× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bec7c51a6d22704bb17774593a6e77405adf62cd520265abdbfcdb27648ae7ff
File name: 9c5981d3819fa0c0379e7645601ba2698223be28
Detection ratio: 6 / 56
Analysis date: 2015-06-29 01:00:37 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Spy.Zbot.ACB 20150628
Kaspersky UDS:DangerousObject.Multi.Generic 20150629
Panda Trj/Genetic.gen 20150628
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150628
TrendMicro TROJ_FORUCON.BMC 20150629
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150629
Ad-Aware 20150629
AegisLab 20150626
Yandex 20150628
AhnLab-V3 20150628
Alibaba 20150629
ALYac 20150629
Antiy-AVL 20150628
Arcabit 20150629
Avast 20150629
AVG 20150629
Avira (no cloud) 20150628
AVware 20150629
Baidu-International 20150628
BitDefender 20150628
Bkav 20150627
ByteHero 20150629
CAT-QuickHeal 20150628
ClamAV 20150628
Comodo 20150629
Cyren 20150629
DrWeb 20150628
Emsisoft 20150628
F-Prot 20150628
F-Secure 20150629
Fortinet 20150629
GData 20150629
Ikarus 20150629
Jiangmin 20150626
K7AntiVirus 20150628
K7GW 20150628
Kingsoft 20150629
Malwarebytes 20150628
McAfee 20150629
McAfee-GW-Edition 20150628
Microsoft 20150628
eScan 20150629
NANO-Antivirus 20150628
nProtect 20150626
Qihoo-360 20150629
Sophos AV 20150628
SUPERAntiSpyware 20150628
Symantec 20150629
Tencent 20150629
TheHacker 20150626
TotalDefense 20150628
VBA32 20150627
VIPRE 20150628
ViRobot 20150629
Zillya 20150628
Zoner 20150629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008-2015 PatientLink Enterprises

Publisher PatientLink Enterprises
Product MassClean
Original name thoughbelieve.exe
Internal name MassClean
File version 5.2.2364.9743
Description MassClean
Comments MassClean
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-25 10:54:51
Entry Point 0x00001E56
Number of sections 4
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
InterlockedDecrement
FindNextChangeNotification
SetLastError
PeekNamedPipe
GetEnvironmentVariableA
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
FindCloseChangeNotification
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
GetDiskFreeSpaceA
ResetEvent
DuplicateHandle
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
HeapCreate
VirtualFree
Sleep
VirtualAlloc
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
MassClean

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.2364.9743

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
MassClean

CharacterSet
Unicode

InitializedDataSize
176128

EntryPoint
0x1e56

OriginalFileName
thoughbelieve.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2015 PatientLink Enterprises

FileVersion
5.2.2364.9743

TimeStamp
2015:06:25 11:54:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MassClean

ProductVersion
5.2.2364.9743

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PatientLink Enterprises

CodeSize
176128

ProductName
MassClean

ProductVersionNumber
5.2.2364.9743

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 231e57a86e85d52525b0b5fca1bafd97
SHA1 9c5981d3819fa0c0379e7645601ba2698223be28
SHA256 bec7c51a6d22704bb17774593a6e77405adf62cd520265abdbfcdb27648ae7ff
ssdeep
6144:fhqTPSopxtwBeF1S7sjVdhMPWUYcSJbKFgKZz26:cZXtEeFBPHbRK46

authentihash 7462f702153eb7c9637f87f50b91b06feb716168bb718fc99702bb736d4da5c4
imphash c7ea6431f2f5472f667182ebda3217e8
File size 284.0 KB ( 290816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-29 01:00:37 UTC ( 3 years, 9 months ago )
Last submission 2015-09-03 07:54:57 UTC ( 3 years, 6 months ago )
File names 48C8.tmp
MassClean
thoughbelieve.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs