× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a58452bf968876212986e136c22737b0b38ab1ef2d28fad5e66ef4d78470b9d6
File name: Protection_ID.eXe
Detection ratio: 6 / 56
Analysis date: 2016-12-24 12:17:23 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9764 20161207
Sophos ML virus.win32.parite.b 20161216
Kaspersky not-a-virus:HEUR:WebToolbar.Win32.SoftonicDownloader.gen 20161224
Microsoft VirTool:Win32/Obfuscator.AX 20161224
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161224
SUPERAntiSpyware Trojan.Agent/Generic 20161223
Ad-Aware 20161224
AegisLab 20161224
AhnLab-V3 20161224
Alibaba 20161223
ALYac 20161224
Antiy-AVL 20161224
Arcabit 20161224
Avast 20161224
AVG 20161224
Avira (no cloud) 20161224
AVware 20161224
BitDefender 20161224
Bkav 20161224
CAT-QuickHeal 20161223
ClamAV 20161224
CMC 20161224
Comodo 20161224
CrowdStrike Falcon (ML) 20161024
Cyren 20161224
DrWeb 20161224
Emsisoft 20161224
ESET-NOD32 20161224
F-Prot 20161224
F-Secure 20161224
Fortinet 20161224
GData 20161224
Ikarus 20161224
Jiangmin 20161224
K7AntiVirus 20161224
K7GW 20161224
Kingsoft 20161224
Malwarebytes 20161224
McAfee 20161224
McAfee-GW-Edition 20161224
eScan 20161224
NANO-Antivirus 20161224
nProtect 20161224
Panda 20161224
Rising 20161224
Sophos AV 20161224
Symantec 20161224
Tencent 20161224
TheHacker 20161222
TrendMicro 20161224
TrendMicro-HouseCall 20161224
Trustlook 20161224
VBA32 20161223
VIPRE 20161224
ViRobot 20161224
WhiteArmor 20161221
Yandex 20161223
Zillya 20161223
Zoner 20161224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © [PiD Team] 2002-2017

Product PiD Team's Protection ID v0.6.8.5
Original name Protection_ID.eXe
Internal name [PiD Team] Protection ID v0.6.8.5
File version 0.6.8.5
Description PiD Team's Protection ID
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:59 PM 12/14/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-24 12:09:46
Entry Point 0x0000D578
Number of sections 10
PE sections
Overlays
MD5 2108126c6e190eb5a33092940d7d7973
File type data
Offset 1210880
Size 4504
Entropy 7.38
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AccessCheck
InitializeAcl
RegCreateKeyExA
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
RegFlushKey
RegOpenKeyA
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
ImpersonateSelf
RegEnumKeyExW
OpenThreadToken
GetUserNameA
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
RevertToSelf
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
ImageList_Create
Ord(17)
ImageList_GetIcon
ImageList_AddIcon
FindTextA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
CreatePen
TextOutA
CreateFontIndirectA
GetPixel
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
SetBkMode
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateDCA
MoveToEx
GetStockObject
GetPath
SelectClipRgn
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetFileTime
GetTempPathA
WideCharToMultiByte
LocalFree
WriteFile
GetCommandLineA
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
ExitProcess
FlushFileBuffers
RemoveDirectoryA
lstrcmpiW
GetPriorityClass
LoadLibraryExA
SetThreadPriority
MultiByteToWideChar
GetSystemPowerStatus
FlushInstructionCache
FindNextChangeNotification
SetFilePointer
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetPriorityClass
GlobalMemoryStatus
FindCloseChangeNotification
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
EnterCriticalSection
lstrcmpiA
SetEvent
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
ExitThread
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GlobalLock
GetTempFileNameW
FindFirstFileA
ResetEvent
GetComputerNameA
FindNextFileA
TerminateProcess
GetProcAddress
GetProcessAffinityMask
CreateFileW
CreateEventA
CreateFileA
LeaveCriticalSection
GetLastError
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetEnvironmentStringsA
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetModuleFileNameA
FindFirstChangeNotificationW
CreateProcessW
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
SetThreadAffinityMask
GetCurrentThread
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetVolumeInformationA
GetVersion
CreateProcessA
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
OpenEventA
VirtualAlloc
VariantClear
VariantInit
SHGetFileInfoA
SHAddToRecentDocs
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
RedrawWindow
CharLowerBuffA
DrawStateA
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
EndPaint
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
SendMessageW
SendMessageA
GetClientRect
SetMenuDefaultItem
EnumDisplaySettingsA
IsClipboardFormatAvailable
ClientToScreen
LoadImageA
GetMenuItemInfoA
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
ShowWindow
SetClassLongA
DrawFrameControl
SetDlgItemInt
EnableWindow
LockWindowUpdate
GetDlgItemTextA
IsWindowEnabled
CreatePopupMenu
SetClipboardData
EnableMenuItem
InvertRect
GetMenuItemCount
GetWindowLongA
SetTimer
FillRect
GetSysColorBrush
IsWindowUnicode
DestroyWindow
SetFocus
PostMessageA
BeginPaint
GetScrollPos
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
CheckDlgButton
SetWindowTextA
DrawFocusRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuStringA
IsDlgButtonChecked
GetDesktopWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
GetScrollRange
EndDialog
FindWindowA
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
AppendMenuA
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
FrameRect
DeleteMenu
InvalidateRect
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
PE exports
Number of PE resources by type
RT_ICON 146
RT_GROUP_ICON 140
RT_DIALOG 52
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 342
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
1518080

ImageVersion
0.0

ProductName
PiD Team's Protection ID v0.6.8.5

FileVersionNumber
0.6.8.5

UninitializedDataSize
10240

LanguageCode
English (U.S.)

FileFlagsMask
0x0001

CharacterSet
Windows, Latin1

LinkerVersion
14.1

FileTypeExtension
exe

OriginalFileName
Protection_ID.eXe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.6.8.5

TimeStamp
2016:12:24 13:09:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
[PiD Team] Protection ID v0.6.8.5

ProductVersion
0.6.8.5

FileDescription
PiD Team's Protection ID

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright [PiD Team] 2002-2017

MachineType
Intel 386 or later, and compatibles

CompanyName
[PiD Team] (CDKiller/TippeX)

CodeSize
467968

FileSubtype
0

ProductVersionNumber
0.6.8.5

EntryPoint
0xd578

ObjectFileType
Executable application

Build
0.6.8.5

File identification
MD5 9346e82f1fb2e70101f9cbb223ba495c
SHA1 06f27f3df13e2c0d0e8aeb033deed93573a345f1
SHA256 a58452bf968876212986e136c22737b0b38ab1ef2d28fad5e66ef4d78470b9d6
ssdeep
24576:LG0IqKEAKTKYaLzZyn840oDwTdtZcNSHqFP7+Sg6xJPUFubp2U0CAMX47f:HRvfTKYa/ZzZTdtZcNSKFT+T6fME0IAn

authentihash 26f8183bf3a3f32620ef6b1418e84a45a34bb7e411c116432f7f76d8aeb13f2f
imphash ed4b65132f44b56562f4a64fb52c3786
File size 1.2 MB ( 1215384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
peexe overlay via-tor

VirusTotal metadata
First submission 2016-12-24 12:17:23 UTC ( 11 months, 3 weeks ago )
Last submission 2017-12-14 12:59:43 UTC ( 2 days, 19 hours ago )
File names Protection_ID.eXe
Protection_ID.eXe
protection_id.exe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
[PiD Team] Protection ID v0.6.8.5
Protection_ID.dat
Protection_ID.eXe
Protection_ID.exe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID 0685.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
protection_id.exe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID.eXe
Protection_ID v6.8.5 (december 2016).eXe
1002-06f27f3df13e2c0d0e8aeb033deed93573a345f1
Protection_ID.eXe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1227.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
UDP communications