× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b25a4a03b29b5d071371fb5a68d6afaade361249525e05fa122540e38df3625b
File name: 6735b78b9c4f88d1bb784894d9f9623e
Detection ratio: 38 / 55
Analysis date: 2016-08-05 22:51:37 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.Cerber.1 20160805
AhnLab-V3 Malware/Win32.Generic.N2068983401 20160805
ALYac Trojan.Ransom.Cerber.1 20160805
Antiy-AVL Trojan/Win32.SGeneric 20160805
Arcabit Trojan.Ransom.Cerber.1 20160805
Avast Win32:Malware-gen 20160805
AVG Ransom_r.QR 20160805
Avira (no cloud) TR/AD.GootkitDropper.Y.ghsa 20160805
AVware Trojan.Win32.Generic.pak!cobra 20160805
Baidu Win32.Trojan.Kryptik.anp 20160805
BitDefender Trojan.Ransom.Cerber.1 20160805
Bkav HW32.Packed.9244 20160805
Cyren W32/Cerber.A2.gen!Eldorado 20160805
DrWeb Trojan.Siggen6.58358 20160805
Emsisoft Trojan.Ransom.Cerber.1 (B) 20160805
ESET-NOD32 a variant of Win32/Kryptik.FAEQ 20160805
F-Prot W32/Cerber.A2.gen!Eldorado 20160805
F-Secure Trojan.Ransom.Cerber.1 20160805
Fortinet W32/Cerber.B!tr 20160805
GData Trojan.Ransom.Cerber.1 20160805
Ikarus PUA.Downloader 20160805
K7AntiVirus Trojan ( 004f22e21 ) 20160805
K7GW Trojan ( 004f22e21 ) 20160805
Kaspersky HEUR:Trojan.Win32.Generic 20160805
McAfee Artemis!6735B78B9C4F 20160805
McAfee-GW-Edition BehavesLike.Win32.BadFile.ch 20160805
Microsoft TrojanDownloader:Win32/Talalpek!rfn 20160805
eScan Trojan.Ransom.Cerber.1 20160805
NANO-Antivirus Trojan.Win32.Siggen6.eduops 20160805
nProtect Trojan.Ransom.Cerber.1 20160805
Panda Trj/GdSda.A 20160805
Qihoo-360 QVM20.1.Malware.Gen 20160805
Sophos AV Mal/Ransom-EJ 20160805
Symantec Packed.Generic.459 20160805
Tencent Win32.Trojan.Kryptik.Wnmj 20160805
TrendMicro TROJ_GEN.R00JC0DFG16 20160805
TrendMicro-HouseCall Ransom_CERBER.SMFE 20160805
VIPRE Trojan.Win32.Generic.pak!cobra 20160805
AegisLab 20160805
Alibaba 20160805
CAT-QuickHeal 20160805
ClamAV 20160805
CMC 20160804
Comodo 20160805
Jiangmin 20160805
Kingsoft 20160805
Malwarebytes 20160805
SUPERAntiSpyware 20160805
TheHacker 20160804
TotalDefense 20160805
VBA32 20160805
ViRobot 20160805
Yandex 20160805
Zillya 20160805
Zoner 20160805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2000-2012 Cortado AG

Product ThinPrint Virtual Channel Gateway
Original name TPVCGateway.exe
Internal name TPVCGateway
File version 8,6,239,1
Description ThinPrint Virtual Channel Gateway Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-14 04:24:18
Entry Point 0x00016DA0
Number of sections 4
PE sections
PE imports
CryptDeriveKey
RegCreateKeyExW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
CryptDestroyKey
RegQueryValueExA
RegEnumKeyW
CryptAcquireContextW
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
CryptHashData
CryptDecrypt
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
ImageList_Destroy
CreateFontIndirectW
EngUnicodeToMultiByteN
PatBlt
OffsetRgn
GetBkMode
ResizePalette
PathToRegion
SetStretchBltMode
GdiGetCharDimensions
ExcludeClipRect
UpdateColors
GetDeviceCaps
GetTextExtentPointI
GetColorAdjustment
CreateCompatibleDC
DeleteDC
SetBkMode
SetWorldTransform
DeleteObject
GetObjectW
CreateMetaFileA
RealizePalette
SetTextColor
GetTextExtentPointW
ExtTextOutW
GdiReleaseDC
GdiGetDC
CLIPOBJ_bEnum
BitBlt
CreatePalette
GetStockObject
SelectPalette
AbortPath
GetDIBits
CreateRoundRectRgn
SelectClipRgn
EnumFontFamiliesExA
StretchDIBits
SwapBuffers
GetKerningPairsW
CreateRectRgn
SelectObject
GetICMProfileW
CreateSolidBrush
EngWideCharToMultiByte
SetBkColor
SetTextCharacterExtra
GdiConvertBitmapV5
GetTextExtentPoint32W
CreateCompatibleBitmap
Toolhelp32ReadProcessMemory
GetDriveTypeW
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
SignalObjectAndWait
GetConsoleTitleW
GetFileAttributesW
GetCommandLineW
DeleteCriticalSection
OpenFileMappingW
Heap32Next
LocalAlloc
MapViewOfFileEx
SetErrorMode
_llseek
GetLogicalDrives
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
_lopen
WritePrivateProfileStructW
LocalFree
MoveFileA
ConnectNamedPipe
InitializeCriticalSection
GlobalHandle
GetLogicalDriveStringsW
InterlockedDecrement
GetProfileIntA
SetLastError
EnumUILanguagesW
GetUserDefaultUILanguage
LocalLock
ReadFile
FindNextVolumeA
RemoveDirectoryW
Beep
HeapAlloc
lstrcmpiW
SetProcessWorkingSetSize
SetThreadPriority
WritePrivateProfileSectionW
MultiByteToWideChar
GetPrivateProfileStringW
LeaveCriticalSection
_lclose
EraseTape
CreateThread
GetSystemDirectoryW
GetExitCodeThread
GetConsoleDisplayMode
CreateMutexW
GetVolumeNameForVolumeMountPointW
ExitThread
GlobalMemoryStatus
FindCloseChangeNotification
SearchPathW
GlobalAlloc
SearchPathA
ReadConsoleW
GetCurrentThreadId
GetProcAddress
EnterCriticalSection
WriteConsoleInputA
LoadLibraryW
GetVersionExW
FreeLibrary
GetTickCount
LoadLibraryA
GetStartupInfoA
DeleteFileW
GetUserDefaultLCID
_lread
GetTempFileNameW
CreateWaitableTimerW
lstrcpyW
WaitNamedPipeW
GlobalReAlloc
GetModuleFileNameW
VirtualLock
lstrcmpW
GlobalLock
SetVolumeLabelW
GetPrivateProfileIntW
CreateFileW
GetConsoleWindow
WriteProfileSectionW
ExitProcess
InterlockedIncrement
GetComputerNameExA
GetLastError
GetShortPathNameW
GlobalFree
GlobalUnlock
lstrlenW
GetCurrentProcessId
ProcessIdToSessionId
GetProcessHeaps
ExpandEnvironmentStringsW
GetModuleHandleA
Module32NextW
FatalAppExitW
CloseHandle
GetModuleHandleW
SetThreadExecutionState
CreateProcessA
WriteConsoleOutputCharacterW
GetTempPathW
Sleep
IsBadStringPtrA
SetMailslotInfo
VirtualAlloc
DragQueryFileW
SHBindToParent
SHFileOperationW
SHBrowseForFolderA
Shell_NotifyIcon
Shell_NotifyIconW
SHFormatDrive
SHEmptyRecycleBinW
SHCreateDirectoryExW
DuplicateIcon
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
DragAcceptFiles
ShellAboutW
SHCreateProcessAsUserW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetDataFromIDListW
DragFinish
SHGetFileInfo
ShellExecuteW
SHGetFolderPathA
CommandLineToArgvW
StrStrIA
PathAppendW
StrCmpNIA
RedrawWindow
GetMessagePos
SetWindowRgn
GetInputState
DrawTextW
DrawStateA
DestroyMenu
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
EndPaint
ScreenToClient
WindowFromPoint
CharUpperBuffW
SetMenuItemInfoW
GetClipboardSequenceNumber
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
EndMenu
UnregisterClassW
GetClientRect
SetMenuDefaultItem
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
LoadImageW
TrackPopupMenu
GetTopWindow
GetWindowTextW
LockWindowUpdate
DestroyWindow
DrawEdge
DdeDisconnectList
GetParent
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
EnumDisplayMonitors
DestroyIcon
SetWindowsHookExW
EnableWindow
SetWindowPlacement
CharUpperW
MapWindowPoints
LoadIconW
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
CharUpperA
RegisterClassW
GetSystemMetrics
GetWindowPlacement
LoadStringW
IsIconic
TrackPopupMenuEx
GetSubMenu
CreateMenu
GetKeyboardLayout
FillRect
GetSysColorBrush
GetDialogBaseUnits
CreateWindowExW
GetWindowLongW
PtInRect
IsChild
SetFocus
RegisterWindowMessageW
BeginPaint
DefWindowProcW
ReleaseCapture
KillTimer
GetClipboardData
LoadBitmapW
CharLowerA
SetWindowLongW
GetWindowRect
SetCapture
DrawIcon
EnumChildWindows
RegisterDeviceNotificationW
SendDlgItemMessageW
PostMessageW
MonitorFromRect
CheckDlgButton
CreateDialogParamW
WaitMessage
CreatePopupMenu
DrawFocusRect
GetLastActivePopup
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
BringWindowToTop
ClientToScreen
PeekMessageW
CountClipboardFormats
GetMenuItemCount
GetDesktopWindow
IsDialogMessageW
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
GetMenuItemInfoW
GetAsyncKeyState
IntersectRect
EndDialog
FindWindowW
GetCapture
GetShellWindow
MessageBeep
LoadMenuW
RemoveMenu
wvsprintfW
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
GetKBCodePage
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
GetSysColor
SetDlgItemTextW
EndDeferWindowPos
GetDoubleClickTime
EnableMenuItem
IsWindowVisible
WinHelpW
SystemParametersInfoW
SetRect
InvalidateRect
CallWindowProcW
ModifyMenuW
UnregisterDeviceNotification
GetFocus
wsprintfW
CloseClipboard
DefDlgProcW
LookupIconIdFromDirectory
SetCursor
__p__fmode
_wcsupr
rand
_ftol
srand
wcschr
_wcslwr
isdigit
towupper
_except_handler3
__p__commode
wcslen
wcscmp
exit
_XcptFilter
__setusermatherr
wcsncpy
towlower
_acmdln
iswctype
_adjust_fdiv
wcscat
wcscspn
__getmainargs
_controlfp
wcsspn
swscanf
wcscpy
wcsstr
_initterm
_exit
__set_app_type
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 12
RT_DIALOG 4
RT_BITMAP 2
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
RT_VERSION 1
RT_MANIFEST 1
MOF 1
Number of PE resources by language
ENGLISH US 53
NEUTRAL 15
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.6.239.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
89088

EntryPoint
0x16da0

OriginalFileName
TPVCGateway.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2000-2012 Cortado AG

FileVersion
8,6,239,1

TimeStamp
2016:06:14 05:24:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TPVCGateway

ProductVersion
8,6,239,1

FileDescription
ThinPrint Virtual Channel Gateway Service

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Cortado AG

CodeSize
93696

ProductName
ThinPrint Virtual Channel Gateway

ProductVersionNumber
8.6.239.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6735b78b9c4f88d1bb784894d9f9623e
SHA1 29d4fb6bfdfc3ed2c1671c3ff601aea20a626e7f
SHA256 b25a4a03b29b5d071371fb5a68d6afaade361249525e05fa122540e38df3625b
ssdeep
3072:i6T5Y9dvH3/ZZ44Kb/7AnWax1a/mbtJW0bfOF9ZJJ:i6T5MtX1Kb/UWax1a/mh

authentihash 9b2ea25ff695f96538eddf8191188863394c0fcd8c3651b479bd3d3effa7268d
imphash 5b94978ab53156e7e9a39d1aeb2a48c4
File size 179.5 KB ( 183808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-05 22:51:37 UTC ( 2 years, 6 months ago )
Last submission 2016-08-05 22:51:37 UTC ( 2 years, 6 months ago )
File names TPVCGateway.exe
TPVCGateway
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications