× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a82de7c17530e2f25fcf701f0c18a7d71c069215eff3eee31ae974a519601d42
File name: d8aff7e8dc8b6147771597ce4af952c7
Detection ratio: 33 / 55
Analysis date: 2016-01-27 16:58:46 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3009719 20160127
AegisLab Troj.W32.Gen 20160127
AhnLab-V3 Trojan/Win32.Teslacrypt 20160127
ALYac Trojan.GenericKD.3009719 20160127
Antiy-AVL Trojan/Win32.Inject 20160127
Arcabit Trojan.Generic.D2DECB7 20160127
Avast Win32:Malware-gen 20160127
AVG Generic_r.GZD 20160127
Avira (no cloud) TR/Crypt.Xpack.430118 20160127
BitDefender Trojan.GenericKD.3009719 20160127
Cyren W32/Agent.XL.gen!Eldorado 20160127
Emsisoft Trojan.GenericKD.3009719 (B) 20160127
ESET-NOD32 Win32/Spy.Zbot.ACB 20160127
F-Prot W32/Agent.XL.gen!Eldorado 20160127
F-Secure Trojan.GenericKD.3009719 20160127
Fortinet W32/Zbot.ACB!tr.spy 20160127
GData Trojan.GenericKD.3009719 20160127
Ikarus Trojan-Spy.Agent 20160127
K7AntiVirus Spyware ( 004a08e61 ) 20160127
K7GW Spyware ( 004a08e61 ) 20160127
Kaspersky Trojan.Win32.Inject.vtij 20160127
Malwarebytes Ransom.FileLocker 20160127
McAfee Artemis!D8AFF7E8DC8B 20160127
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ft 20160127
Microsoft PWS:Win32/Zbot!VM 20160127
eScan Trojan.GenericKD.3009719 20160127
nProtect Trojan.GenericKD.3009719 20160127
Panda Generic Suspicious 20160126
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160127
Sophos AV Mal/Generic-S 20160127
Tencent Win32.Trojan.Inject.Wtdv 20160127
VIPRE Trojan.Win32.Generic!BT 20160127
ViRobot Trojan.Win32.R.Agent.334848.B[h] 20160127
Yandex 20160126
Alibaba 20160127
Baidu-International 20160127
Bkav 20160127
ByteHero 20160127
CAT-QuickHeal 20160127
ClamAV 20160127
CMC 20160111
Comodo 20160127
DrWeb 20160127
Jiangmin 20160127
NANO-Antivirus 20160127
Rising 20160127
SUPERAntiSpyware 20160127
Symantec 20160126
TheHacker 20160124
TotalDefense 20160127
TrendMicro 20160127
TrendMicro-HouseCall 20160127
VBA32 20160127
Zillya 20160127
Zoner 20160127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2000 Gerald Combs <gerald@wireshark.org>, Gilbert Ramirez <gram@alumni.rice.edu> and others

Product Wireshark
Original name Wireshark.exe
Internal name Wireshark 1.10.6
File version 1.10.6
Description Wireshark
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-25 14:52:28
Entry Point 0x000064EC
Number of sections 2
PE sections
Overlays
MD5 14e9d1f6985eafdc51c6e0ec96730efb
File type data
Offset 334336
Size 512
Entropy 7.56
PE imports
GetTokenInformation
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExA
RegCloseKey
OpenProcessToken
GetUserNameW
FreeSid
RegSetValueExW
RegEnumKeyExW
AllocateAndInitializeSid
EqualSid
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetProcessHeap
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
IsProcessInJob
SetStdHandle
GetCPInfo
TlsFree
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
GetThreadSelectorEntry
TerminateProcess
LCMapStringA
IsValidCodePage
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
LocalAlloc
SetLastError
InterlockedIncrement
WNetGetConnectionW
WNetGetUserW
DragQueryFileW
SHAddToRecentDocs
SHBrowseForFolderW
DragAcceptFiles
SHFileOperationW
ExtractIconW
SHGetPathFromIDListW
ExtractIconExW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
DragFinish
SetFocus
RedrawWindow
CopyAcceleratorTableW
ChildWindowFromPointEx
OffsetRect
DefWindowProcW
GetCapture
KillTimer
MessageBeep
GetSystemMetrics
IsWindow
PeekMessageW
DestroyIcon
SetCapture
ReleaseCapture
EnumChildWindows
GetCursor
CharLowerW
DestroyCursor
IsWindowEnabled
DispatchMessageW
GetKeyState
GetCursorPos
SystemParametersInfoA
GetDlgCtrlID
GetMenu
GetTopWindow
RegisterClassW
DrawIconEx
GetWindowPlacement
DdeGetLastError
SetCaretPos
BringWindowToTop
EnableMenuItem
SetTimer
LoadImageW
GetClassNameW
GetMenuItemCount
CreateCaret
WaitForInputIdle
GetDesktopWindow
LockWindowUpdate
GetSystemMenu
GetMenuItemID
GetWindowLongW
GetUpdateRect
OpenClipboard
PtInRect
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
GERMAN 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.10.6.2253

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
333312

EntryPoint
0x64ec

OriginalFileName
Wireshark.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2000 Gerald Combs <gerald@wireshark.org>, Gilbert Ramirez <gram@alumni.rice.edu> and others

FileVersion
1.10.6

TimeStamp
2016:01:25 15:52:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wireshark 1.10.6

ProductVersion
1.10.6

FileDescription
Wireshark

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The Wireshark developer community, http://www.wireshark.org/

CodeSize
0

ProductName
Wireshark

ProductVersionNumber
1.10.6.2253

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d8aff7e8dc8b6147771597ce4af952c7
SHA1 d3e6bdefb712c3b0a4effff2bdf7ae888ffde6c0
SHA256 a82de7c17530e2f25fcf701f0c18a7d71c069215eff3eee31ae974a519601d42
ssdeep
3072:QKTEuaFc/9Fxl+UFil0gzFH7Haxq3HGvmKmLOMB7E6C3c9Lo8cPMSzJULj2:0FSAC8bHSTvmKmLnB74sAMC

authentihash 4c58bd123f6d7dc3007e65da78d0facb60768096032e89642595aa6bde088638
imphash 9453260a44edda24c690a6bc9592b53a
File size 327.0 KB ( 334848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (42.6%)
Win64 Executable (generic) (28.3%)
Windows screen saver (13.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-01-25 16:35:12 UTC ( 3 years, 1 month ago )
Last submission 2016-03-24 15:18:03 UTC ( 2 years, 12 months ago )
File names Wireshark.exe
d8aff7e8dc8b6147771597ce4af952c7
Wireshark 1.10.6
26835
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DAT16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications