× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b86ae0e442478791c06998f4745f99668858ae1771a98df2d49f0bef056f2bc9
File name: vt-upload-b29N9
Detection ratio: 17 / 54
Analysis date: 2014-10-05 05:30:27 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Kryptik 20141004
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141005
AVG Zbot.OOY 20141004
Avira (no cloud) TR/Crypt.Xpack.97266 20141004
Fortinet W32/Zbot.ACB!tr.spy 20141005
Kaspersky Trojan-Spy.Win32.Zbot.uhtv 20141004
Malwarebytes Trojan.Agent.ED 20141005
McAfee Artemis!B456F77CD77D 20141005
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20141005
Microsoft PWS:Win32/Zbot 20141005
Panda Trj/Chgt.I 20141004
Qihoo-360 Win32/Trojan.b66 20141005
Sophos AV Mal/Generic-S 20141005
Symantec WS.Reputation.1 20141005
Tencent Win32.Trojan-spy.Zbot.Pdvq 20141005
TrendMicro TROJ_FORUCON.BMC 20141005
TrendMicro-HouseCall TROJ_FORUCON.BMC 20141005
Ad-Aware 20141005
AegisLab 20141005
Yandex 20141004
Avast 20141005
AVware 20141004
Baidu-International 20141004
BitDefender 20141005
Bkav 20141003
ByteHero 20141005
CAT-QuickHeal 20141004
ClamAV 20141004
CMC 20141004
Comodo 20141005
Cyren 20141005
DrWeb 20141004
Emsisoft 20141005
F-Prot 20141005
F-Secure 20141005
GData 20141005
Ikarus 20141004
Jiangmin 20141004
K7AntiVirus 20141004
K7GW 20141004
Kingsoft 20141005
eScan 20141005
NANO-Antivirus 20141005
Norman 20141004
nProtect 20141002
Rising 20141003
SUPERAntiSpyware 20141004
TheHacker 20141001
TotalDefense 20141001
VBA32 20141004
VIPRE 20141005
ViRobot 20141004
Zillya 20141004
Zoner 20140929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © DiskInternals Research

Product Partition Recovery Tool
Original name Partition_Recovery.exe
Internal name Partition_Recovery.exe
File version 5.4.0.0
Description Partition Recovery Tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-01 22:51:59
Entry Point 0x00005FD8
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegQueryValueExA
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
RegEnumValueA
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorSacl
LineTo
TextOutW
DeleteObject
GetTextExtentPoint32A
MoveToEx
TextOutA
CreateFontIndirectA
SelectObject
SetBkMode
SetTextAlign
GetTextExtentPoint32W
GetStdHandle
GetFileAttributesA
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
lstrcatA
UnhandledExceptionFilter
_llseek
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InterlockedDecrement
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
GetPrivateProfileStringA
Module32First
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
_lclose
Module32Next
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
DeleteFileA
GetStartupInfoW
DeleteFileW
GetProcAddress
_lread
GetProcessHeap
lstrcpyA
GlobalLock
CreateFileW
GetConsoleWindow
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
EnumSystemCodePagesW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
NetGetJoinInformation
NetApiBufferFree
SafeArrayCreate
SysFreeString
RegisterActiveObject
SysAllocStringLen
SHCreateShellItem
DragFinish
DragQueryFileW
ExtractIconExW
SHGetFileInfoW
SHParseDisplayName
SHGetMalloc
SHBrowseForFolderW
SHCreateStreamOnFileW
PathFindExtensionW
PathRemoveExtensionW
SetFocus
GetMessageA
SetDlgItemTextA
GetParent
UpdateWindow
GetWindowTextA
GetScrollInfo
BeginPaint
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
IsWindowEnabled
GetNextDlgGroupItem
SetWindowPos
SendDlgItemMessageA
DdeCreateStringHandleA
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetWindowPlacement
SetCapture
SetMenuItemInfoA
CreatePopupMenu
MessageBoxA
GetWindowDC
TranslateMessage
DialogBoxParamA
SetMenuItemInfoW
GetKeyState
SystemParametersInfoA
SetWindowTextA
SendMessageW
SetClipboardData
EmptyClipboard
GetWindowPlacement
SendMessageA
DrawTextA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
CreateDialogParamA
IsIconic
ClientToScreen
DeleteMenu
LoadAcceleratorsA
GetWindowLongA
OpenClipboard
LoadCursorA
TranslateAcceleratorA
TrackPopupMenu
DdeFreeStringHandle
IsDlgButtonChecked
CallWindowProcA
GetSystemMenu
ReleaseDC
EndPaint
CloseClipboard
DestroyWindow
GetMenu
RegisterClipboardFormatA
SetCursor
EnumPrintersA
htons
socket
inet_addr
WSACleanup
WSAStartup
gethostbyname
connect
WSAAsyncSelect
closesocket
gethostbyaddr
WSAGetLastError
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Partition Recovery Tool

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
190464

EntryPoint
0x5fd8

OriginalFileName
Partition_Recovery.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright DiskInternals Research

FileVersion
5.4.0.0

TimeStamp
2014:10:01 15:51:59-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Partition_Recovery.exe

ProductVersion
5.4.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DiskInternals Research

CodeSize
72192

ProductName
Partition Recovery Tool

ProductVersionNumber
5.4.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b456f77cd77dfaaa99318246b62ea244
SHA1 b0f49637d9892d9cb192024f482b46873ced7194
SHA256 b86ae0e442478791c06998f4745f99668858ae1771a98df2d49f0bef056f2bc9
ssdeep
6144:J1D1+hZq+NfN/1bA9dQ3i6JZpFKU3aP77V:JX+hs+NfN/1U0N3H3U7V

authentihash 3faeb974512c982992b7f2868bcb136ee081a4761083dba80fc0ccbf63b7b5ac
imphash a75afc33b4be37c3e396c6f02381182e
File size 257.5 KB ( 263680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-05 05:30:27 UTC ( 4 years, 5 months ago )
Last submission 2014-10-05 05:30:27 UTC ( 4 years, 5 months ago )
File names b86ae0e442478791c06998f4745f99668858ae1771a98df2d49f0bef056f2bc9.exe
Partition_Recovery.exe
vt-upload-b29N9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.