× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2360b54f64afc2fb5daafe1e0cc328cc61a576e56984afe8406174482aa6c20
File name: res.exe
Detection ratio: 9 / 51
Analysis date: 2014-04-27 09:47:56 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan/Win32.SGeneric 20140427
AVG Zbot.HRF 20140427
Baidu-International Trojan.Win32.Zbot.YW 20140427
DrWeb Trojan.PWS.Panda.6267 20140427
ESET-NOD32 Win32/Spy.Zbot.YW 20140426
Malwarebytes Spyware.Zbot.VXGen 20140427
Qihoo-360 Malware.QVM10.Gen 20140427
Sophos Mal/Generic-S 20140427
Symantec WS.Reputation.1 20140427
Ad-Aware 20140427
AegisLab 20140427
Yandex 20140427
AhnLab-V3 20140426
AntiVir 20140426
Avast 20140427
BitDefender 20140427
Bkav 20140426
ByteHero 20140427
CAT-QuickHeal 20140426
ClamAV 20140427
CMC 20140424
Commtouch 20140427
Comodo 20140427
Emsisoft 20140427
F-Prot 20140427
F-Secure 20140427
Fortinet 20140426
GData 20140427
Ikarus 20140427
Jiangmin 20140427
K7AntiVirus 20140426
K7GW 20140426
Kaspersky 20140427
Kingsoft 20140427
McAfee 20140427
McAfee-GW-Edition 20140427
Microsoft 20140427
eScan 20140427
NANO-Antivirus 20140427
Norman 20140427
nProtect 20140427
Panda 20140426
Rising 20140426
SUPERAntiSpyware 20140427
TheHacker 20140426
TotalDefense 20140427
TrendMicro 20140427
TrendMicro-HouseCall 20140427
VBA32 20140425
VIPRE 20140427
ViRobot 20140427
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 SlavaComp Group

Product PPK Pass Points Keeping
Original name passpointskeep
Internal name pass points keep
File version 5.7.8.9
Description PPK Pass Points Keeping
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-24 10:23:45
Entry Point 0x00003E8F
Number of sections 6
PE sections
PE imports
GetTokenInformation
OpenProcessToken
GetOpenFileNameA
CommDlgExtendedError
AddFontResourceA
GetTextMetricsW
TextOutA
CombineRgn
Rectangle
GetObjectA
EnumFontFamiliesExA
DeleteDC
BitBlt
CreateDIBSection
SetTextColor
FillRgn
CreateEllipticRgn
GetStockObject
SetViewportOrgEx
SelectClipRgn
CreateCompatibleDC
CreateFontW
CreateRectRgn
SelectObject
CreateSolidBrush
DeleteObject
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
IsDebuggerPresent
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
GlobalAlloc
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
LeaveCriticalSection
VariantClear
VariantInit
SafeArrayCreateVector
PathFileExistsW
GetMessageA
UpdateWindow
BeginPaint
KillTimer
TrackMouseEvent
ShowWindow
LoadBitmapA
EnumDisplayMonitors
IsWindow
DispatchMessageA
EnableWindow
SetDlgItemTextA
LoadMenuW
WindowFromPoint
MessageBoxA
TranslateMessage
CheckDlgButton
GetDC
GetCursorPos
ReleaseDC
SetWindowTextA
GetWindowLongA
SendMessageA
GetClientRect
GetDlgItem
MessageBoxW
IsIconic
CallNextHookEx
CreateDialogParamW
GetSubMenu
SetTimer
LoadImageW
SetScrollRange
EndPaint
GetWindowInfo
DrawThemeParentBackground
WinHttpSetOption
CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoCreateGuid
Number of PE resources by type
RT_STRING 4
RT_BITMAP 2
RT_ACCELERATOR 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.7.8.9

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
181248

EntryPoint
0x3e8f

OriginalFileName
passpointskeep

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 SlavaComp Group

FileVersion
5.7.8.9

TimeStamp
2014:04:24 11:23:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pass points keep

ProductVersion
5.7.8.9

FileDescription
PPK Pass Points Keeping

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SlavaComp Group

CodeSize
77824

ProductName
PPK Pass Points Keeping

ProductVersionNumber
5.7.8.9

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 63992249e966ff33d7555e887ce28595
SHA1 2ab4987ce75bf8b25310f84b7e2b0a5290978922
SHA256 b2360b54f64afc2fb5daafe1e0cc328cc61a576e56984afe8406174482aa6c20
ssdeep
3072:SDjucaYhlI/KZF3fWtZ6XHKWwYfijtKFkRRuw17VIlFgnFxCE/Sw9BCclyEG:SDzhK/KZstgHias0aWw1RIlFgnFxCHE

authentihash 06f2ef9288acb778c858e686ef17f5eecfe2fc39ffbf26a3de42d59a66211da8
imphash 7f5f0405de26eeb9b8fb580260902614
File size 254.0 KB ( 260096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-27 09:47:56 UTC ( 2 years, 11 months ago )
Last submission 2017-01-17 14:51:39 UTC ( 2 months ago )
File names ZeuS_binary_63992249e966ff33d7555e887ce28595.exe
file-6901593_
bot (4).exe
02.exe
passpointskeep
63992249e966ff33d7555e887ce28595
bot_(4).exe
res.exe
pass points keep
63992249E966FF33D7555E887CE28595
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.