× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c98fbb33eebb44f1f258e57922fbb2de621db4da0de3296ae0605b8010efea09
File name: 3b4cdcff1f05057c8a56a37c84135813c99c8a2c
Detection ratio: 28 / 57
Analysis date: 2015-09-01 21:58:35 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.55867 20150901
Yandex Trojan.PWS.Tepfer!EvetZY0z35M 20150901
ALYac Gen:Variant.Symmi.55867 20150901
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20150901
Arcabit Trojan.Symmi.DDA3B 20150901
Avast Win32:Malware-gen 20150901
AVG Zbot.AGHE 20150901
Avira (no cloud) TR/Crypt.ZPACK.178017 20150901
AVware Trojan.Win32.Generic!BT 20150901
BitDefender Gen:Variant.Symmi.55867 20150901
Bkav HW32.Packed.1E7A 20150901
DrWeb Trojan.PWS.Siggen1.40937 20150901
Emsisoft Gen:Variant.Symmi.55867 (B) 20150901
ESET-NOD32 Win32/Spy.Zbot.ABW 20150901
F-Secure Gen:Variant.Symmi.55867 20150901
Fortinet W32/Tepfer.ABW!tr.pws 20150901
GData Gen:Variant.Symmi.55867 20150901
Kaspersky Trojan-PSW.Win32.Tepfer.pswwfr 20150901
McAfee Artemis!6F7C6137CAA8 20150901
McAfee-GW-Edition Artemis 20150901
eScan Gen:Variant.Symmi.55867 20150901
NANO-Antivirus Trojan.Win32.Tepfer.dvuazp 20150901
Panda Trj/Genetic.gen 20150901
Rising PE:Malware.XPACK-HIE/Heur!1.9C48[F1] 20150901
Sophos AV Troj/Zbot-KAR 20150901
Symantec Trojan.Gen 20150901
TrendMicro TROJ_GEN.R00JC0EHU15 20150901
VIPRE Trojan.Win32.Generic!BT 20150901
AegisLab 20150901
AhnLab-V3 20150901
Alibaba 20150901
Baidu-International 20150901
ByteHero 20150901
CAT-QuickHeal 20150901
ClamAV 20150901
CMC 20150831
Comodo 20150901
Cyren 20150901
F-Prot 20150901
Ikarus 20150901
Jiangmin 20150901
K7AntiVirus 20150901
K7GW 20150901
Kingsoft 20150901
Malwarebytes 20150901
Microsoft 20150901
nProtect 20150901
Qihoo-360 20150901
SUPERAntiSpyware 20150829
Tencent 20150901
TheHacker 20150831
TotalDefense 20150901
TrendMicro-HouseCall 20150901
VBA32 20150901
ViRobot 20150901
Zillya 20150901
Zoner 20150901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-02-03 19:56:21
Entry Point 0x0005B740
Number of sections 4
PE sections
PE imports
SetDIBits
SetMapMode
GetWindowOrgEx
GetNearestColor
ResizePalette
SetTextAlign
GetPaletteEntries
CombineRgn
PlayMetaFile
GetROP2
GetViewportOrgEx
SetColorAdjustment
GetTextExtentPointA
SetPixel
IntersectClipRect
AngleArc
CopyEnhMetaFileA
GetTextExtentPointW
PlgBlt
GetTextFaceW
CreatePalette
GetPolyFillMode
CreateEllipticRgnIndirect
ExtCreateRegion
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
GetTextFaceA
GetKerningPairsW
ScaleViewportExtEx
ArcTo
GetTextMetricsA
SetWindowExtEx
Arc
GetKerningPairsA
ExtCreatePen
SetBkColor
SetRectRgn
CreateFontA
GetTextCharsetInfo
GetDIBColorTable
DeleteEnhMetaFile
PathToRegion
TextOutW
CreateFontIndirectW
OffsetRgn
EnumFontsW
GetCurrentPositionEx
CreateFontIndirectA
CreateRectRgnIndirect
EnumFontsA
GetBitmapBits
GetBrushOrgEx
ExcludeClipRect
TranslateCharsetInfo
SetBkMode
EnumFontFamiliesW
SetMetaFileBitsEx
PtInRegion
OffsetClipRgn
EnumFontFamiliesA
GetCharacterPlacementA
FillRgn
GetOutlineTextMetricsA
CreateBrushIndirect
SelectPalette
PtVisible
CreateEnhMetaFileA
SetBoundsRect
StartDocW
ExtEscape
LineTo
GetNearestPaletteIndex
GetCharWidth32W
SetDIBColorTable
EnumEnhMetaFile
GetOutlineTextMetricsW
SetPixelV
DeleteObject
SetBitmapBits
PatBlt
AddFontResourceW
GetClipBox
Polygon
GetDeviceCaps
CreateDCA
GetMetaFileBitsEx
DeleteDC
GetMapMode
GetCharWidthW
StartPage
GetObjectW
GetCharWidthA
CreateBitmapIndirect
CreatePatternBrush
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
GetPath
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GetTextAlign
EndPage
GetEnhMetaFileHeader
SetTextCharacterExtra
OffsetWindowOrgEx
GetTextExtentPoint32W
RectInRegion
MaskBlt
CreatePolygonRgn
CreateICA
PolylineTo
GetGlyphOutlineW
SaveDC
CreateICW
GetTextCharset
GetEnhMetaFilePaletteEntries
GetGlyphOutlineA
GetPixel
SetMapperFlags
GetBitmapDimensionEx
GetStretchBltMode
SetDIBitsToDevice
CreateDIBSection
SetTextColor
PolyDraw
GetCurrentObject
SetMiterLimit
MoveToEx
EnumFontFamiliesExW
SetArcDirection
StrokeAndFillPath
CreateFontW
SetStretchBltMode
PolyBezier
SetBrushOrgEx
GetClipRgn
Ellipse
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
CopyMetaFileA
AbortDoc
GetTextCharacterExtra
GetQueuedCompletionStatus
GetStartupInfoA
GetSystemInfo
GetModuleHandleA
GetOverlappedResult
LoadLibraryExW
GetVersion
EscapeCommFunction
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
GetMessageA
VerInstallFileA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA
midiOutLongMsg
waveOutSetVolume
waveInOpen
midiInGetErrorTextA
joyGetNumDevs
PlaySoundW
waveOutUnprepareHeader
midiOutGetDevCapsA
mmioRenameW
waveOutGetDevCapsA
midiOutGetVolume
mixerGetLineControlsW
mciGetErrorStringA
waveInStop
midiStreamStop
mciGetDeviceIDFromElementIDA
mixerGetLineControlsA
waveOutSetPlaybackRate
midiInStart
sndPlaySoundW
mciSendStringA
mmioDescend
auxGetDevCapsW
timeBeginPeriod
midiOutGetErrorTextA
mixerGetNumDevs
waveOutOpen
midiStreamOpen
mmioSeek
joyGetDevCapsW
mciGetCreatorTask
midiOutMessage
mmioSendMessage
mixerGetLineInfoW
midiOutUnprepareHeader
midiOutReset
joyGetDevCapsA
waveOutGetPlaybackRate
waveInAddBuffer
midiInUnprepareHeader
waveOutClose
mmioCreateChunk
waveOutBreakLoop
mciGetDeviceIDW
mmioGetInfo
mixerGetControlDetailsA
PlaySoundA
mixerMessage
midiInGetNumDevs
timeGetDevCaps
OpenDriver
midiStreamClose
mmioAdvance
waveInGetNumDevs
midiOutClose
mixerGetDevCapsA
CloseDriver
midiOutGetNumDevs
waveOutGetID
midiOutCachePatches
mixerSetControlDetails
mciSendCommandW
joySetCapture
mciGetDeviceIDA
waveOutGetVolume
waveOutWrite
waveOutGetPitch
waveOutPause
DefDriverProc
midiInPrepareHeader
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH JAMAICA 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.230.234.211

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2093056

EntryPoint
0x5b740

OriginalFileName
Extend.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2071

FileVersion
0.0.0.0

TimeStamp
2006:02:03 20:56:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Glimmerings

FileDescription
Grind

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intuit

CodeSize
372736

ProductName
Entitles Doctorate

ProductVersionNumber
0.253.154.178

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6f7c6137caa8cda617fc4d0e2d07f4f2
SHA1 3b4cdcff1f05057c8a56a37c84135813c99c8a2c
SHA256 c98fbb33eebb44f1f258e57922fbb2de621db4da0de3296ae0605b8010efea09
ssdeep
6144:f7vPHnuJveRheNDguQadL4PZzuaNv94mwkfaVaWExRrO3cwGAQHDQAk5V:DvIvGsnQadsBtv9moaVaW4hO3nFeQAk

authentihash af8dba06c8de8c60d0527ab96f70c5f87c626f834db480ec58784d260a6f38b3
imphash d1a425191b1fa5a4d3e0b29c6653adaf
File size 392.0 KB ( 401408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-01 21:58:35 UTC ( 3 years, 6 months ago )
Last submission 2015-09-01 21:58:35 UTC ( 3 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Opened service managers
Runtime DLLs