× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ae55348ccfaa2dd8a15acb6db87416f24fef0ace3e5eec9cbedf75620e42bab7
File name: 671215ee4e00a8d71ffbfb97c8a50309
Detection ratio: 42 / 68
Analysis date: 2018-10-29 02:02:27 UTC ( 4 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2172592 20181028
ALYac Trojan.GenericKD.2172592 20181029
Arcabit Trojan.Generic.D2126B0 20181029
Avast Win32:VBCrypt-DCC [Trj] 20181029
AVG Win32:VBCrypt-DCC [Trj] 20181029
Avira (no cloud) HEUR/AGEN.1009057 20181028
BitDefender Trojan.GenericKD.2172592 20181029
CMC Virus.Win32.OtwycalP.1!O 20181028
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.e4e00a 20180225
Cylance Unsafe 20181029
DrWeb Win32.HLLW.SpyNet 20181029
Emsisoft Trojan.GenericKD.2172592 (B) 20181029
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.BZJM 20181028
F-Secure Trojan.GenericKD.2172592 20181028
GData Trojan.GenericKD.2172592 20181028
Ikarus Trojan-Ransom.CTBLocker 20181028
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181028
K7GW Riskware ( 0040eff71 ) 20181025
Kaspersky Worm.Win32.WBNA.roc 20181029
MAX malware (ai score=99) 20181029
McAfee Artemis!671215EE4E00 20181028
McAfee-GW-Edition Artemis!Trojan 20181028
Microsoft Backdoor:Win32/Xtrat.A 20181029
eScan Trojan.GenericKD.2172592 20181028
NANO-Antivirus Trojan.Win32.Reconyc.dlbixl 20181028
Palo Alto Networks (Known Signatures) generic.ml 20181029
Panda Trj/Genetic.gen 20181028
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20181029
Rising Backdoor.Xtrat!8.B25 (TFE:5:M8DqSVdTZmF) 20181028
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181029
Symantec ML.Attribute.HighConfidence 20181028
Tencent Win32.Worm.Wbna.Wmso 20181029
TheHacker Trojan/Injector.bzjm 20181025
TrendMicro-HouseCall TROJ_GEN.R002H0CJS18 20181029
VBA32 TScope.Trojan.VB 20181026
Yandex Trojan.Agent!ouk/6Fo4CBs 20181026
Zillya Worm.WBNA.Win32.421739 20181028
ZoneAlarm by Check Point Worm.Win32.WBNA.roc 20181029
AegisLab 20181029
AhnLab-V3 20181029
Alibaba 20180921
Antiy-AVL 20181028
Avast-Mobile 20181028
Babable 20180918
Baidu 20181026
Bkav 20181025
CAT-QuickHeal 20181028
ClamAV 20181028
Cyren 20181029
eGambit 20181029
F-Prot 20181028
Fortinet 20181028
Jiangmin 20181028
Kingsoft 20181029
Malwarebytes 20181029
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181029
TotalDefense 20181028
TrendMicro 20181028
Trustlook 20181029
VIPRE 20181028
ViRobot 20181028
Webroot 20181029
Zoner 20181029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2002 RenderSoft Software and Web Publishing, Copyright © 2008 CamStudio Group & Contributors

Product CamStudio PlayerPlus
File version 1.0.0.0
Description CamStudio PlayerPlus
Comments CamStudio PlayerPlus
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-07 12:07:53
Entry Point 0x000010E0
Number of sections 3
PE sections
Overlays
MD5 242912d5d63808638b5772b7ff90962d
File type data
Offset 28672
Size 34153
Entropy 7.97
PE imports
EVENT_SINK_QueryInterface
Ord(717)
__vbaExceptHandler
Ord(535)
Ord(608)
MethCallEngine
DllFunctionCall
Ord(644)
Ord(685)
ProcCallEngine
Ord(711)
Ord(537)
Ord(100)
Ord(556)
EVENT_SINK_Release
Ord(595)
EVENT_SINK_AddRef
Ord(570)
Ord(598)
Ord(516)
Ord(592)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
CamStudio PlayerPlus

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
CamStudio PlayerPlus

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x10e0

MIMEType
application/octet-stream

LegalCopyright
Copyright 2002 RenderSoft Software and Web Publishing, Copyright 2008 CamStudio Group & Contributors

FileVersion
1.0.0.0

TimeStamp
2014:12:07 13:07:53+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CamStudio Group

CodeSize
20480

ProductName
CamStudio PlayerPlus

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 671215ee4e00a8d71ffbfb97c8a50309
SHA1 9924a2120d12752655fd64ac85db6e0d27cb6907
SHA256 ae55348ccfaa2dd8a15acb6db87416f24fef0ace3e5eec9cbedf75620e42bab7
ssdeep
768:FTW6T2H6IHWY+xeWebyX3n/urlwh90ff4St09FVkt7b8CpmPC1KE6jyjC:FTWH2fHn/urls9Afd09Tk5bx8XxjUC

authentihash 5be84bba1517c2e757eb251d0ebe4c4afe9f69f4ae5032ebde9b89edac86c581
imphash 676393961c012836348fdcc90879a0fe
File size 61.4 KB ( 62825 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-02-19 03:14:47 UTC ( 4 years, 1 month ago )
Last submission 2015-02-19 05:27:33 UTC ( 4 years, 1 month ago )
File names serverxc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.