× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c29209bf860a2ea1939a470c146ac9abf2e9d5adaead0d8d7e2e996d2f7f36cf
File name: b480aa61be5f648454773623b92c0bd3
Detection ratio: 31 / 56
Analysis date: 2014-11-26 14:43:33 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.DP.BG0@aiAZxrnk 20141126
AhnLab-V3 PUP/Win32.LoadMoney 20141126
Avast Win32:LoadMoney-JU [PUP] 20141126
AVG Crypt3.BCHZ 20141126
Avira (no cloud) TR/Dropper.Gen2 20141126
AVware Trojan.Win32.Generic.pak!cobra 20141121
BitDefender Gen:Trojan.Heur.DP.BG0@aiAZxrnk 20141126
Bkav HW32.Packed.E00F 20141120
CAT-QuickHeal Downloader.LMN.r8 (Not a Virus) 20141126
Comodo Application.Win32.LoadMoney.LST 20141126
DrWeb Trojan.LoadMoney.336 20141126
Emsisoft Gen:Trojan.Heur.DP.BG0@aiAZxrnk (B) 20141126
ESET-NOD32 a variant of Win32/Kryptik.BCEE 20141126
F-Prot W32/A-fc226942!Eldorado 20141126
F-Secure Gen:Trojan.Heur.DP.BG0@aiAZxrnk 20141126
Fortinet Riskware/LMN 20141126
GData Gen:Trojan.Heur.DP.BG0@aiAZxrnk 20141126
Ikarus not-a-virus:Downloader.LMN 20141126
Kaspersky not-a-virus:Downloader.Win32.LMN.qncf 20141126
McAfee Packed-CQ 20141126
McAfee-GW-Edition BehavesLike.Win32.Downloader.gh 20141126
Microsoft TrojanDownloader:Win32/Ogimant.gen!C 20141126
eScan Gen:Trojan.Heur.DP.BG0@aiAZxrnk 20141126
NANO-Antivirus Riskware.Win32.Krap.bsaoor 20141126
Norman Kryptik.CDIC 20141126
Qihoo-360 Malware.QVM20.Gen 20141126
Sophos AV Troj/LdMon-J 20141126
Symantec WS.Reputation.1 20141126
TotalDefense Win32/Ogiman.GbPOMRD 20141125
VBA32 Malware-Cryptor.Limpopo 20141126
VIPRE Trojan.Win32.Generic.pak!cobra 20141126
AegisLab 20141126
Yandex 20141126
ALYac 20141126
Antiy-AVL 20141126
Baidu-International 20141126
ByteHero 20141126
ClamAV 20141126
CMC 20141126
Cyren 20141126
Jiangmin 20141125
K7AntiVirus 20141125
K7GW 20141126
Kingsoft 20141126
Malwarebytes 20141126
nProtect 20141126
Panda 20141126
Rising 20141126
SUPERAntiSpyware 20141126
Tencent 20141126
TheHacker 20141124
TrendMicro 20141126
TrendMicro-HouseCall 20141126
ViRobot 20141126
Zillya 20141124
Zoner 20141125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2004 InstallShield Software Corp.

Publisher InstallShield Software Corporation
Product InstallShield (R)
Original name ctor.dll
Internal name Ctor
File version 10.01.238
Description InstallShield (R) Ctor DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000019A8
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetSystemTime
GetStdHandle
EnterCriticalSection
lstrlenA
FreeLibrary
ExitProcess
GetVersionExA
GetModuleFileNameA
LoadLibraryA
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
GetCPInfo
UnhandledExceptionFilter
GetCommandLineA
CloseHandle
GetProcessHeap
GetModuleHandleA
WideCharToMultiByte
SetFilePointer
ReadFile
WriteFile
EnumCalendarInfoA
FindFirstFileA
lstrcpynA
GetACP
GetDiskFreeSpaceA
InitializeCriticalSection
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
TlsSetValue
CreateFileA
GetCurrentThreadId
VirtualAlloc
LeaveCriticalSection
GetSystemMetrics
SetWindowTextA
LoadStringA
AnyPopup
CharNextA
MessageBoxA
GetKeyboardType
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
RUSSIAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
32768

ImageVersion
0.0

ProductName
InstallShield (R)

FileVersionNumber
10.1.0.238

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
InstallShield (R) Ctor DLL

CharacterSet
Unicode

LinkerVersion
2.25

OriginalFilename
ctor.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.01.238

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ctor

FileAccessDate
2014:11:26 15:44:46+01:00

ProductVersion
10.01

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:11:26 15:44:46+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2004 InstallShield Software Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
InstallShield Software Corporation

CodeSize
412672

FileSubtype
0

ProductVersionNumber
10.1.0.0

EntryPoint
0x19a8

ObjectFileType
Executable application

File identification
MD5 b480aa61be5f648454773623b92c0bd3
SHA1 fe0f32e0d1320c5980b05c07b33e5568b9eadbed
SHA256 c29209bf860a2ea1939a470c146ac9abf2e9d5adaead0d8d7e2e996d2f7f36cf
ssdeep
6144:VGGi6J6aUA6Ic0ulomAWZyAB0sgHg/S4eqjanSBiwHMD573yElMrYK4ejqrxuDCN:4GizaUADue+Brg6aSQqUNejuCU9

authentihash 7c8da6896f831e830b72671a3fb3ca83879db345fab0166ff60d3e5776ae9a5c
imphash 542263e48e41d3f2d780b37e052dce1c
File size 436.0 KB ( 446464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-26 14:43:33 UTC ( 3 years, 6 months ago )
Last submission 2014-11-26 14:43:33 UTC ( 3 years, 6 months ago )
File names ctor.dll
Ctor
b480aa61be5f648454773623b92c0bd3
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections