× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a54b9c27e477c4508ed0e0e7132ddea283d903a9c909a509d1ef7a3f08ccfd69
File name: 39bda3f8a42dae91670cdc1bd61ab8ef3a17e79d
Detection ratio: 32 / 56
Analysis date: 2016-11-17 13:45:17 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.106916 20161117
AhnLab-V3 Backdoor/Win32.Vawtrak.N2154950025 20161117
ALYac Gen:Variant.Razy.106916 20161117
Antiy-AVL Trojan[Backdoor]/Win32.Vawtrak 20161117
Arcabit Trojan.Razy.D1A1A4 20161117
Avast Win32:Trojan-gen 20161117
AVG PSW.Generic13.QWP 20161117
Avira (no cloud) TR/Crypt.Xpack.yeykv 20161117
AVware Trojan.Win32.Generic!BT 20161117
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161117
BitDefender Gen:Variant.Razy.106916 20161117
Bkav HW32.Packed.99FD 20161117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.JPOH-7306 20161117
Emsisoft Gen:Variant.Razy.106916 (B) 20161117
ESET-NOD32 Win32/PSW.Papras.EJ 20161117
F-Secure Gen:Variant.Razy.106916 20161117
GData Gen:Variant.Razy.106916 20161117
Ikarus Trojan.Win32.PSW 20161117
Sophos ML backdoor.win32.vawtrak.o 20161018
K7AntiVirus Password-Stealer ( 004cfc431 ) 20161117
K7GW Password-Stealer ( 004cfc431 ) 20161117
Kaspersky Backdoor.Win32.Vawtrak.fw 20161117
Microsoft Backdoor:Win32/Vawtrak.E 20161117
eScan Gen:Variant.Razy.106916 20161117
Panda Trj/GdSda.A 20161115
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161117
Sophos AV Mal/Generic-S 20161117
Symantec Heur.AdvML.B 20161117
TrendMicro TROJ_GEN.R0CCC0DKG16 20161117
TrendMicro-HouseCall TROJ_GEN.R0CCC0DKG16 20161117
VIPRE Trojan.Win32.Generic!BT 20161117
AegisLab 20161117
Alibaba 20161117
CAT-QuickHeal 20161117
ClamAV 20161117
CMC 20161117
Comodo 20161117
DrWeb 20161117
F-Prot 20161117
Fortinet 20161117
Jiangmin 20161117
Kingsoft 20161117
Malwarebytes 20161117
McAfee 20161117
McAfee-GW-Edition 20161116
NANO-Antivirus 20161117
nProtect 20161117
Rising 20161117
SUPERAntiSpyware 20161117
Tencent 20161117
TheHacker 20161115
TotalDefense 20161117
VBA32 20161117
ViRobot 20161117
Yandex 20161116
Zillya 20161117
Zoner 20161117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2015 Fortinet Inc. All rights reserved.

Product FortiClient Anti_virus Scanner
Original name av_task.exe
Internal name av_task
File version 5.4.0.0780
Description av_task
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-19 23:21:59
Entry Point 0x000044B2
Number of sections 7
PE sections
PE imports
CryptReleaseContext
CryptAcquireContextA
GetUserNameW
GetSidLengthRequired
CryptGenRandom
GetUserNameA
LsaNtStatusToWinError
DirectInputCreateA
GetStockObject
GetLastError
CopyFileW
CreateNamedPipeW
GlobalFree
GetEnvironmentStringsW
GetHandleInformation
VirtualProtect
GetVersionExA
IsDBCSLeadByte
LockFile
CreateNamedPipeA
RemoveDirectoryA
GetLocalTime
CreateRemoteThread
CreatePipe
GetCurrentProcess
GetDateFormatA
UnregisterWait
OpenProcess
CreateDirectoryA
DeleteFileA
GetDateFormatW
GetLogicalDrives
ReadProcessMemory
DeleteFileW
GetSystemPowerStatus
AddAtomW
_lclose
MoveFileExW
SetFilePointer
ReadFile
WriteFile
SetProcessWorkingSetSize
CloseHandle
SetThreadAffinityMask
EnumSystemLanguageGroupsW
UnlockFile
lstrcmpW
MoveFileA
TerminateProcess
GetProcessShutdownParameters
GetCurrencyFormatA
GetDefaultCommConfigW
CreateFileW
GetLongPathNameA
CloseConsoleHandle
CreateProcessInternalW
SetLastError
SetupInstallFileA
SetupQueueCopySectionA
SetupDiGetHwProfileFriendlyNameW
SetupQueueCopyIndirectA
SetupDiCancelDriverInfoSearch
SetupDiGetClassDescriptionA
SetupDiSetSelectedDriverA
SetupQuerySpaceRequiredOnDriveW
SetupQuerySpaceRequiredOnDriveA
SetupDiDestroyDeviceInfoList
SetupInitializeFileLogA
LoadMenuA
GetClipboardOwner
GetWindowModuleFileNameA
GetSystemMetrics
GetClipboardFormatNameA
GetKBCodePage
AdjustWindowRectEx
RegisterClassExA
CreatePopupMenu
GetMenu
GetClipboardViewer
GetMenuCheckMarkDimensions
MessageBoxW
GetMenuItemCount
LoadAcceleratorsA
GetSubMenu
CreateMenu
GetTopWindow
LoadCursorW
LoadIconW
FindWindowExW
GetWindowRgnBox
GetBestInterface
GetIpStatisticsEx
NTPTimeToNTFileTime
_amsg_exit
abort
exit
_access_s
Number of PE resources by type
RT_STRING 16
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_DIALOG 2
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 52
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
166912

ImageVersion
0.0

ProductName
FortiClient Anti_virus Scanner

FileVersionNumber
5.4.0.780

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
av_task

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
av_task.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.4.0.0780

TimeStamp
2014:08:20 00:21:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
av_task

ProductVersion
5.4.0.0780

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
2015 Fortinet Inc. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Fortinet Inc.

CodeSize
17920

FileSubtype
0

ProductVersionNumber
5.4.0.780

EntryPoint
0x44b2

ObjectFileType
Executable application

File identification
MD5 c292c7cfbf630de9885d205c47a7ccfd
SHA1 39bda3f8a42dae91670cdc1bd61ab8ef3a17e79d
SHA256 a54b9c27e477c4508ed0e0e7132ddea283d903a9c909a509d1ef7a3f08ccfd69
ssdeep
3072:l5RPDZXHexH5LggFyuiNaAaRu2cWgyQJCfZctzzqgK/0g9bai+4yzAY4yFM:l5fuxH5dcNa3RoWgNg2zqr/0CeOY

authentihash 0f9cf367a5a18173bfc2a3d56e313105b963f3c620677505297ffc7472a42887
imphash e8e390d4ef172c8152a8aea43948f291
File size 167.5 KB ( 171520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-17 13:45:17 UTC ( 2 years, 5 months ago )
Last submission 2016-11-17 13:45:17 UTC ( 2 years, 5 months ago )
File names av_task
a54b9c27e477c4508ed0e0e7132ddea283d903a9c909a509d1ef7a3f08ccfd69
av_task.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!