× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a6d50dcd076ea1e545cfd2c56a3ba3f54262df79aa7faa37c689d6384d39c283
File name: 7f3e3ba1625cc27d12dcb2fc7e3f3f26.virus
Detection ratio: 27 / 50
Analysis date: 2016-06-30 17:50:39 UTC ( 2 years, 8 months ago )
Antivirus Result Update
AhnLab-V3 Malware/Win32.Generic.C1489405 20160630
Antiy-AVL Trojan/Win32.Yakes 20160630
Arcabit Trojan.Ransom.Cerber.1 20160630
Avast Win32:Trojan-gen 20160630
AVG Generic_r.KHT 20160630
Avira (no cloud) TR/AD.GootkitDropper.Y.lyit 20160630
AVware Trojan.Win32.Reveton.a (v) 20160630
Baidu Win32.Trojan.WisdomEyes.151026.9950.9990 20160630
BitDefender Trojan.Ransom.Cerber.1 20160630
Cyren W32/Trojan.RSIS-1635 20160630
DrWeb Trojan.Siggen6.58358 20160630
Emsisoft Trojan.Ransom.Cerber.1 (B) 20160630
ESET-NOD32 a variant of Win32/Kryptik.FATA 20160630
F-Secure Trojan.Ransom.Cerber.1 20160630
GData Trojan.Ransom.Cerber.1 20160630
K7AntiVirus Trojan ( 004f2a8f1 ) 20160630
K7GW Trojan ( 004f2a8f1 ) 20160630
Kaspersky Trojan.Win32.Yakes.pwwe 20160630
McAfee GenericR-HZE!7F3E3BA1625C 20160630
McAfee-GW-Edition BehavesLike.Win32.PackedAP.dm 20160630
Microsoft Trojan:Win32/Dorv.D!rfn 20160630
Panda Trj/GdSda.A 20160630
Qihoo-360 QVM20.1.Malware.Gen 20160630
Sophos AV Mal/Generic-S 20160630
Symantec Packed.Generic.459 20160630
TrendMicro TROJ_GEN.R00JC0DFQ16 20160630
VIPRE Trojan.Win32.Reveton.a (v) 20160630
AegisLab 20160630
Alibaba 20160630
Bkav 20160630
CAT-QuickHeal 20160630
ClamAV 20160630
CMC 20160630
Comodo 20160630
F-Prot 20160630
Fortinet 20160630
Ikarus 20160630
Jiangmin 20160630
Kingsoft 20160630
Malwarebytes 20160630
NANO-Antivirus 20160630
SUPERAntiSpyware 20160630
Tencent 20160630
TheHacker 20160630
TotalDefense 20160630
TrendMicro-HouseCall 20160630
VBA32 20160630
ViRobot 20160630
Zillya 20160630
Zoner 20160630
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2000-2012 Cortado AG

Product ThinPrint Virtual Channel Gateway
Original name TPVCGateway.exe
Internal name TPVCGateway
File version 8,6,239,2
Description ThinPrint Virtual Channel Gateway Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-23 21:21:12
Entry Point 0x00002610
Number of sections 4
PE sections
PE imports
RegQueryValueExW
RegOpenKeyW
ImageList_GetImageCount
ImageList_BeginDrag
ImageList_Destroy
_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
ImageList_SetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
StartDocW
AddFontResourceA
GetTextMetricsW
CreateFontIndirectW
CreateHalftonePalette
CreatePen
SetMetaRgn
SaveDC
SetTextAlign
OffsetWindowOrgEx
GetTextCharset
GetROP2
DeleteEnhMetaFile
GetPixel
Rectangle
GetDeviceCaps
LineTo
SetTextColor
DeleteDC
GdiGetBatchLimit
RestoreDC
SetBkMode
StretchBlt
EndDoc
SetWindowOrgEx
StartPage
DeleteObject
GetObjectW
BitBlt
CreateHatchBrush
GetTextExtentPointW
CreatePatternBrush
ExtTextOutW
FillPath
CreateBitmap
MoveToEx
DeleteColorSpace
GetStockObject
EnumFontFamiliesExW
AbortPath
UnrealizeObject
GdiFlush
SetROP2
CreateCompatibleDC
CreateFontW
CloseEnhMetaFile
SetBrushOrgEx
EndPage
CloseFigure
AbortDoc
PatBlt
CloseMetaFile
CancelDC
CreateSolidBrush
DPtoLP
SelectObject
SetBkColor
BeginPath
GetTextExtentPoint32W
CreateCompatibleBitmap
DeleteMetaFile
EndPath
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
CreateEventW
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
SetLastError
PeekNamedPipe
TlsGetValue
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
GetModuleHandleA
SetFileAttributesW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
FreeEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GetProcAddress
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
VirtualAllocEx
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
ExpandEnvironmentStringsW
RaiseException
TlsFree
FindResourceW
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
GetTempPathW
Sleep
GetClipboardViewer
CreateMenu
GetForegroundWindow
LoadIconA
CountClipboardFormats
GetActiveWindow
GetInputState
AnyPopup
GetCapture
GetDialogBaseUnits
LoadIconW
GetFocus
GetClipboardOwner
EndMenu
GetDoubleClickTime
GetClipboardSequenceNumber
GetCursor
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 12
RT_DIALOG 4
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 51
NEUTRAL 14
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.6.239.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
151552

EntryPoint
0x2610

OriginalFileName
TPVCGateway.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2000-2012 Cortado AG

FileVersion
8,6,239,2

TimeStamp
2016:06:23 22:21:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TPVCGateway

ProductVersion
8,6,239,2

FileDescription
ThinPrint Virtual Channel Gateway Service

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Cortado AG

CodeSize
109568

ProductName
ThinPrint Virtual Channel Gateway

ProductVersionNumber
8.6.239.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7f3e3ba1625cc27d12dcb2fc7e3f3f26
SHA1 7cd452f2d11d9d74e3a8236e2556af70b78b730b
SHA256 a6d50dcd076ea1e545cfd2c56a3ba3f54262df79aa7faa37c689d6384d39c283
ssdeep
3072:ppE44247itsTRPzJQI7v43gF0kJkgmAMbAtsrLnVEFBwDbZT/Zt0UW0bfOFMbJJ:jplZUOfwJktAM8sVEFyR/

authentihash ada27128a5674e9e23b52d3c53f53a422964b725c86eef49fbe7de065be129d1
imphash a33fcef6e6b374c4198218b9dc6fa260
File size 255.5 KB ( 261632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-30 15:51:37 UTC ( 2 years, 8 months ago )
Last submission 2016-06-30 17:50:39 UTC ( 2 years, 8 months ago )
File names 7f3e3ba1625cc27d12dcb2fc7e3f3f26.virus
TPVCGateway.exe
TPVCGateway
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications