× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9d36404f6b77110518044195701f079a1f179dcc35fc5e0b51363a632205cc5
File name: 59ed2976b1d857af584c16f7a1a6b22393bc1656
Detection ratio: 4 / 57
Analysis date: 2015-09-09 01:22:58 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150909
Baidu-International Trojan.Win32.Zbot.ACB 20150908
CMC Trojan.Win32.Swizzor.1!O 20150908
ESET-NOD32 Win32/Spy.Zbot.ACB 20150908
Ad-Aware 20150909
AegisLab 20150908
Yandex 20150908
AhnLab-V3 20150908
Alibaba 20150902
ALYac 20150909
Antiy-AVL 20150908
Arcabit 20150909
AVG 20150909
Avira (no cloud) 20150908
AVware 20150901
BitDefender 20150909
Bkav 20150908
ByteHero 20150909
CAT-QuickHeal 20150908
ClamAV 20150908
Comodo 20150909
Cyren 20150908
DrWeb 20150909
Emsisoft 20150909
F-Prot 20150908
F-Secure 20150909
Fortinet 20150909
GData 20150909
Ikarus 20150909
Jiangmin 20150907
K7AntiVirus 20150908
K7GW 20150908
Kaspersky 20150909
Kingsoft 20150909
Malwarebytes 20150908
McAfee 20150909
McAfee-GW-Edition 20150908
Microsoft 20150909
eScan 20150909
NANO-Antivirus 20150908
nProtect 20150908
Panda 20150908
Qihoo-360 20150909
Rising 20150908
Sophos AV 20150909
SUPERAntiSpyware 20150908
Symantec 20150908
Tencent 20150909
TheHacker 20150907
TotalDefense 20150909
TrendMicro 20150909
TrendMicro-HouseCall 20150909
VBA32 20150907
VIPRE 20150908
ViRobot 20150908
Zillya 20150909
Zoner 20150909
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-07 12:59:47
Entry Point 0x0001D5A4
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
GetProcessHeap
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetCommandLineW
LCMapStringA
GetCPInfo
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
TlsFree
GetLocaleInfoW
LeaveCriticalSection
RemoveDirectoryW
RaiseException
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
GetModuleHandleA
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
MulDiv
GetSystemTimeAsFileTime
DeleteFileW
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
ExitProcess
FileTimeToLocalFileTime
SetEvent
TerminateProcess
RtlUnwind
CreateEventW
IsValidCodePage
HeapCreate
CreateProcessW
HeapDestroy
InterlockedDecrement
Sleep
GetFileType
VirtualFree
TlsSetValue
HeapAlloc
GetVersion
InterlockedIncrement
VirtualAlloc
SetLastError
CloseHandle
AddPrinterDriverExW
EnumFormsW
EnumPortsW
ReadPrinter
AddMonitorW
WritePrinter
SetFormW
AddJobW
ResetPrinterW
DeletePrinterDataExW
AddPrinterConnectionW
XcvDataW
DeletePrinterConnectionW
SetPortW
SetPrinterDataExW
StartPagePrinter
ScheduleJob
DeletePrinterDataW
SetJobW
EnumMonitorsW
DeletePrinterKeyW
AddPrintProvidorW
DeletePrinterDriverW
EnumJobsW
EndPagePrinter
AddPortW
PrinterMessageBoxW
DeletePrinterDriverExW
WaitForPrinterChange
StartDocPrinterW
AddPrintProcessorW
SetPrinterDataW
EndDocPrinter
AddPrinterDriverW
AddFormW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Lineside farwind Bloodsmalldoctor fewhow

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.5090.3818

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
TSI Healthcare

CharacterSet
Unknown (04E0)

InitializedDataSize
159744

EntryPoint
0x1d5a4

OriginalFileName
rosetravel.exe

MIMEType
application/octet-stream

LegalCopyright
Linedance

FileVersion
6.2.5090.3818

TimeStamp
2015:09:07 13:59:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TSI Healthcare

ProductVersion
6.2.5090.3818

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
operatenoise rightserve

CodeSize
163840

ProductName
TSI Healthcare

ProductVersionNumber
6.2.5090.3818

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 913c3cafa9134216ebe762c05e9f68b5
SHA1 59ed2976b1d857af584c16f7a1a6b22393bc1656
SHA256 b9d36404f6b77110518044195701f079a1f179dcc35fc5e0b51363a632205cc5
ssdeep
6144:6qtynLGHItRJOYejhmYbmCE7hPVKrwltouYbgw:6JFtbCjzC9NsEks

authentihash 8637c0dfc560b230a294ccd48fbe3b248bbd583db78404a82ecdb1a4c84467a9
imphash 81c14f6322828ded4b82836722dbc0a0
File size 280.0 KB ( 286720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-09 01:22:58 UTC ( 3 years, 6 months ago )
Last submission 2018-07-10 04:18:20 UTC ( 8 months, 1 week ago )
File names 5A8F.TMP
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs