× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a1250f413a209c472af93c9c1cae17e201ce17cf2ef9889cd694bc42581dd1da
File name: file
Detection ratio: 33 / 42
Analysis date: 2012-08-22 10:57:23 UTC ( 5 years, 3 months ago )
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20120822
AntiVir TR/Malagent.A.3781 20120822
Avast Win32:Rootkit-gen [Rtk] 20120821
AVG Generic29.IXZ 20120822
BitDefender Trojan.Generic.KDV.689241 20120822
CAT-QuickHeal Trojan.Malagent 20120822
Comodo UnclassifiedMalware 20120822
DrWeb Trojan.PWS.Siggen.39199 20120822
Emsisoft Backdoor.Win32.Androm!IK 20120822
ESET-NOD32 a variant of Win32/Kryptik.AJKU 20120822
F-Secure Trojan.Generic.KDV.689241 20120822
Fortinet W32/Zbot.ADN!tr 20120822
GData Trojan.Generic.KDV.689241 20120822
Ikarus Backdoor.Win32.Androm 20120818
Jiangmin Trojan/Gimemo.duo 20120822
K7AntiVirus Trojan 20120821
Kaspersky Trojan-Ransom.Win32.Gimemo.alma 20120822
McAfee PWS-Zbot.gen.ajf 20120822
McAfee-GW-Edition PWS-Zbot.gen.ajf 20120822
Microsoft PWS:Win32/Fareit.gen!E 20120822
Norman W32/Troj_Generic.DGZUX 20120822
nProtect Trojan/W32.Agent.88576.QC 20120822
Panda Generic Malware 20120822
PCTools Trojan.Gen 20120822
Sophos AV Mal/Agent-AIS 20120822
Symantec Trojan.Gen.2 20120822
TheHacker Trojan/Gimemo.alma 20120820
TrendMicro TROJ_GEN.FCBEZHA 20120822
TrendMicro-HouseCall TROJ_GEN.FCBEZHA 20120822
VBA32 Hoax.Gimemo.alma 20120822
VIPRE Trojan.Win32.Generic!BT 20120822
ViRobot Trojan.Win32.A.Gimemo.88576.D 20120822
VirusBuster Trojan.Gimemo!pdgP/gWYD6s 20120821
Antiy-AVL 20120822
ByteHero 20120817
ClamAV 20120822
Commtouch 20120822
eSafe 20120821
F-Prot 20120821
Rising 20120822
SUPERAntiSpyware 20120822
TotalDefense 20120821
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) IOGEAR 2009

Publisher IOGEAR
Product Professionals 2008
Original name professionals2008.exe
Internal name Professionals 2008
File version 4.2.0
Description Professionals 2008
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-03 08:26:15
Entry Point 0x0000CCF0
Number of sections 4
PE sections
PE imports
IsValidSecurityDescriptor
CreatePolygonRgn
GetArcDirection
GetRgnBox
GetStockObject
GetRegionData
DeleteObject
SetFileAttributesA
HeapAlloc
DeleteCriticalSection
IsValidCodePage
HeapFree
LocalSize
LocalAlloc
InitializeCriticalSection
HeapCreate
LocalFree
FreeLibrary
HeapDestroy
GetTickCount
GetThreadLocale
SetEndOfFile
GetDateFormatA
LoadLibraryA
GetProcAddress
SetWindowTextA
GetScrollRange
RegisterClassExW
EnumWindows
GetScrollPos
GetPropA
OleSetAutoConvert
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.2.0.12816

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
60928

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright IOGEAR 2009

FileVersion
4.2.0

TimeStamp
2012:08:03 10:26:15+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Professionals 2008

ProductVersion
4.2.0

FileDescription
Professionals 2008

OSVersion
5.1

OriginalFilename
professionals2008.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IOGEAR

CodeSize
81920

ProductName
Professionals 2008

ProductVersionNumber
4.2.0.0

EntryPoint
0xccf0

ObjectFileType
Executable application

PCAP parents
File identification
MD5 cd0cc8ab2878b2d728297b4b604e5049
SHA1 2428dc3d0f28faeff640553fc37906f1c75f10c4
SHA256 a1250f413a209c472af93c9c1cae17e201ce17cf2ef9889cd694bc42581dd1da
ssdeep
1536:l+hOjT48abpQKvUMGmNtAiliJJHPnNv5KklIQZVyIlKg/8yc1LD5:68ypQkGmHplY5BrZUIlb89

File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-05 17:02:19 UTC ( 5 years, 3 months ago )
Last submission 2012-08-22 10:57:23 UTC ( 5 years, 3 months ago )
File names Professionals 2008
tl7tug.drv
A2rAAdw.cpl
professionals2008.exe
cd0cc8ab2878b2d728297b4b604e5049
file
mor.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications