× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bc55a78b008cce2102f3679adc4694211cf61710e2bcf49391365928a0e96519
File name: c77ca2486d1517b511973ad1c923bb7d.exe
Detection ratio: 51 / 58
Analysis date: 2016-10-01 05:00:56 UTC ( 17 hours, 17 minutes ago )
Antivirus Result Update
ALYac Gen:Heur.JBot.1 20160930
AVG Luhe.Fiha.A 20161001
AVware Trojan.Win32.Reveton.aj (v) 20161001
Ad-Aware Gen:Heur.JBot.1 20161001
AegisLab Backdoor.W32.Androm.bket!c 20161001
AhnLab-V3 Trojan/Win32.Fakeavlock.N1052921777 20160930
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161001
Arcabit Trojan.JBot.1 20161001
Avast Win32:Malware-gen 20161001
Avira (no cloud) TR/Kuwrypt.AD 20161001
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160930
BitDefender Gen:Heur.JBot.1 20161001
Bkav W32.eHeur.Malware08 20160930
CAT-QuickHeal TrojanPWS.Zbot.Gen 20160930
Comodo Backdoor.Win32.Androm.BMUN 20161001
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Trojan.KUME-8159 20161001
DrWeb BackDoor.Kuluoz.4 20161001
ESET-NOD32 a variant of Win32/Kryptik.BRXG 20160930
Emsisoft Gen:Heur.JBot.1 (B) 20161001
F-Prot W32/Trojan3.GYP 20160926
F-Secure Gen:Heur.JBot.1 20161001
Fortinet W32/Zbot.FG!tr 20161001
GData Gen:Heur.JBot.1 20161001
Ikarus Backdoor.Win32.Androm 20160930
Invincea trojandownloader.win32.kuluoz.d 20160928
K7AntiVirus Trojan ( 004e4eb91 ) 20161001
K7GW Trojan ( 004e4eb91 ) 20161001
Kaspersky HEUR:Trojan.Win32.Generic 20161001
Malwarebytes Trojan.Dofoil 20161001
McAfee Backdoor-FBPF 20161001
McAfee-GW-Edition BehavesLike.Win32.Pinkslipbot.ch 20161001
eScan Gen:Heur.JBot.1 20161001
Microsoft TrojanDownloader:Win32/Kuluoz.D 20161001
NANO-Antivirus Trojan.Win32.Androm.csaimg 20161001
Panda Trj/Crilock.C 20160930
Qihoo-360 HEUR/Malware.QVM20.Gen 20161001
Rising Malware.Generic!hXvsyWGv19N@2 (thunder) 20161001
SUPERAntiSpyware Backdoor.Androm/Variant 20161001
Sophos Troj/Agent-AFIG 20161001
Symantec Trojan.Fakeavlock 20161001
Tencent Win32.Trojan.Inject.Auto 20161001
TheHacker Trojan/Kryptik.brxg 20161001
TotalDefense Win32/Zbot.KSdKMQ 20160920
TrendMicro BKDR_KULUOZ.OD 20161001
TrendMicro-HouseCall BKDR_KULUOZ.OD 20161001
VBA32 Backdoor.Androm 20160930
VIPRE Trojan.Win32.Reveton.aj (v) 20161001
ViRobot Backdoor.Win32.A.Androm.163328.A[h] 20161001
Yandex Trojan.Graftor!3AM7EDjwDIw 20160930
Zillya Trojan.Kryptik.Win32.621725 20160929
Alibaba 20160930
CMC 20160930
ClamAV 20161001
Jiangmin 20161001
Kingsoft 20161001
Zoner 20161001
nProtect 20161001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Copyright 2013 CoolPDF Software, Inc.

Product PDF Watermark Creator
File version 1.6.0.166
Description Setup PDF Watermark Creator
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-26 15:33:30
Entry Point 0x00002610
Number of sections 4
PE sections
PE imports
RegOpenKeyA
LPtoDP
SetWindowExtEx
LineTo
SetMapMode
DeleteDC
RestoreDC
MoveToEx
GetDeviceCaps
SaveDC
SetViewportOrgEx
CloseMetaFile
SetWindowOrgEx
CreateRectRgnIndirect
DeleteMetaFile
GetStockObject
CreateDCW
Rectangle
CreateMetaFileW
MoveFileA
GetTempPathA
SizeofResource
GetModuleHandleA
LoadResource
LockResource
CreateFileW
GlobalFree
GetCurrentProcess
GetStartupInfoA
GetTempFileNameA
EnumResourceLanguagesA
FindResourceExA
GlobalAlloc
VirtualAlloc
FreeResource
GetCurrentThread
Shell_NotifyIconA
MapWindowPoints
SetFocus
GetForegroundWindow
GetClassInfoExW
SystemParametersInfoA
EndPaint
EqualRect
OffsetRect
DefWindowProcW
FindWindowW
KillTimer
DestroyMenu
DestroyAcceleratorTable
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
GetParent
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
DispatchMessageA
RegisterClassExW
UpdateWindow
IntersectRect
PeekMessageA
AdjustWindowRectEx
CharNextW
BeginPaint
GetWindow
RemoveMenu
GetDC
GetKeyState
GetCursorPos
ReleaseDC
LoadMenuA
DestroyIcon
LoadStringA
RegisterClassExA
TranslateMessage
CallWindowProcW
wsprintfW
LoadStringW
GetClientRect
CreateWindowExA
SystemParametersInfoW
SetCursor
MessageBoxW
UnionRect
EnableMenuItem
RegisterClassA
InvalidateRect
GetSubMenu
SetTimer
LoadImageW
LoadIconA
GetMessageA
LoadCursorA
CharNextA
TrackPopupMenuEx
ExitWindowsEx
GetDesktopWindow
LoadCursorW
wsprintfA
GetFocus
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
PtInRect
SetWindowRgn
IsChild
DestroyWindow
_purecall
__p__fmode
malloc
_acmdln
realloc
wcschr
__dllonexit
_cexit
strtol
_c_exit
_onexit
wcscmp
exit
_XcptFilter
_ftol
__setusermatherr
_controlfp
_adjust_fdiv
_except_handler3
_wcsnicmp
__p__commode
free
__getmainargs
memcpy
_exit
wcsstr
_initterm
__set_app_type
_wtoi
CoUninitialize
OleRegGetUserType
CoTaskMemAlloc
WriteClassStm
CoCreateInstance
OleSaveToStream
CoTaskMemRealloc
OleLoadFromStream
OleRegEnumVerbs
CoRevokeClassObject
CoRegisterClassObject
OleRegGetMiscStatus
CreateDataAdviseHolder
CoTaskMemFree
CoInitialize
CreateOleAdviseHolder
CoGetClassObject
Number of PE resources by type
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.0.166

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
153600

EntryPoint
0x2610

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013 CoolPDF Software, Inc.

FileVersion
1.6.0.166

TimeStamp
2013:12:26 16:33:30+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
1.6

FileDescription
Setup PDF Watermark Creator

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CoolPDF Software, Inc.

CodeSize
8704

ProductName
PDF Watermark Creator

ProductVersionNumber
1.6.0.166

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c77ca2486d1517b511973ad1c923bb7d
SHA1 b03a96390c2c2d7db7b3a8b844b4b8599cf3422c
SHA256 bc55a78b008cce2102f3679adc4694211cf61710e2bcf49391365928a0e96519
ssdeep
1536:JKTJdpG0TF6RCrop5//irdRGPlf6Kohz7u+PhaKpel7jPR:JSTG0TF6Rcop5iZREf6Kuz7rQ9vR

authentihash fb42150e6bb7f1d9f780fecea6a1d447b0dde49f4fc5eb21641e6d084eabbbc6
imphash 89736635c02987bb5480001bce963f85
File size 159.5 KB ( 163328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-26 18:04:26 UTC ( 2 years, 9 months ago )
Last submission 2015-01-28 17:33:13 UTC ( 1 year, 8 months ago )
File names Court_Notice_Chicago_McDermott_Will_and_Emery.exe
court_notice_chicago_mcdermott_will_and_emery.exe
c77ca2486d1517b511973ad1c923bb7d.malware
c-78452-1171-1388082902
file-6399998_exe
court_notice_chicago_mcdermott_will_and_emery.exe
c77ca2486d1517b511973ad1c923bb7d.exe
08073657344c5ca87b4d2d00660d171bd44dc652
c77ca2486d1517b511973ad1c923bb7d
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!