× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a638261bb76a894d5a5fcfb96a71f0f94aac4d4db233697bb51552da5dd46755
File name: privazer_free.exe
Detection ratio: 0 / 42
Analysis date: 2012-08-06 20:14:34 UTC ( 5 years, 5 months ago )
Antivirus Result Update
AhnLab-V3 20120805
AntiVir 20120806
Antiy-AVL 20120804
Avast 20120806
AVG 20120806
BitDefender 20120806
ByteHero 20120723
CAT-QuickHeal 20120806
ClamAV 20120803
Commtouch 20120806
Comodo 20120806
DrWeb 20120806
Emsisoft 20120806
eSafe 20120805
ESET-NOD32 20120806
F-Prot 20120806
F-Secure 20120806
Fortinet 20120806
GData 20120806
Ikarus 20120806
Jiangmin 20120806
K7AntiVirus 20120803
Kaspersky 20120803
McAfee 20120806
McAfee-GW-Edition 20120806
Microsoft 20120806
Norman 20120805
nProtect 20120806
Panda 20120806
PCTools 20120806
Rising 20120806
Sophos AV 20120806
SUPERAntiSpyware 20120805
Symantec 20120803
TheHacker 20120805
TotalDefense 20120806
TrendMicro 20120806
TrendMicro-HouseCall 20120806
VBA32 20120803
VIPRE 20120806
ViRobot 20120806
VirusBuster 20120805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Goversoft LLC 2010

Publisher Goversoft LLC
File version 1.2.15.0
Description PrivaZer setup
Comments All rights reserved
Signing date 5:43 PM 8/4/2012
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x006073D0
Number of sections 3
PE sections
PE imports
LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
SHGetFolderPathA
ImageList_Add
GetOpenFileNameA
SaveDC
IsEqualGUID
VariantCopy
SHGetMalloc
VerQueryValueA
ExifTool file metadata
LegalTrademarks
PrivaZer

SubsystemVersion
4.0

Comments
All rights reserved

InitializedDataSize
20480

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.15.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PrivaZer setup

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Goversoft LLC 2010

FileVersion
1.2.15.0

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

UninitializedDataSize
2383872

OSVersion
4.0

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Goversoft LLC

CodeSize
3936256

ProductVersionNumber
1.2.15.0

EntryPoint
0x6073d0

ObjectFileType
Executable application

File identification
MD5 de3e9e5cd13ce4e2679eaf7aeccc0f09
SHA1 21cc121b4e8ecf0311fc737af754f72ad2bf6923
SHA256 a638261bb76a894d5a5fcfb96a71f0f94aac4d4db233697bb51552da5dd46755
ssdeep
98304:9KpoYhZIha516wM2x0NvZ1QgpQA/kPLD0nDRVaiOtZ8eYt8X7cJ16G6XNq:OJ16wQNQ4AD0n6iOt+eSmMb69

File size 3.8 MB ( 3959944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe upx signed

VirusTotal metadata
First submission 2012-08-05 03:42:54 UTC ( 5 years, 5 months ago )
Last submission 2012-08-06 20:14:34 UTC ( 5 years, 5 months ago )
File names 2002586
privazer_free.exe
output.2002586.txt
privazer_free.exe
file-4335029_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.