× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4650f69cd42d6b5bd21b125f3ab2fc0b5cab3b5f9830c82dfb88d5e21be5b97
File name: webcam.exe
Detection ratio: 8 / 56
Analysis date: 2016-05-09 12:37:06 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Avast Win32:Evo-gen [Susp] 20160509
AVG Win32/Sality 20160509
AVware Virus.Win32.Sality.atbh (v) 20160509
Cyren W32/Sality.E.gen!Eldorado 20160509
F-Prot W32/Sality.E.gen!Eldorado 20160509
NANO-Antivirus Virus.Win32.Virut-Gen.bwpxnc 20160509
Rising Virus.Sality/Debris!1.A12C 20160509
VIPRE Virus.Win32.Sality.atbh (v) 20160509
Ad-Aware 20160509
AegisLab 20160509
AhnLab-V3 20160508
Alibaba 20160509
ALYac 20160509
Antiy-AVL 20160509
Arcabit 20160509
Baidu 20160506
Baidu-International 20160509
BitDefender 20160509
Bkav 20160506
CAT-QuickHeal 20160509
ClamAV 20160508
CMC 20160506
Comodo 20160509
DrWeb 20160509
Emsisoft 20160503
ESET-NOD32 20160509
F-Secure 20160509
Fortinet 20160509
GData 20160509
Ikarus 20160509
Jiangmin 20160509
K7AntiVirus 20160508
K7GW 20160509
Kaspersky 20160509
Kingsoft 20160509
Malwarebytes 20160509
McAfee 20160509
McAfee-GW-Edition 20160509
Microsoft 20160509
eScan 20160509
nProtect 20160504
Panda 20160509
Qihoo-360 20160509
Sophos AV 20160509
SUPERAntiSpyware 20160509
Symantec 20160509
Tencent 20160509
TheHacker 20160508
TotalDefense 20160509
TrendMicro 20160509
TrendMicro-HouseCall 20160509
VBA32 20160505
ViRobot 20160509
Yandex 20160508
Zillya 20160508
Zoner 20160509
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1999-2008

File version 8, 6, 25, 1
Description Capture Application (Sample)
Comments SOFT SNAP (King Yang)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-25 03:22:39
Entry Point 0x0001E066
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
SelectObject
DeleteDC
PatBlt
CreateFontA
GetStockObject
ExtTextOutA
CreateSolidBrush
SetStretchBltMode
SetBkColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
GetTextMetricsA
GetStdHandle
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDiskFreeSpaceExA
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
GetProfileIntA
OutputDebugStringA
SetLastError
CopyFileA
HeapAlloc
GetUserDefaultLCID
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
GlobalLock
lstrcpyA
GetProfileStringA
IsValidLocale
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
VirtualQuery
OpenFile
SizeofResource
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetDiskFreeSpaceA
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
acmFormatChooseA
acmMetrics
VarUI4FromStr
SysFreeString
VariantClear
VariantInit
Ord(250)
Ord(251)
SetFocus
RedrawWindow
EndPaint
UpdateWindow
EndDialog
BeginPaint
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
SetWindowPos
RemoveMenu
GetSystemMetrics
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
IsCharAlphaA
TranslateMessage
DialogBoxParamA
GetSysColor
GetDlgItemInt
CheckDlgButton
GetDC
SetWindowLongA
GetAsyncKeyState
IsCharAlphaNumericA
WaitMessage
CreatePopupMenu
CheckMenuItem
GetMenu
GetWindowLongA
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
EnableMenuItem
RegisterClassA
InvalidateRect
LoadAcceleratorsA
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
SetWindowTextA
GetMenuItemCount
IsDlgButtonChecked
CharNextA
SetDlgItemInt
wsprintfA
ReleaseDC
TranslateAcceleratorA
GetWindowTextA
DestroyWindow
timeGetTime
GetSaveFileNameA
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
CoTaskMemRealloc
CoCreateInstance
CreateBindCtx
MkParseDisplayName
CoTaskMemFree
Number of PE resources by type
RT_DIALOG 6
RT_ICON 2
RT_MENU 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
SOFT SNAP (King Yang)

InitializedDataSize
69632

ImageVersion
0.0

FileVersionNumber
8.6.25.1

LanguageCode
English (U.S.)

FileFlagsMask
0x30003f

FileDescription
Capture Application (Sample)

CharacterSet
Windows, Latin1

LinkerVersion
7.1

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8, 6, 25, 1

TimeStamp
2008:06:25 04:22:39+01:00

FileType
Win32 EXE

PEType
PE32

OLESelfRegister
AM30

ProductVersion
8, 6, 25, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 1999-2008

MachineType
Intel 386 or later, and compatibles

CodeSize
167936

FileSubtype
0

ProductVersionNumber
8.6.25.1

EntryPoint
0x1e066

ObjectFileType
Executable application

File identification
MD5 ccc94e0443109ea13337bc3e1bdef5ea
SHA1 6b200ef87a9a20fbb6a872a7959dc1d529a36704
SHA256 c4650f69cd42d6b5bd21b125f3ab2fc0b5cab3b5f9830c82dfb88d5e21be5b97
ssdeep
3072:3Z2n8SBy7zu3HXe7tmX7xhVQOIiU3MJ2C3z5V7liLBMvZ8RAlhRQk:3gU7zmucLxrQd38z3hiLwUwRQk

authentihash 997084b5b327ca267a7474b55e6839a18eaaf1ec8903c6234e031a0ecbbfccfb
imphash fd3b0cbb37381a1370fc6acdde43ad4a
File size 216.3 KB ( 221462 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-09 12:37:06 UTC ( 2 years, 9 months ago )
Last submission 2016-05-09 12:37:06 UTC ( 2 years, 9 months ago )
File names webcam.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications