× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b606ed476cdd0e0e43ad57b118d87526ca0da35ca5c99a8075eb62c112a71a1d
File name: ttcopy.pif
Detection ratio: 7 / 49
Analysis date: 2014-04-02 04:07:58 UTC ( 2 years, 12 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent 20140401
AntiVir TR/Crypt.Xpack.32894 20140402
AVG Win32/Cryptor 20140401
ESET-NOD32 a variant of Win32/Injector.BBAL 20140401
Malwarebytes Trojan.Agent.ED 20140402
Qihoo-360 Win32/Trojan.18a 20140402
TrendMicro-HouseCall TROJ_GEN.F47V0401 20140402
Ad-Aware 20140402
AegisLab 20140402
Yandex 20140401
Antiy-AVL 20140402
Avast 20140402
Baidu-International 20140401
BitDefender 20140402
Bkav 20140401
ByteHero 20140402
CAT-QuickHeal 20140401
ClamAV 20140402
CMC 20140331
Commtouch 20140402
Comodo 20140402
DrWeb 20140402
Emsisoft 20140402
F-Prot 20140402
F-Secure 20140402
Fortinet 20140401
GData 20140402
Ikarus 20140402
Jiangmin 20140401
K7AntiVirus 20140401
K7GW 20140401
Kaspersky 20140402
Kingsoft 20130829
McAfee 20140402
McAfee-GW-Edition 20140401
Microsoft 20140402
eScan 20140402
NANO-Antivirus 20140402
Norman 20140401
nProtect 20140401
Panda 20140401
Rising 20140401
Sophos 20140402
SUPERAntiSpyware 20140402
Symantec 20140402
TheHacker 20140401
TotalDefense 20140401
TrendMicro 20140402
VBA32 20140401
VIPRE 20140402
ViRobot 20140402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2007 - 2037 - Van Loo Software

Publisher Van Loo Software (TM)
Product Snappy IM
Internal name Snappy IM
File version 2.2.1.1
Description Snappy IM
Comments Visit us at www.ssuitesoft.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-01 13:30:14
Entry Point 0x00005C25
Number of sections 5
PE sections
PE imports
GetSaveFileNameW
GetFileTitleW
GetTextMetricsW
CombineRgn
TextOutW
CreateFontIndirectW
CreatePen
ColorMatchToTarget
GetPixel
GetDeviceCaps
DeleteDC
SetPixel
GetObjectW
BitBlt
GetCurrentObject
CreateBitmap
AddFontMemResourceEx
CreateCompatibleDC
GetTextAlign
CreateFontW
CreateRectRgn
CreateColorSpaceA
SelectObject
CreateColorSpaceW
SetBkColor
GetTextExtentPoint32W
GetLastError
ReadConsoleInputA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetDateFormatA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetTimeFormatA
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
SystemTimeToFileTime
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
ResetWriteWatch
IsDBCSLeadByte
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
CompareStringW
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
DecodePointer
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GlobalUnWire
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
SetConsoleMode
CreateFileW
TlsGetValue
Sleep
WriteConsoleW
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetLocaleInfoW
ExitProcess
HeapCreate
SetLastError
LeaveCriticalSection
GetModuleInformation
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
PathFindFileNameA
PathFindExtensionA
MapWindowPoints
RegisterWindowMessageW
GetForegroundWindow
GetClassInfoExW
CreateDialogIndirectParamW
UpdateWindow
SetMenuItemBitmaps
EqualRect
EnumWindows
DeferWindowPos
GetCapture
MessageBeep
IsWindowEnabled
GetNextDlgGroupItem
GetWindowThreadProcessId
SendDlgItemMessageA
BeginDeferWindowPos
GetNextDlgTabItem
MessageBoxW
PeekMessageW
CharUpperW
EnumChildWindows
AdjustWindowRectEx
SendDlgItemMessageW
GetMessageTime
PostMessageW
RegisterClipboardFormatW
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
GetDlgCtrlID
CheckMenuItem
GetClassLongW
RegisterClassW
WinHelpW
UnregisterClassW
GetClassInfoW
GetDlgItem
GetMenuCheckMarkDimensions
EnableMenuItem
ScreenToClient
TrackPopupMenu
PostThreadMessageW
GetTopWindow
SetWindowContextHelpId
GetWindowTextW
SetActiveWindow
GetSysColorBrush
ShowOwnedPopups
GetWindowTextLengthW
GetActiveWindow
InvalidateRgn
CharNextW
GetLastActivePopup
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CLSIDFromString
CreateILockBytesOnHGlobal
CoTaskMemAlloc
Number of PE resources by type
RT_STRING 21
RT_ICON 3
Struct(88) 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 22
GERMAN SWISS 3
ENGLISH SOUTH AFRICA 1
PE resources
ExifTool file metadata
CodeSize
80384

SubsystemVersion
5.0

Comments
Visit us at www.ssuitesoft.com

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.1.1

LanguageCode
Unknown (1C09)

FileFlagsMask
0x003f

FileDescription
Snappy IM

CharacterSet
Windows, Latin1

InitializedDataSize
261120

MIMEType
application/octet-stream

LegalCopyright
2007 - 2037 - Van Loo Software

FileVersion
2.2.1.1

TimeStamp
2014:04:01 14:30:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Snappy IM

FileAccessDate
2014:04:02 05:08:19+01:00

ProductVersion
2.2.1.1

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2014:04:02 05:08:19+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Van Loo Software (TM)

LegalTrademarks
Van Loo Software (TM)

ProductName
Snappy IM

ProductVersionNumber
2.2.1.1

EntryPoint
0x5c25

ObjectFileType
Executable application

File identification
MD5 890e9e60e353db52dbda5eb8af20082a
SHA1 000704b287e14c5eedb3616061538fdbe5e51d31
SHA256 b606ed476cdd0e0e43ad57b118d87526ca0da35ca5c99a8075eb62c112a71a1d
ssdeep
6144:8t6TtRFD1pw7GyIBExWNvgNoVN9t/o6qdT:qQ3bw7GyJx0vgNc/x+T

imphash 9fe3e1cec2ac802a112cf5efabf464d1
File size 335.5 KB ( 343552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-01 15:43:00 UTC ( 2 years, 12 months ago )
Last submission 2014-04-02 04:07:58 UTC ( 2 years, 12 months ago )
File names Snappy IM
ttcopy.pif
VirusShare_890e9e60e353db52dbda5eb8af20082a.application_x-dosexec
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications