× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8dbccf07aee77f19fed98b671b0e57a7a711e427d4063e89c2d481184e50683
File name: Sysinternals Debug Output Viewer
Detection ratio: 4 / 67
Analysis date: 2018-06-16 17:03:10 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Bkav W32.eHeur.Malware14 20180616
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
SentinelOne (Static ML) static engine - malicious 20180225
Webroot W32.Sality.Gen 20180616
Ad-Aware 20180616
AegisLab 20180616
AhnLab-V3 20180616
Alibaba 20180615
ALYac 20180616
Antiy-AVL 20180616
Arcabit 20180616
Avast 20180616
Avast-Mobile 20180616
AVG 20180616
Avira (no cloud) 20180616
AVware 20180616
Babable 20180406
Baidu 20180615
BitDefender 20180616
CAT-QuickHeal 20180616
ClamAV 20180616
CMC 20180616
Comodo 20180616
Cybereason 20180225
Cylance 20180616
Cyren 20180616
DrWeb 20180616
eGambit 20180616
Emsisoft 20180616
Endgame 20180612
ESET-NOD32 20180616
F-Prot 20180616
F-Secure 20180616
Fortinet 20180616
GData 20180616
Sophos ML 20180601
Jiangmin 20180616
K7AntiVirus 20180616
K7GW 20180616
Kaspersky 20180616
Kingsoft 20180616
Malwarebytes 20180616
MAX 20180616
McAfee 20180616
McAfee-GW-Edition 20180616
Microsoft 20180616
eScan 20180616
NANO-Antivirus 20180616
Palo Alto Networks (Known Signatures) 20180616
Panda 20180616
Qihoo-360 20180616
Rising 20180616
Sophos AV 20180616
SUPERAntiSpyware 20180616
Symantec 20180615
Symantec Mobile Insight 20180614
TACHYON 20180616
Tencent 20180616
TheHacker 20180613
TotalDefense 20180616
TrendMicro 20180616
TrendMicro-HouseCall 20180616
Trustlook 20180616
VBA32 20180615
VIPRE 20180616
ViRobot 20180616
Yandex 20180615
Zillya 20180615
ZoneAlarm by Check Point 20180616
Zoner 20180615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2012 Mark Russinovich

