× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c7f0f77248587644a7dbb34acf997b4e98cc72bd0c4701e5efd06598553df764
File name: 18d5eb0c83c427505b79f622659d4d5d830c8541
Detection ratio: 4 / 56
Analysis date: 2015-03-26 10:03:06 UTC ( 3 years, 12 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.BB2C 20150325
ESET-NOD32 a variant of Generik.KWXTJYU 20150326
Kaspersky Trojan-Spy.Win32.Zbot.vgcf 20150326
Tencent Trojan.Win32.Qudamah.Gen.24 20150326
Ad-Aware 20150326
AegisLab 20150326
Yandex 20150325
AhnLab-V3 20150326
Alibaba 20150326
ALYac 20150326
Antiy-AVL 20150326
Avast 20150326
AVG 20150326
Avira (no cloud) 20150326
AVware 20150326
Baidu-International 20150326
BitDefender 20150326
ByteHero 20150326
CAT-QuickHeal 20150326
ClamAV 20150326
CMC 20150325
Comodo 20150326
Cyren 20150326
DrWeb 20150326
Emsisoft 20150326
F-Prot 20150326
F-Secure 20150326
Fortinet 20150326
GData 20150326
Ikarus 20150326
Jiangmin 20150325
K7AntiVirus 20150326
K7GW 20150326
Kingsoft 20150326
Malwarebytes 20150326
McAfee 20150326
McAfee-GW-Edition 20150326
Microsoft 20150326
eScan 20150326
NANO-Antivirus 20150326
Norman 20150326
nProtect 20150326
Panda 20150325
Qihoo-360 20150326
Rising 20150325
Sophos AV 20150326
SUPERAntiSpyware 20150326
Symantec 20150326
TheHacker 20150324
TotalDefense 20150325
TrendMicro 20150326
TrendMicro-HouseCall 20150326
VBA32 20150326
VIPRE 20150326
ViRobot 20150326
Zillya 20150325
Zoner 20150323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
sign

Publisher Argentum Corporation
Product puniest
Original name stools.exe
Internal name ridings
File version 183, 235, 222, 21
Description quadrangle
Comments relativism
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-19 21:19:53
Entry Point 0x00011076
Number of sections 4
PE sections
Overlays
MD5 525ddde6276e0de5a564806bbd0eb776
File type data
Offset 90624
Size 160506
Entropy 7.26
PE imports
RegRestoreKeyA
RegCreateKeyExW
LookupPrivilegeValueA
RegCloseKey
CreatePrivateObjectSecurity
AddAccessDeniedAce
CopySid
OpenBackupEventLogW
LookupSecurityDescriptorPartsW
ControlService
LsaDeleteTrustedDomain
GetServiceKeyNameA
BuildImpersonateExplicitAccessWithNameW
GetAclInformation
RegQueryValueExW
AccessCheckAndAuditAlarmA
LookupAccountSidW
OpenSCManagerA
GetSidSubAuthority
GetTrusteeTypeW
BuildImpersonateTrusteeW
LsaClose
GetTrusteeFormW
PrivilegedServiceAuditAlarmA
LogonUserW
LsaRemoveAccountRights
RegisterEventSourceA
RegOpenKeyW
GetNamedSecurityInfoA
OpenEventLogW
LsaEnumerateAccountRights
SetPrivateObjectSecurity
LsaEnumerateAccountsWithUserRight
ChangeServiceConfig2A
GetTokenInformation
LsaOpenPolicy
SetServiceStatus
ImpersonateSelf
GetSecurityDescriptorDacl
RegEnumKeyExW
GetPrivateObjectSecurity
GetSecurityDescriptorSacl
EncryptFileW
RegLoadKeyW
LookupPrivilegeNameA
AddAuditAccessAce
RegEnumKeyExA
CreateProcessAsUserW
MapGenericMask
SetKernelObjectSecurity
GetServiceDisplayNameW
SetAclInformation
PrivilegeCheck
NotifyChangeEventLog
OpenSCManagerW
LsaSetDomainInformationPolicy
AllocateAndInitializeSid
ImpersonateLoggedOnUser
BuildTrusteeWithSidA
DecryptFileA
GetEffectiveRightsFromAclW
AddAce
RegisterClusterNotify
OpenClusterNetwork
ClusterResourceOpenEnum
RemoveClusterResourceNode
ClusterRegGetKeySecurity
ClusterResourceControl
GetClusterGroupKey
SetClusterQuorumResource
GetClusterNetInterfaceState
AddClusterResourceNode
DeleteClusterResourceType
OpenCluster
OpenClusterGroup
ClusterRegQueryInfoKey
GetClusterResourceState
CreateClusterGroup
ClusterRegDeleteKey
ClusterRegSetKeySecurity
CanResourceBeDependent
ClusterResourceCloseEnum
ClusterGroupControl
ChangeClusterResourceGroup
CloseCluster
GetClusterInformation
ClusterRegEnumValue
ClusterNetworkEnum
ClusterResourceTypeControl
OnlineClusterGroup
DeleteClusterGroup
ClusterNetInterfaceControl
ClusterNetworkOpenEnum
GetClusterNetworkState
GetClusterNetInterfaceKey
ClusterNodeEnum
ClusterNodeCloseEnum
GetClusterNodeState
ImageList_Replace
FlatSB_SetScrollInfo
ImageList_SetImageCount
FlatSB_GetScrollRange
Ord(5)
FlatSB_GetScrollInfo
_TrackMouseEvent
FlatSB_SetScrollProp
ImageList_Merge
Ord(17)
ImageList_SetIconSize
ImageList_Read
ImageList_GetImageInfo
ImageList_Destroy
ImageList_AddMasked
ImageList_DragLeave
CreatePropertySheetPageA
ImageList_Duplicate
InitCommonControlsEx
FlatSB_GetScrollPos
ImageList_DragShowNolock
Ord(16)
Ord(14)
FlatSB_EnableScrollBar
CreateEnhMetaFileW
ExtTextOutW
GdiGetBatchLimit
EnumFontFamiliesExW
FillPath
GdiSetBatchLimit
GetBitmapBits
GetTextCharacterExtra
SymGetSymFromName
SetImageConfigInformation
SplitSymbols
SymGetLineFromName
ImageEnumerateCertificates
ImagehlpApiVersionEx
RemoveRelocations
ImageGetCertificateData
GetStartupInfoA
GetPrivateProfileSectionNamesA
GetModuleHandleA
GetPrivateProfileSectionA
_except_handler3
_acmdln
_adjust_fdiv
__p__fmode
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_exit
__set_app_type
Ord(171)
Ord(23)
Ord(28)
Ord(33)
Ord(40)
Ord(41)
Ord(11)
Ord(502)
Ord(613)
Ord(611)
Ord(507)
Ord(607)
Ord(606)
Ord(602)
Ord(501)
Ord(511)
Ord(503)
Ord(610)
Ord(509)
Ord(500)
AccessibleObjectFromWindow
GetStateTextA
VarUI1FromR8
VarBoolFromR4
VarDecAbs
VarUI2FromI4
SafeArrayAllocDescriptorEx
QueryPathOfRegTypeLib
ResUtilSetDwordValue
ResUtilGetAllProperties
ResUtilGetResourceNameDependency
ResUtilVerifyService
ResUtilResourcesEqual
ResUtilStopService
ResUtilFreeParameterBlock
ResUtilGetDwordProperty
ResUtilSetMultiSzValue
ResUtilSetPropertyTable
ResUtilGetSzValue
ResUtilGetPrivateProperties
ResUtilEnumResources
ResUtilSetSzValue
ResUtilGetBinaryProperty
ResUtilSetExpandSzValue
ResUtilGetProperties
ResUtilGetBinaryValue
ResUtilVerifyResourceService
ResUtilFindDwordProperty
ResUtilGetResourceDependency
SHFileOperationA
SHBrowseForFolderA
SHQueryRecycleBinA
SHGetSettings
SHGetDesktopFolder
StrIsIntlEqualA
RemovePropA
OpenIcon
PostMessageA
DrawIcon
DdeNameService
FindWindowExW
SetMenuItemInfoW
DispatchMessageW
VerInstallFileA
VerFindFileA
GetFileVersionInfoW
VerInstallFileW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetGoOnline
InternetUnlockRequestFile
FtpDeleteFileW
InternetAutodialHangup
InternetHangUp
InternetFindNextFileA
GopherGetLocatorTypeA
mmioFlush
CoTaskMemAlloc
CLIPFORMAT_UserFree
OleCreateFromData
StgOpenAsyncDocfileOnIFillLockBytes
OleSetContainedObject
GetClassFile
OleCreateFromFile
StringFromCLSID
OleConvertOLESTREAMToIStorage
HPALETTE_UserMarshal
OleBuildVersion
OleSaveToStream
PdhUpdateLogW
PdhGetDefaultPerfObjectW
PdhFormatFromRawValue
PdhEnumObjectItemsW
PdhReadRawLogRecord
PdhGetFormattedCounterArrayA
PdhBrowseCountersW
PdhUpdateLogA
PdhValidatePathA
PdhAddCounterW
PdhCloseLog
PdhOpenQueryA
PdhCollectQueryData
PdhCalculateCounterFromRawValue
PdhMakeCounterPathW
PdhEnumObjectItemsA
PdhGetFormattedCounterArrayW
PdhOpenQueryW
PdhGetFormattedCounterValue
PdhMakeCounterPathA
PdhGetRawCounterArrayA
PdhEnumObjectsA
PdhOpenLogA
PdhExpandCounterPathA
PdhGetRawCounterArrayW
PdhCollectQueryDataEx
PdhParseInstanceNameW
Number of PE resources by type
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
LegalTrademarks
striver

SubsystemVersion
4.0

Comments
relativism

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.189.94.102

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
quadrangle

CharacterSet
Unicode

InitializedDataSize
1837568

EntryPoint
0x11076

OriginalFileName
stools.exe

MIMEType
application/octet-stream

LegalCopyright
sign

FileVersion
183, 235, 222, 21

TimeStamp
2006:11:19 22:19:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ridings

ProductVersion
155, 225, 76, 211

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Argentum Corporation

CodeSize
66560

ProductName
puniest

ProductVersionNumber
0.163.207.108

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cfbef5e76ae60941345495afd5220a96
SHA1 48c1d14989200f9a6461004ed5dee6a2234006dd
SHA256 c7f0f77248587644a7dbb34acf997b4e98cc72bd0c4701e5efd06598553df764
ssdeep
6144:XyZdlvljz78ceLQYY+zdHokhceJOAZyb:XyZdlvln78cekYY+BIk1s+yb

authentihash 0bdb6ce1396d893ffe785772a577e60d9d86057a6c8bb3f90366a44b273af82d
imphash 5628ecdfbeaf6c4a4f60a5b13c14dfd7
File size 245.2 KB ( 251130 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-26 10:03:06 UTC ( 3 years, 12 months ago )
Last submission 2015-03-30 12:10:11 UTC ( 3 years, 12 months ago )
File names stools.exe
ridings
18d5eb0c83c427505b79f622659d4d5d830c8541
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F0C2C00DF15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs