928
ViRobot 20160928
Yandex 20160927
Zillya 20160928
Zoner 20160928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
ArcSoft Copyright (C) 2004

Product ArcSoft MagCore
Original name MagCore.dll
Internal name MagCore
File version 1.0.0.131
Description MagCore
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-15 19:27:59
Entry Point 0x00001AA7
Number of sections 5
PE sections
PE imports
CryptGetObjectUrl
CryptRetrieveObjectByUrlA
CryptRetrieveObjectByUrlW
GetStockObject
GetLastError
GetDriveTypeW
GetNamedPipeInfo
ReadFile
GetSystemInfo
LoadLibraryW
FreeLibrary
GlobalFindAtomA
ExitProcess
VirtualProtect
GetFileAttributesW
LoadLibraryA
GetLocalTime
GetVolumePathNamesForVolumeNameW
GetCurrentProcess
GetDateFormatA
CompareFileTime
LocalAlloc
LCMapStringW
ContinueDebugEvent
GetShortPathNameA
BackupWrite
CopyFileExW
AddAtomW
GetLocaleInfoW
GetTimeFormatW
RaiseException
MoveFileExW
GetExitCodeThread
InterlockedExchange
lstrcpyA
SetProcessWorkingSetSize
CloseHandle
GetTimeFormatA
GetProcAddress
CloseConsoleHandle
CreateProcessA
ConvertThreadToFiber
GetProcessShutdownParameters
IsValidCodePage
CreateFileW
GetDiskFreeSpaceExW
DebugBreak
FindResourceA
SleepEx
ReadConsoleOutputA
GetForegroundWindow
IntersectRect
GetInputState
GetCapture
GetKeyboardLayoutNameW
GetClipboardOwner
GetClipboardViewer
GetWindowRect
InflateRect
IsRectEmpty
GetWindow
RegisterClassW
IsZoomed
GetWindowPlacement
GetWindowModuleFileNameW
GetWindowTextLengthA
LoadIconA
GetDesktopWindow
LoadCursorW
GetCursor
LoadAcceleratorsW
CharNextW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.131

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
MagCore

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
114688

EntryPoint
0x1aa7

OriginalFileName
MagCore.dll

MIMEType
application/octet-stream

LegalCopyright
ArcSoft Copyright (C) 2004

FileVersion
1.0.0.131

TimeStamp
2015:09:15 20:27:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MagCore

ProductVersion
1.0.0.131

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ArcSoft Inc.

CodeSize
90112

ProductName
ArcSoft MagCore

ProductVersionNumber
1.0.0.131

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ca3ca965da5f10c75a04803dc6abe54c
SHA1 775a9faaf017cfdd03292e9cc26fdfc36c120f23
SHA256 9f77841cf9f6260f746ecb844dface1cf7216adafa2a4316dd5e48af4ee35d0d
ssdeep
3072:JRs0gLgfbCHWpQB2C+CgVYv6mYgjKIiYCki78YpTC:Ls0gLgOHTB21VuxVykiVpT

authentihash 9c3f189faf01358425935216500c341e1bc2a90ee6ec278d93dbe75676cd4929
imphash f69f095d774046d607827bc85352e3be
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-27 15:45:41 UTC ( 2 years, 5 months ago )
Last submission 2018-12-19 15:13:23 UTC ( 3 months ago )
File names jareivzko.exe
MagCore.dll
inst.exe
RIZQPYX.EXE
MagCore
output.100542048.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!