Product Sysinternals Debugview
Original name Dbgview.exe
Internal name Sysinternals Debug Output Viewer
File version 4.81
Description DebugView
Signature verification The digital signature of the object did not verify.
Signing date 6:19 PM 6/16/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-10 23:52:57
Entry Point 0x00015757
Number of sections 4
PE sections
Overlays
MD5 5e4f0266a13a6fa88e87cc0cc5dea56b
File type data
Offset 461312
Size 6744
Entropy 7.45
PE imports
RegDeleteKeyA
CloseServiceHandle
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
OpenServiceA
RegSetValueExA
CreateServiceA
QueryServiceStatus
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
AdjustTokenPrivileges
ControlService
StartServiceA
RegDeleteValueA
DeleteService
RegOpenKeyExA
RegCreateKeyA
OpenSCManagerA
CreateToolbarEx
Ord(17)
PrintDlgA
FindTextA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
SetMapMode
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps
DeleteDC
SetBkMode
EndDoc
StartPage
SetTextColor
GetObjectA
SetAbortProc
CreateFontA
GetStockObject
ExtTextOutA
CreateCompatibleDC
StretchBlt
EndPage
SelectObject
GetTextExtentPoint32A
AbortDoc
CreateCompatibleBitmap
CreateSolidBrush
GetTextExtentPointA
SetBkColor
DeleteObject
StartDocA
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
CreateFileMappingA
GetOverlappedResult
WaitForSingleObject
HeapDestroy
IsValidLocale
QueueUserAPC
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
DeviceIoControl
GetEnvironmentVariableA
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
EnumSystemLocalesA
SetConsoleCtrlHandler
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
CreateMutexA
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SearchPathA
SetEndOfFile
GetVersion
InterlockedIncrement
SleepEx
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
GetDateFormatA
SystemTimeToFileTime
GetFileSize
DeleteFileA
SetEvent
WaitForMultipleObjects
GetProcessHeap
CompareStringW
GlobalReAlloc
FindFirstFileA
GetCurrentThreadId
lstrcpyA
GetTimeFormatA
GetComputerNameA
GlobalMemoryStatus
ExpandEnvironmentStringsA
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
UnmapViewOfFile
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
RaiseException
CompareStringA
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
WriteFileEx
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ResetEvent
WNetAddConnection2A
WNetCancelConnection2A
ShellExecuteExA
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetMalloc
CommandLineToArgvW
Shell_NotifyIconA
SetMenuItemBitmaps
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetDC
GetCursorPos
ReleaseDC
GetMenu
SendMessageA
GetClientRect
LoadAcceleratorsA
ClientToScreen
MsgWaitForMultipleObjects
GetWindowTextA
InvalidateRgn
DestroyWindow
GetMessageA
GetParent
UpdateWindow
IsDlgButtonChecked
CheckRadioButton
ShowWindow
EnableWindow
GetDlgItemTextA
PeekMessageA
ChildWindowFromPoint
TranslateMessage
InsertMenuItemA
LoadStringA
SetClipboardData
IsZoomed
IsIconic
RegisterClassA
GetSubMenu
CreateWindowExA
GetSysColorBrush
GetDialogBaseUnits
IsDialogMessageA
SetFocus
PostMessageA
BeginPaint
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
SetWindowLongA
CheckDlgButton
SetWindowTextA
CheckMenuItem
DrawFocusRect
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
CreateDialogParamA
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
AttachThreadInput
SetForegroundWindow
DialogBoxIndirectParamA
OpenClipboard
EmptyClipboard
DrawTextA
EndDialog
FindWindowA
GetWindowThreadProcessId
AppendMenuA
SetDlgItemTextA
MoveWindow
MessageBoxA
DialogBoxParamA
GetSysColor
RegisterClassExA
DeleteMenu
InvalidateRect
TranslateAcceleratorA
CallWindowProcA
GetFocus
CloseClipboard
SetCursor
htonl
socket
bind
inet_addr
accept
WSAStartup
gethostbyname
connect
getsockname
inet_ntoa
htons
closesocket
gethostbyaddr
WSAGetLastError
listen
Number of PE resources by type
RT_DIALOG 20
RT_BITMAP 6
BINRES 4
RT_STRING 4
RT_ICON 4
RT_GROUP_ICON 3
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 47
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.81.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
253440

EntryPoint
0x15757

OriginalFileName
Dbgview.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2012 Mark Russinovich

FileVersion
4.81

TimeStamp
2012:11:11 00:52:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sysinternals Debug Output Viewer

ProductVersion
4.81

FileDescription
DebugView

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals

CodeSize
206848

ProductName
Sysinternals Debugview

ProductVersionNumber
4.81.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 62999f624ca152b24c4a426884b7ddd7
SHA1 50dde90d88a8e2b500f93b64a35bd490d09ab3ff
SHA256 a8dbccf07aee77f19fed98b671b0e57a7a711e427d4063e89c2d481184e50683
ssdeep
6144:OX6HSq6r+g2edNFhWU6J2OcbguwuH6oGFfcWJltVSyOdMAsnKTVrt4:U+g2erWJhcsuwuaZEMTVSNGAsKTVrt4

authentihash b1f7ec9dca52b64b769f4d187324d9b68bfe4792a8d7ef65f4cbe4eb1b879fdb
imphash aa2d0e076b2d23e260f768512e06ebce
File size 457.1 KB ( 468056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-02-15 13:53:16 UTC ( 4 years, 7 months ago )
Last submission 2018-05-14 09:16:51 UTC ( 4 months, 2 weeks ago )
File names Sysinternals Debug Output Viewer
120131015025101862.exe
62999f624ca152b24c4a426884b7ddd7.exe
430.exe
output.112826854.txt
fc4b6998e9a97bfc788900080d917213ecde5348
120131015025101862.exe
120131015025101862 (1).exe
120131015025101862 (2).exe
VirusShare_62999f624ca152b24c4a426884b7ddd7
120131015025101862.exe
Dbgview.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs