× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4e45547477bfebbc1cdde8f161b1944eb217c12d2fdff1975d341d0beea2ff4
File name: e8d26b50fba789e07ecd0343866595f72edc6ded
Detection ratio: 37 / 57
Analysis date: 2016-10-31 13:53:27 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3642578 20161031
AhnLab-V3 Backdoor/Win32.Vawtrak.N2142129845 20161031
ALYac Trojan.GenericKD.3642578 20161031
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161031
Arcabit Trojan.Generic.D3794D2 20161031
Avast Win32:Malware-gen 20161031
AVG Crypt6.HZX 20161031
Avira (no cloud) TR/Crypt.ZPACK.pxddb 20161031
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161031
BitDefender Trojan.GenericKD.3642578 20161031
Bkav HW32.Packed.47DC 20161031
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.PWS.Papras.2166 20161031
Emsisoft Trojan.GenericKD.3642578 (B) 20161031
ESET-NOD32 Win32/PSW.Papras.EJ 20161031
F-Secure Trojan.GenericKD.3642578 20161031
Fortinet W32/Vawtrak.EA!tr.bdr 20161031
GData Trojan.GenericKD.3642578 20161031
Ikarus Trojan.Win32.PSW 20161031
Sophos ML virtool.win32.injector.ge 20161018
K7AntiVirus Password-Stealer ( 004cfc431 ) 20161031
K7GW Password-Stealer ( 004cfc431 ) 20161031
Kaspersky Backdoor.Win32.Vawtrak.ea 20161031
McAfee Artemis!9E42C8B7D3C4 20161031
McAfee-GW-Edition BehavesLike.Win32.BadFile.dh 20161031
Microsoft Trojan:Win32/Dynamer!ac 20161031
eScan Trojan.GenericKD.3642578 20161031
NANO-Antivirus Trojan.Win32.Papras.ehvrby 20161031
Panda Trj/GdSda.A 20161030
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161031
Rising Malware.Generic!laGW8isFBrT@2 (thunder) 20161031
Sophos AV Mal/Generic-S 20161031
Symantec Heur.AdvML.B 20161031
Tencent Win32.Backdoor.Vawtrak.Hviw 20161031
TrendMicro TROJ_GEN.R00JC0DJU16 20161031
TrendMicro-HouseCall TROJ_GEN.R00JC0DJU16 20161031
Yandex Backdoor.Vawtrak! 20161030
AegisLab 20161031
Alibaba 20161031
AVware 20161031
CAT-QuickHeal 20161031
ClamAV 20161031
CMC 20161031
Comodo 20161031
Cyren 20161031
F-Prot 20161031
Jiangmin 20161031
Kingsoft 20161031
Malwarebytes 20161031
nProtect 20161028
SUPERAntiSpyware 20161031
TheHacker 20161029
TotalDefense 20161028
VBA32 20161031
VIPRE 20161031
ViRobot 20161031
Zillya 20161028
Zoner 20161031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) simplitec GmbH. All rights reserved.

Product Simplitec CrashLogMailer
Original name CrashLogMailer.exe
File version 1.0.0.1020
Description CrashLogMailer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-12 03:15:33
Entry Point 0x000036BD
Number of sections 9
PE sections
PE imports
GetStockObject
UnlockFile
GetLastError
GetCurrencyFormatA
CopyFileW
GetUserDefaultLangID
CopyFileExA
InterlockedPopEntrySList
lstrlenA
SetTapeParameters
SetCommState
GetOEMCP
GetCommConfig
GetTimeFormatW
DebugBreak
DisableThreadLibraryCalls
GetCommMask
VirtualProtect
GetFileAttributesW
LockFile
LoadLibraryA
GetSystemDefaultLangID
GetProfileIntA
CreateRemoteThread
GetComputerNameA
GetCurrentProcess
GetPriorityClass
GetProcessIoCounters
GetPrivateProfileStringA
GetCurrentProcessId
AddAtomA
OpenProcess
SetFilePointer
FreeLibrary
GetEnvironmentVariableA
FindActCtxSectionStringA
DeleteFileW
DefineDosDeviceA
GetPrivateProfileStringW
GetCurrentThread
GetComputerNameW
AssignProcessToJobObject
RaiseException
CheckRemoteDebuggerPresent
GetPrivateProfileSectionW
GetSystemDefaultUILanguage
GetModuleHandleA
DebugBreakProcess
ReadFile
InterlockedExchange
WriteFile
CreateMemoryResourceNotification
CloseHandle
CreateTimerQueueTimer
GetCompressedFileSizeA
GetNumberOfConsoleMouseButtons
SetThreadIdealProcessor
SetComputerNameA
GetProcAddress
SetPriorityClass
GetExitCodeProcess
FindAtomW
ConnectNamedPipe
AllocateUserPhysicalPages
GetProcessShutdownParameters
GetNumberFormatA
UTRegister
FindFirstVolumeA
TlsGetValue
TerminateProcess
DeleteTimerQueueEx
CreateFileA
CreateMutexW
GetCurrentThreadId
LocalAlloc
ASN1CEREncZeroMultibyteString
ASN1BERDecZeroChar16String
ASN1BERDecSkip
ASN1BERDecU32Val
ASN1intx2int32
ASN1BERDecCheck
ASN1charstring_free
ASN1BERDecZeroChar32String
ASN1BERDecObjectIdentifier2
ASN1BERDecOpenType
ASN1BERDecS32Val
ASN1open_free
ASN1BEREncLength
ASN1BEREncOpenType
ASN1BERDecBitString2
ASN1_CreateDecoderEx
ASN1CEREncMultibyteString
ASN1bitstring_cmp
ASN1_CreateEncoder
ASN1_CloseEncoder2
ASN1ztchar32string_free
ASN1ztchar16string_free
ASN1BERDecUTF8String
ReadProcessorPwrScheme
ValidatePowerPolicies
IsPwrShutdownAllowed
WriteProcessorPwrScheme
CanUserWritePwrScheme
GetPwrCapabilities
IsPwrSuspendAllowed
ReadGlobalPwrPolicy
EnumPwrSchemes
MergeLegacyPwrScheme
DeletePwrScheme
CallNtPowerInformation
IsPwrHibernateAllowed
LoadCurrentPwrScheme
GetPwrDiskSpindownRange
IsAdminOverrideActive
WritePwrScheme
GetForegroundWindow
LoadMenuA
FindWindowW
FindWindowA
RegisterClassExW
GetClassNameA
LoadCursorFromFileW
GetWindow
RegisterClassExA
GetClientRect
IsIconic
GetSubMenu
FindWindowExA
LoadCursorA
LoadIconA
GetActiveWindow
AdjustWindowRect
CopyRect
GetSysColorBrush
LoadCursorW
LoadIconW
GetFocus
GetWindowLongW
OleUIEditLinksW
OleUIChangeIconW
OleUIInsertObjectW
OleUIAddVerbMenuW
OleUIObjectPropertiesW
OleUIBusyW
OleUIPasteSpecialW
OleUIChangeSourceW
OleUIUpdateLinksW
Number of PE resources by type
RT_ICON 10
RT_DIALOG 2
RT_GROUP_ICON 2
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 17
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
98304

ImageVersion
0.0

ProductName
Simplitec CrashLogMailer

FileVersionNumber
1.0.0.1020

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
CrashLogMailer

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
CrashLogMailer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1020

TimeStamp
2015:10:12 04:15:33+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
(c) simplitec GmbH. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
simplitec GmbH

CodeSize
77824

FileSubtype
0

ProductVersionNumber
2.0.0.0

EntryPoint
0x36bd

ObjectFileType
Executable application

File identification
MD5 9e42c8b7d3c498594b8a571caa065f5f
SHA1 e8d26b50fba789e07ecd0343866595f72edc6ded
SHA256 c4e45547477bfebbc1cdde8f161b1944eb217c12d2fdff1975d341d0beea2ff4
ssdeep
3072:INjHKhUfbo/Wf3igHNgswiZYyHEbML6DcSS1kXIbOhLNFkSbHNdz/Aj2paMj:MjvKWfTtgs5Yyq+jA

authentihash 5d5caa0cf8563f61628fdec97177c537c776da1548e8ede826eb5af7b6e4642e
imphash 3dcaaccccf98c6ca6141ad9f5789fdc0
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-31 13:53:27 UTC ( 2 years, 3 months ago )
Last submission 2017-03-15 10:24:46 UTC ( 1 year, 11 months ago )
File names c4e45547477bfebbc1cdde8f161b1944eb217c12d2fdff1975d341d0beea2ff4
CrashLogMailer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Searched windows
Runtime DLLs
UDP communications