× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b6573cfb84ee37285ad6e84e63aca109e49096c48454a058b2c58379fde885f1
File name: BBDE544109CF5CE4CF8C80A6181C731D
Detection ratio: 32 / 53
Analysis date: 2016-07-02 07:41:38 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3360436 20160702
AhnLab-V3 Trojan/Win32.Talalpek.N2037219712 20160701
ALYac Gen:Variant.Graftor.292283 20160702
Arcabit Trojan.Generic.D3346B4 20160702
Avast Win32:Trojan-gen 20160702
AVG Generic_r.KRG 20160702
Avira (no cloud) TR/Crypt.Xpack.uxtb 20160702
AVware Trojan.Win32.Reveton.a (v) 20160702
BitDefender Trojan.GenericKD.3360436 20160702
Bkav HW32.Packed.24C0 20160701
DrWeb Trojan.Siggen6.58358 20160702
Emsisoft Trojan.GenericKD.3360436 (B) 20160702
ESET-NOD32 a variant of Win32/Kryptik.FBIV 20160702
F-Secure Trojan.GenericKD.3360436 20160702
GData Trojan.GenericKD.3360436 20160702
Ikarus Trojan.Win32.Crypt 20160702
K7AntiVirus Trojan ( 004f318f1 ) 20160702
K7GW Trojan ( 004f318f1 ) 20160702
Kaspersky HEUR:Trojan.Win32.Generic 20160702
McAfee RDN/Generic.grp 20160702
McAfee-GW-Edition BehavesLike.Win32.Swizzor.ch 20160702
Microsoft TrojanDownloader:Win32/Talalpek.A 20160702
eScan Trojan.GenericKD.3360436 20160702
NANO-Antivirus Trojan.Win32.Xpack.edyujv 20160702
Panda Trj/GdSda.A 20160701
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160702
Sophos AV Mal/Generic-S 20160702
Symantec Packed.Generic.459 20160701
Tencent Win32.Trojan.Kryptik.Pjnq 20160702
TrendMicro TROJ_FRS.0NA004FU16 20160702
TrendMicro-HouseCall TROJ_FRS.0NA004FU16 20160702
VIPRE Trojan.Win32.Reveton.a (v) 20160702
AegisLab 20160702
Alibaba 20160701
Antiy-AVL 20160702
Baidu 20160701
CAT-QuickHeal 20160701
ClamAV 20160702
CMC 20160630
Comodo 20160702
Cyren 20160702
F-Prot 20160702
Fortinet 20160702
Jiangmin 20160702
Kingsoft 20160702
Malwarebytes 20160702
nProtect 20160701
SUPERAntiSpyware 20160702
TheHacker 20160702
VBA32 20160701
ViRobot 20160702
Zillya 20160701
Zoner 20160702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2008-2010 ashampoo Technology GmbH Co. KG

Internal name Cancel Autoplay 2
File version 2.0.0.0
Description Cancel Autoplay 2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-30 16:18:18
Entry Point 0x00003F00
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
GetExplicitEntriesFromAclW
CopySid
RegDeleteKeyW
RegQueryValueExW
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSidToSidW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
RegisterEventSourceA
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
GetUserNameW
IsValidSid
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
GetSecurityDescriptorSacl
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetNamedSecurityInfoW
SetEntriesInAclW
RegSetValueExW
FreeSid
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
RegQueryValueA
EqualSid
ReportEventA
SetNamedSecurityInfoW
ImageList_DrawIndirect
ImageList_GetIconSize
SetDIBits
PlayEnhMetaFileRecord
GetTextMetricsW
SetMapMode
SetMetaRgn
CombineRgn
SetICMProfileW
GdiGetBatchLimit
SetLayout
EndDoc
IntersectClipRect
OffsetWindowOrgEx
CreatePen
CreateDIBitmap
PolyPatBlt
GetDIBits
GetEnhMetaFileBits
StretchBlt
ArcTo
CloseFigure
CloseMetaFile
WidenPath
SetBkColor
SetRectRgn
DeleteEnhMetaFile
EngLoadModule
CreateFontIndirectW
OffsetRgn
GdiDeleteSpoolFileHandle
CreateFontIndirectA
GdiProcessSetup
CreateRectRgnIndirect
LPtoDP
GdiGetCharDimensions
GetPixel
PATHOBJ_bEnumClipLines
GetLayout
ExcludeClipRect
TranslateCharsetInfo
GdiGetDevmodeForPage
SetBkMode
BitBlt
GetOutlineTextMetricsW
CloseEnhMetaFile
EndPage
CreateFontIndirectExA
GdiEntry3
GetCharWidth32W
SetDIBColorTable
CancelDC
FontIsLinked
BeginPath
DeleteObject
AddFontResourceA
GetWindowExtEx
GetTextFaceAliasW
SetColorSpace
SetStretchBltMode
SetMagicColors
GetDeviceCaps
DeleteDC
GetMapMode
GetObjectW
CreatePatternBrush
ExtTextOutW
CreateBitmap
RectVisible
DeleteColorSpace
GetStockObject
GdiFlush
SelectClipRgn
SetWindowOrgEx
SelectObject
GetViewportExtEx
GetTextExtentPointW
GetTextExtentPoint32W
EndPath
GdiIsPlayMetafileDC
CreateHalftonePalette
GetTextCharset
EngCreatePalette
GetBitmapBits
GetTextExtentExPointW
CreateSolidBrush
EngCopyBits
FillPath
CreateDIBSection
SetTextColor
GetClipBox
CreateFontA
EnumFontFamiliesExW
SetViewportOrgEx
AbortPath
CreateRoundRectRgn
CreateCompatibleDC
StrokeAndFillPath
CreateRectRgn
GetClipRgn
GdiPlayScript
GetStretchBltMode
Polyline
CombineTransform
AbortDoc
CreateCompatibleBitmap
DeleteMetaFile
GetStdHandle
GetDriveTypeW
ReleaseMutex
InterlockedPopEntrySList
WaitForSingleObject
GetDriveTypeA
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
ExitProcess
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
lstrcatW
InitializeSListHead
FileTimeToSystemTime
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
EnumLanguageGroupLocalesW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetFileAttributesW
OutputDebugStringA
SetLastError
PeekNamedPipe
DeviceIoControl
ReadConsoleInputA
CopyFileW
GetUserDefaultLangID
OutputDebugStringW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
lstrcmpiW
SetThreadPriority
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
SetFilePointer
GetFullPathNameW
CreateThread
MoveFileExW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
EnumSystemLanguageGroupsW
GetSystemDirectoryA
DecodePointer
SetEnvironmentVariableA
GlobalMemoryStatus
GetModuleHandleExW
GlobalAlloc
GetDiskFreeSpaceExW
CreateEventW
SetEndOfFile
GetVersion
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetSystemTime
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
FreeLibrary
GetStartupInfoA
GetDateFormatA
FlushConsoleInputBuffer
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetNamedPipeHandleStateA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
GetTimeFormatW
lstrcpyW
GlobalReAlloc
GetModuleFileNameW
FreeEnvironmentStringsW
lstrcmpA
FindNextFileW
FindFirstFileW
TerminateProcess
FindFirstFileExW
GetProcAddress
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
CopyFileExW
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
ExpandEnvironmentStringsW
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
GetLongPathNameW
TlsGetValue
IsValidCodePage
SetConsoleMode
GetTempPathW
VirtualFree
Sleep
SetConsoleCtrlHandler
VirtualAlloc
SHBindToParent
SHBrowseForFolderW
DragQueryFileW
SHFileOperationW
SHGetDiskFreeSpaceA
SHQueryRecycleBinA
Shell_NotifyIconW
SHGetFileInfoA
SHFormatDrive
ShellExecuteExA
SHGetIconOverlayIndexA
SHCreateDirectoryExW
DuplicateIcon
SHGetPathFromIDListW
SHCreateDirectoryExA
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
SHBrowseForFolder
ExtractAssociatedIconA
SHCreateProcessAsUserW
SHGetSpecialFolderPathW
FindExecutableA
SHGetFolderPathW
SHGetDataFromIDListW
DragFinish
SHGetFileInfo
ShellExecuteW
SHGetSettings
ShellHookProc
SHGetInstanceExplorer
SHGetSpecialFolderLocation
SHGetDataFromIDListA
StrStrA
StrCmpW
StrCmpNW
StrRChrW
StrCmpNIW
StrRChrIA
StrStrIW
StrChrA
StrStrW
StrCmpIW
StrRStrIW
RedrawWindow
GetForegroundWindow
SetWindowRgn
PostQuitMessage
DrawStateW
SetWindowPos
GetClipboardViewer
IsWindow
SetDeskWallpaper
DispatchMessageA
EndPaint
ScrollWindowEx
WindowFromPoint
GetClipboardSequenceNumber
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
EndMenu
UnregisterClassW
GetClientRect
DdeInitializeW
DefWindowProcW
DrawTextW
SetScrollPos
CallNextHookEx
LoadImageW
GetActiveWindow
GetWindowTextW
DialogBoxIndirectParamW
GetWindowTextLengthW
MsgWaitForMultipleObjects
LoadMenuIndirectW
InvalidateRgn
PtInRect
DrawEdge
DdeDisconnectList
GetUserObjectInformationW
GetParent
UpdateWindow
AttachThreadInput
EqualRect
EnumWindows
ShowWindow
SetMenuInfo
GetPropA
GetClipboardOwner
PeekMessageW
ChangeDisplaySettingsExW
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetIconInfo
DdeQueryConvInfo
IsHungAppWindow
IsIconic
DrawFocusRect
DrawFrameControl
SetTimer
IsDialogMessageW
FillRect
MonitorFromPoint
CopyRect
WaitForInputIdle
DlgDirListW
IsWindowUnicode
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
GetGUIThreadInfo
DestroyWindow
IsChild
SetFocus
GetMonitorInfoW
BeginPaint
OffsetRect
EndDialog
DrawIcon
KillTimer
GetComboBoxInfo
MapWindowPoints
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SendDlgItemMessageW
PostMessageW
SwapMouseButton
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
CreateWindowStationW
ScreenToClient
GetProcessWindowStation
LoadIconA
CountClipboardFormats
PostThreadMessageW
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
DispatchMessageW
SetForegroundWindow
NotifyWinEvent
IsWinEventHookInstalled
CreateDialogIndirectParamW
IntersectRect
GetScrollInfo
GetFocus
GetCapture
SetWinEventHook
MessageBeep
GetWindowThreadProcessId
BeginDeferWindowPos
MessageBoxW
RegisterClassExW
UnhookWindowsHookEx
RegisterClipboardFormatA
SetRectEmpty
DialogBoxParamW
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadCursorFromFileW
LoadKeyboardLayoutA
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
SystemParametersInfoA
GetDoubleClickTime
DestroyIcon
IsWindowVisible
TileWindows
SystemParametersInfoW
MonitorFromWindow
SetRect
InvalidateRect
AnimateWindow
CharNextW
CallWindowProcW
GetClassNameW
AdjustWindowRect
IsRectEmpty
GetCursor
SendMessageTimeoutW
GetAncestor
SetCursor
_except_handler3
_acmdln
__p__fmode
_exit
_adjust_fdiv
__setusermatherr
__p__commode
exit
_XcptFilter
__getmainargs
_controlfp
_initterm
__set_app_type
CreateStreamOnHGlobal
OleUninitialize
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
RevokeDragDrop
CoDisconnectObject
CLSIDFromString
CoTaskMemFree
RegisterDragDrop
OleInitialize
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
80896

ImageVersion
0.0

FileVersionNumber
2.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.0.0

TimeStamp
2016:06:30 18:18:18+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cancel Autoplay 2

FileDescription
Cancel Autoplay 2

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 2008-2010 ashampoo Technology GmbH Co. KG

MachineType
Intel 386 or later, and compatibles

CompanyName
Ashampoo

CodeSize
115200

FileSubtype
0

ProductVersionNumber
2.0.0.0

EntryPoint
0x3f00

ObjectFileType
Executable application

File identification
MD5 bbde544109cf5ce4cf8c80a6181c731d
SHA1 de1a3209d49fde0dc6fe5e1a5c8f4c2af0241a0a
SHA256 b6573cfb84ee37285ad6e84e63aca109e49096c48454a058b2c58379fde885f1
ssdeep
3072:tF+yuFTuJbrmAvP5VyJmXuUNbIgsPLzvfGl16z4IoPt+Ht+:tuFYmw5Vsmav+lohoPQ

authentihash 9bded1f7976ba810d06a34e10bb05e68dc72578ea5c79f70bef09013e04ac884
imphash f4d7ecd07c586bd88e57ea30dc6ce728
File size 192.5 KB ( 197120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (48.1%)
Microsoft Visual C++ compiled executable (generic) (25.4%)
Win32 Dynamic Link Library (generic) (10.1%)
Win32 Executable (generic) (6.9%)
OS/2 Executable (generic) (3.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-30 00:37:33 UTC ( 2 years, 8 months ago )
Last submission 2018-05-15 00:04:41 UTC ( 10 months, 2 weeks ago )
File names realstatistics-gate-Neutrino-EK-payload-Gootkit-after-nebularoficial.com.exe
2016-06-29-realstatistics-gate-Neutrino-EK-payload-Gootkit-after-nebularoficial.com.exe
Cancel Autoplay 2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications