× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb9bb534858fb79cb58b4a5411edd59c1b8b3390eb11635294f606f9950c595c
File name: WirelessKeyView.exe
Detection ratio: 23 / 44
Analysis date: 2012-10-10 16:15:23 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Agnitum Riskware.WirelessKeyView!9TsNcjkTDKI 20121010
AhnLab-V3 ASD.Prevention 20121010
AntiVir SPR/Tool.Wirekeyview.27 20121010
Avast Win32:PUP-gen [PUP] 20121010
BitDefender Gen:Application.Heur.dmKfb4@P@6oO 20121010
CAT-QuickHeal HackTool.Wirekeyview (Not a Virus) 20121010
Comodo UnclassifiedMalware 20121010
DrWeb Tool.PassView.662 20121010
ESET-NOD32 a variant of Win32/WirelessKeyView.A 20121010
Emsisoft HackTool.Win32.Wirekeyview!IK 20120919
F-Secure Gen:Application.Heur.dmKfb4@P@6oO 20121003
GData Gen:Application.Heur.dmKfb4@P@6oO 20121010
Ikarus HackTool.Win32.Wirekeyview 20121010
K7AntiVirus Riskware 20121010
McAfee Artemis!D25BDA98E927 20121010
McAfee-GW-Edition Artemis!D25BDA98E927 20121010
MicroWorld-eScan Gen:Application.Heur.dmKfb4@P@6oO 20121010
Microsoft HackTool:Win32/Wirekeyview 20121010
Sophos NirSoft 20121010
TheHacker Posible_Worm32 20121009
TrendMicro HKTL_PASSVIEW 20121010
TrendMicro-HouseCall HKTL_PASSVIEW 20121010
VIPRE Nirsoft Password Recovery (not malicious) 20121010
AVG 20121010
Antiy-AVL 20121009
ByteHero 20121009
ClamAV 20121010
Commtouch 20121010
F-Prot 20121010
Fortinet 20121010
Jiangmin 20121009
Kaspersky 20121010
Kingsoft 20121008
Norman 20121009
PCTools 20121010
Panda 20121010
Rising 20121009
SUPERAntiSpyware 20121010
Symantec 20121010
TotalDefense 20121010
VBA32 20121009
ViRobot 20121010
eSafe 20121009
nProtect 20121010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © 2006 - 2012 Nir Sofer

Publisher NirSoft
Product WirelessKeyView
Original name WirelessKeyView.exe
Internal name WirelessKeyView
File version 1.55
Description WirelessKeyView
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-28 20:35:50
Entry Point 0x00019C20
Number of sections 3
PE sections
PE imports
RegCloseKey
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SHGetMalloc
FindTextA
CoInitialize
Number of PE resources by type
RT_STRING 6
RT_DIALOG 5
RT_ICON 3
RT_BITMAP 3
RT_MENU 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 14
HEBREW DEFAULT 12
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.5.0

UninitializedDataSize
61440

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12288

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 2006 - 2012 Nir Sofer

FileVersion
1.55

TimeStamp
2012:07:28 21:35:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WirelessKeyView

ProductVersion
1.55

FileDescription
WirelessKeyView

OSVersion
4.0

OriginalFilename
WirelessKeyView.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
40960

ProductName
WirelessKeyView

ProductVersionNumber
1.5.5.0

EntryPoint
0x19c20

ObjectFileType
Executable application

File identification
MD5 d25bda98e9279afc6281b9550376bdab
SHA1 ca48c6e0a6cf0bc59b326b9e133aa71b948abb6c
SHA256 bb9bb534858fb79cb58b4a5411edd59c1b8b3390eb11635294f606f9950c595c
ssdeep
768:fsvDOZmXEobel2EbDrvEV6OULx6bbuNgm1x2Ua9aDHEeUULOCfQV07vv8pzR:07e6ETva0xYW9x2Ua9yhUUL9fQan8n

File size 49.0 KB ( 50176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx mz

VirusTotal metadata
First submission 2012-07-30 18:55:41 UTC ( 1 year, 8 months ago )
Last submission 2014-01-14 14:49:36 UTC ( 3 months ago )
File names d25bda98e9279afc6281b9550376bdab.exe
smona_bb9bb534858fb79cb58b4a5411edd59c1b8b3390eb11635294f606f9950c595c.bin
file-4315118_exe
d25bda98e9279afc6281b9550376bdab
WirelessKeyView
WirelessKeyView.exe
BB9BB534858FB79CB58B4A5411EDD59C1B8B3390EB11635294F606F9950C595C.dat
wirelesskeyview.exe
WirelessKeyViewx32.exe
Qhd1ddOx
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.