× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a542d4032ee2711e5ee98831804ab68dd45cecef7cab45fe7681aac2bede3b82
File name: T4RwD56ccd0bb767c9.scr
Detection ratio: 3 / 55
Analysis date: 2016-02-24 15:10:01 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20160224
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.ch 20160224
Qihoo-360 HEUR/QVM41.1.Malware.Gen 20160224
Ad-Aware 20160224
AegisLab 20160224
Yandex 20160221
AhnLab-V3 20160224
Alibaba 20160224
ALYac 20160224
Antiy-AVL 20160224
Arcabit 20160224
Avast 20160224
AVG 20160224
Avira (no cloud) 20160224
AVware 20160224
Baidu-International 20160224
BitDefender 20160224
Bkav 20160224
ByteHero 20160224
CAT-QuickHeal 20160224
ClamAV 20160224
CMC 20160223
Comodo 20160224
Cyren 20160224
DrWeb 20160224
Emsisoft 20160224
ESET-NOD32 20160224
F-Prot 20160224
F-Secure 20160224
Fortinet 20160224
GData 20160224
Ikarus 20160224
Jiangmin 20160224
K7AntiVirus 20160224
K7GW 20160224
Malwarebytes 20160224
McAfee 20160224
Microsoft 20160224
eScan 20160224
NANO-Antivirus 20160224
nProtect 20160224
Panda 20160223
Rising 20160224
Sophos AV 20160224
SUPERAntiSpyware 20160224
Symantec 20160224
Tencent 20160224
TheHacker 20160222
TrendMicro 20160224
TrendMicro-HouseCall 20160224
VBA32 20160224
VIPRE 20160224
ViRobot 20160224
Zillya 20160223
Zoner 20160224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2007 Nero AG and its licensors

Product DTShellHlp
Original name © XTreme ©
Internal name DTShellHlp
File version 4.49.1.0356
Description DTShellHlp
Comments For additional details, visit PortableApps.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-24 12:36:45
Entry Point 0x0000827D
Number of sections 4
PE sections
PE imports
RegCreateKeyA
OpenProcessToken
GetOpenFileNameW
CryptHashToBeSigned
GetViewportOrgEx
EndDoc
GetGlyphIndicesA
CloseFigure
SetDIBitsToDevice
EnumObjects
GetWinMetaFileBits
SaveDC
PlayEnhMetaFile
ScaleWindowExtEx
SetTextJustification
GetTextMetricsA
GetKerningPairsA
EnumICMProfilesW
GetStockObject
GetFontData
SelectClipRgn
CreateCompatibleBitmap
SetBoundsRect
GetTextCharacterExtra
SetMapperFlags
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
SignalObjectAndWait
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
QueryMemoryResourceNotification
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
FormatMessageW
TransmitCommChar
GetTimeZoneInformation
LoadResource
GlobalCompact
FindClose
TlsGetValue
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
InterlockedDecrement
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
GlobalUnfix
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetVersion
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
RemoveDirectoryW
ResetEvent
FindFirstFileW
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
VirtualFree
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
GetProcessVersion
VirtualAlloc
NetServerTransportDel
MapWindowPoints
SetFocus
GetMessagePos
CharUpperBuffW
GetWindowContextHelpId
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
SetScrollRange
PeekMessageW
GetKBCodePage
SetDlgItemTextA
MessageBoxA
CharLowerW
TranslateMessage
GetClassWord
GetWindow
SetDlgItemTextW
DispatchMessageW
GetWindowRgn
LoadStringW
MessageBoxW
IsCharLowerW
TrackPopupMenuEx
wsprintfA
IsClipboardFormatAvailable
CharNextW
CallWindowProcW
CreateWindowExW
MsgWaitForMultipleObjects
SetForegroundWindow
ModifyMenuA
GetKeyboardType
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_DIALOG 7
RT_CURSOR 5
RT_GROUP_CURSOR 4
RT_ICON 3
RT_BITMAP 3
RT_STRING 1
RT_ANICURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 5
RHAETO ROMANCE DEFAULT 1
SERBIAN ARABIC ALGERIA 1
NEUTRAL DEFAULT 1
PE resources
ExifTool file metadata
LegalTrademarks
Copyright 2007 Nero AG and its licensors

SubsystemVersion
5.0

Comments
For additional details, visit PortableApps.com

LinkerVersion
7.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.10.2.0

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
DTShellHlp

CharacterSet
Unicode

InitializedDataSize
108032

PortableAppscomFormatVersion
2.0

EntryPoint
0x827d

OriginalFileName
XTreme

MIMEType
application/octet-stream

LegalCopyright
Copyright 2007 Nero AG and its licensors

PEType
PE32

FileVersion
4.49.1.0356

TimeStamp
2016:02:24 13:36:45+01:00

FileType
Win32 EXE

PortableAppscomInstallerVersion
4.49.1.0356

InternalName
DTShellHlp

ProductVersion
4.49.1.0356

PortableAppscomAppID
DTShellHlp

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PortableApps.com

CodeSize
90112

ProductName
DTShellHlp

ProductVersionNumber
2.10.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 3c8b018c238af045f70b38fc27d0d640
SHA1 6f36f26cb0b1eb505d279a2b24b08b10aef27e98
SHA256 a542d4032ee2711e5ee98831804ab68dd45cecef7cab45fe7681aac2bede3b82
ssdeep
3072:LWgKWSHVdTU7ctvY+GOtAg0FufkN+ZTU11wewxws75jlNmK:aM2dIcRGOtAOTUoxwU5eK

authentihash 29bf6774c61f41086bbaed80712f1aad362507bb889ad0bc8d4887d745937546
imphash a2113aa210771b94d4f8ab38b9b6ad51
File size 194.5 KB ( 199168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-24 13:24:54 UTC ( 2 years, 9 months ago )
Last submission 2017-10-21 05:35:32 UTC ( 1 year, 1 month ago )
File names KB735444is
KB873704is
DTShellHlp
KB148885is
T4RwD56ccd0bb767c9.scr
KB140897is
KB375427is
KB613326is
KB960407is
KB424885is
KB653137is
KB776737is
KB772419is
3c8b018c238af045f70b38fc27d0d640.virobj
KB575682is
KB800725is
KB940707is
T4RwD56ccd0bb767c9.sc
KB866173is
KB686507is
KB532464is
KB414937is
T4RwD56ccd0bb767c9.scr
KB671691is
91293fb3b82656b72732b479b2d74bc8caccb2bd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications