× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b0b6ea5deece6897e9f798688675b561bb7cbcec8891730616ce7604c1251971
File name: 00923a94d9648785651799c745ff556c
Detection ratio: 21 / 55
Analysis date: 2014-09-02 15:56:32 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.443401 20140902
Yandex TrojanSpy.Zbot!HEUIWf9GqEo 20140902
AhnLab-V3 Spyware/Win32.Zbot 20140902
AntiVir TR/Crypt.ZPACK.95186 20140902
Avast Win32:Zbot-ULR [Trj] 20140902
AVG Zbot.NII 20140902
AVware Trojan.Win32.Generic!BT 20140902
BitDefender Gen:Variant.Kazy.443401 20140902
Emsisoft Gen:Variant.Kazy.443401 (B) 20140902
ESET-NOD32 Win32/Spy.Zbot.ACB 20140902
F-Secure Gen:Variant.Kazy.443401 20140902
GData Gen:Variant.Kazy.443401 20140902
Kaspersky Trojan-Spy.Win32.Zbot.tytg 20140902
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140902
Malwarebytes Spyware.Zbot.FWED 20140902
McAfee Artemis!00923A94D964 20140902
McAfee-GW-Edition BehavesLike.Win32.BadFile.dh 20140901
Microsoft PWS:Win32/Zbot 20140902
eScan Gen:Variant.Kazy.443401 20140902
Panda Trj/Chgt.E 20140902
VIPRE Trojan.Win32.Generic!BT 20140902
AegisLab 20140902
Antiy-AVL 20140902
Baidu-International 20140902
Bkav 20140829
ByteHero 20140902
CAT-QuickHeal 20140902
ClamAV 20140902
CMC 20140901
Comodo 20140902
Cyren 20140902
DrWeb 20140902
F-Prot 20140902
Fortinet 20140902
Ikarus 20140902
Jiangmin 20140901
K7AntiVirus 20140902
K7GW 20140902
NANO-Antivirus 20140902
Norman 20140902
nProtect 20140902
Qihoo-360 20140902
Rising 20140902
Sophos AV 20140902
SUPERAntiSpyware 20140901
Symantec 20140902
Tencent 20140902
TheHacker 20140902
TotalDefense 20140901
TrendMicro 20140902
TrendMicro-HouseCall 20140902
VBA32 20140902
ViRobot 20140902
Zillya 20140901
Zoner 20140901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright (c) 2000-2012 Cortado AG

Publisher Cortado AG
Product ThinPrint Virtual Channel Gateway
Original name TPVCGateway.exe
Internal name TPVCGateway
File version 8,6,239,1
Description ThinPrint Virtual Channel Gateway Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-29 15:36:29
Entry Point 0x000011C0
Number of sections 3
PE sections
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 12
RT_DIALOG 4
RT_BITMAP 2
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
MOF 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 53
NEUTRAL 15
PE resources
File identification
MD5 00923a94d9648785651799c745ff556c
SHA1 7177cca8ee6d83497e21b7b4071bec6c744f1c86
SHA256 b0b6ea5deece6897e9f798688675b561bb7cbcec8891730616ce7604c1251971
ssdeep
6144:RIkeQJKI6R69YUHcmn8VA+tqJo70JzW8unZN/IK:0QJKB6mU8Z26oVWj

imphash e459efa13eebd1d61419f97cab3582bc
File size 260.5 KB ( 266752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-02 15:56:32 UTC ( 4 years, 6 months ago )
Last submission 2014-09-02 15:56:32 UTC ( 4 years, 6 months ago )
File names 00923a94d9648785651799c745ff556c
TPVCGateway.exe
TPVCGateway
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.