× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c24b48469eaac2c464375b1ffbf36dab69610ef36c1c48025e6948bf43382077
File name: 3cb578a870bc6b34cf5f097996435af75735455a
Detection ratio: 32 / 57
Analysis date: 2016-11-23 14:54:27 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3733461 20161123
ALYac Trojan.GenericKD.3733461 20161123
Antiy-AVL Trojan/Win32.Bublik 20161123
Arcabit Trojan.Generic.D38F7D5 20161123
Avast Win32:Malware-gen 20161123
AVG PSW.Generic13.RDD 20161123
Avira (no cloud) TR/Crypt.Xpack.oznoy 20161123
AVware Trojan.Win32.Generic!BT 20161123
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20161123
BitDefender Trojan.GenericKD.3733461 20161123
Bkav W32.FamVT.RazyNHmA.Trojan 20161123
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.DownLoader23.20405 20161123
Emsisoft Trojan.GenericKD.3733461 (B) 20161123
ESET-NOD32 Win32/Spy.Zbot.YW 20161123
F-Secure Trojan.GenericKD.3733461 20161123
Fortinet W32/Bublik.ETQL!tr 20161123
GData Trojan.GenericKD.3733461 20161123
Ikarus Trojan-Spy.Agent 20161123
Sophos ML backdoor.win32.kasidet.c 20161018
Kaspersky Trojan.Win32.Bublik.etql 20161123
McAfee Artemis!81B78F9E49A3 20161123
McAfee-GW-Edition Artemis!Trojan 20161123
Microsoft PWS:Win32/Zbot 20161123
eScan Trojan.GenericKD.3733461 20161123
Qihoo-360 HEUR/QVM09.0.5719.Malware.Gen 20161123
Sophos AV Mal/Generic-S 20161123
Symantec Infostealer.Banker.C 20161123
Tencent Win32.Trojan.Inject.Auto 20161123
TrendMicro TROJ_GEN.R011C0DKM16 20161123
TrendMicro-HouseCall TROJ_GEN.R011C0DKM16 20161123
VIPRE Trojan.Win32.Generic!BT 20161123
AegisLab 20161123
AhnLab-V3 20161123
Alibaba 20161123
CAT-QuickHeal 20161123
ClamAV 20161123
CMC 20161123
Comodo 20161122
Cyren 20161123
F-Prot 20161123
Jiangmin 20161123
K7AntiVirus 20161123
K7GW 20161123
Kingsoft 20161123
Malwarebytes 20161123
NANO-Antivirus 20161123
nProtect 20161123
Panda 20161122
Rising 20161123
SUPERAntiSpyware 20161123
TheHacker 20161122
TotalDefense 20161123
Trustlook 20161123
VBA32 20161123
ViRobot 20161123
WhiteArmor 20161018
Yandex 20161123
Zillya 20161122
Zoner 20161123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008-2009 Christian Ghisler

Product Ghisler Software GmbH Totalcmd-X64
Original name tcmdx64.exe
Internal name Totalcmd-X64
File version 1, 0, 0, 4
Description Total Commander 32bit->64bit helper tool
Comments Tool used internally by Total Commander, do not start directly!
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-19 02:30:29
Entry Point 0x000039BE
Number of sections 4
PE sections
PE imports
GetTextCharset
DeviceIoControl
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryA
LoadLibraryW
GetLastError
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetFileAttributesW
RtlUnwind
GetModuleFileNameA
GetStdHandle
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
HeapSize
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
GetStringTypeA
GetProcessHeap
ExitProcess
QueryDosDeviceW
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemDirectoryW
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
PrepareTape
HeapDestroy
GetOEMCP
LocalFree
TerminateProcess
LCMapStringA
GetVersion
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
GetMenuItemCount
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
GERMAN SWISS 1
PE resources
ExifTool file metadata
FileDescription
Total Commander 32bit->64bit helper tool

Comments
Tool used internally by Total Commander, do not start directly!

InitializedDataSize
409600

ImageVersion
0.0

ProductName
Ghisler Software GmbH Totalcmd-X64

FileVersionNumber
1.0.0.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
ASCII

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
tcmdx64.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 4

TimeStamp
2016:11:19 03:30:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Totalcmd-X64

SubsystemVersion
4.0

ProductVersion
1, 0, 0, 4

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2008-2009 Christian Ghisler

MachineType
Intel 386 or later, and compatibles

CompanyName
Ghisler Software GmbH

CodeSize
36864

FileSubtype
0

ProductVersionNumber
1.0.0.4

EntryPoint
0x39be

ObjectFileType
Executable application

File identification
MD5 81b78f9e49a36e887a94c72ac1783910
SHA1 3cb578a870bc6b34cf5f097996435af75735455a
SHA256 c24b48469eaac2c464375b1ffbf36dab69610ef36c1c48025e6948bf43382077
ssdeep
6144:Z9/12frj2PTE8hLwJtcIvs2U0aoND9ngiVVQOfpvPzDSuEMdHv:6qrEG0g2U0aoQYyYpiuEMp

authentihash a99d522ea02e563575b15dfb4eac05c2e87cc99379154d992b418d4121a30707
imphash aaa8d8ca692221be80c149e1f54a24e6
File size 324.0 KB ( 331776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-23 14:54:27 UTC ( 2 years, 3 months ago )
Last submission 2016-11-23 14:54:27 UTC ( 2 years, 3 months ago )
File names tcmdx64.exe
Totalcmd-X64
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications