× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b46940adcfefac96db737aa663f44e31e071fb7bffc757f98d811c2d82f1d3b8
File name: tss.exe
Detection ratio: 13 / 56
Analysis date: 2016-05-15 06:17:08 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20160515
AVware Trojan.Win32.Generic!BT 20160511
Comodo Application.Win32.Amtar.amu 20160515
DrWeb Trojan.DownLoader10.19969 20160515
Ikarus Trojan.Symmi 20160515
Malwarebytes Rogue.TechSupportScam 20160515
McAfee Artemis!16A63DDD4955 20160515
McAfee-GW-Edition Artemis 20160515
NANO-Antivirus Trojan.Win32.DownLoader10.ecdwrb 20160515
Rising Malware.Undefined!8.C-T59mjmDRrSH (Cloud) 20160515
Symantec Trojan.Gen.2 20160515
VBA32 suspected of Trojan.Downloader.gen.h 20160513
VIPRE Trojan.Win32.Generic!BT 20160515
Ad-Aware 20160515
AegisLab 20160515
AhnLab-V3 20160514
Alibaba 20160513
ALYac 20160515
Antiy-AVL 20160515
Arcabit 20160515
AVG 20160515
Avira (no cloud) 20160514
Baidu 20160514
Baidu-International 20160514
BitDefender 20160515
Bkav 20160514
CAT-QuickHeal 20160514
ClamAV 20160515
CMC 20160510
Cyren 20160515
Emsisoft 20160515
ESET-NOD32 20160515
F-Prot 20160515
F-Secure 20160515
Fortinet 20160515
GData 20160515
Jiangmin 20160515
K7AntiVirus 20160514
K7GW 20160515
Kaspersky 20160515
Kingsoft 20160515
Microsoft 20160515
eScan 20160515
nProtect 20160513
Panda 20160514
Qihoo-360 20160515
Sophos AV 20160515
SUPERAntiSpyware 20160515
Tencent 20160515
TheHacker 20160514
TrendMicro 20160515
TrendMicro-HouseCall 20160515
ViRobot 20160514
Yandex 20160513
Zillya 20160514
Zoner 20160515
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-01-13 02:29:20
Entry Point 0x00001F54
Number of sections 4
PE sections
PE imports
SetBkMode
DeleteObject
GetStockObject
TextOutW
SelectObject
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
HeapDestroy
LCMapStringA
IsDebuggerPresent
ExitProcess
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetFileType
GetConsoleMode
HeapSize
GetCurrentProcessId
GetConsoleOutputCP
LockResource
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
GetTickCount
FreeEnvironmentStringsW
GetCPInfo
DeleteFileW
GetProcAddress
TlsFree
GetProcessHeap
GetTempFileNameW
SetStdHandle
SetFilePointer
RaiseException
CreateThread
GetStringTypeA
GetModuleHandleA
GetLocaleInfoA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetOEMCP
GetTempPathW
GetEnvironmentStrings
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
CreateProcessW
TlsGetValue
Sleep
SetLastError
VirtualFree
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
HeapCreate
WriteConsoleW
InterlockedIncrement
RegisterClassExW
GetSystemMetrics
MessageBoxW
UpdateWindow
EndPaint
BeginPaint
GetMessageW
TranslateMessage
DefWindowProcW
GetSysColorBrush
LoadCursorW
CreateWindowExW
PostQuitMessage
ShowWindow
PostMessageW
DispatchMessageW
InvalidateRect
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
MSI 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:01:13 03:29:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1f54

InitializedDataSize
4534272

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 16a63ddd49552199b3a92b5fe88f804f
SHA1 bb5b1bcecfc8737b3397bc8442a4e483b1df5951
SHA256 b46940adcfefac96db737aa663f44e31e071fb7bffc757f98d811c2d82f1d3b8
ssdeep
98304:ywCDueZbuJtHA0QUCb7Yv8b8SIXtiogjiAuC475j:KueA7ZQ9Yv8jdWAS75j

authentihash af93aa603d98aa3d06fd6ef0ea2b25b3c23dfe6fc55425cb164615a7065e2296
imphash 0f7d0ed8477bf9ca9b4b2ce07e02a90e
File size 4.4 MB ( 4583424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (26.8%)
Win32 EXE PECompact compressed (generic) (25.8%)
Win32 Executable MS Visual C++ (generic) (19.4%)
Win64 Executable (generic) (17.2%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-03 18:13:22 UTC ( 2 years, 6 months ago )
Last submission 2017-10-15 16:58:28 UTC ( 1 year, 1 month ago )
File names b46940adcfefac96db737aa663f44e31e071fb7bffc757f98d811c2d82f1d3b8.bin
PC Cleaner.exe
PC Cleaner.ex
16a63ddd49552199b3a92b5fe88f804f
tss.exe
Win32.Trojan.Agent@PC Cleaner.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00XH05EI16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications