× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cceaaf978e137023ff333095383a1dd8c6559bf07e70c589d0a53082185006df
File name: rsvp.exe
Detection ratio: 35 / 46
Analysis date: 2013-08-05 22:09:26 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AVG Win32/Cryptor 20130805
AhnLab-V3 Trojan/Win32.Small 20130805
AntiVir TR/Crypt.XPACK.Gen5 20130805
Antiy-AVL Trojan/Win32.Generic 20130805
Avast Win32:Malware-gen 20130805
BitDefender Gen:Variant.Symmi.14468 20130805
CAT-QuickHeal Trojan.Small.gen 20130805
Commtouch W32/SmallDl.F.gen!Eldorado 20130805
Comodo TrojWare.Win32.Agent.AWR 20130805
DrWeb Trojan.DownLoader9.43635 20130805
ESET-NOD32 a variant of Win32/Rodecap.BA 20130805
Emsisoft Gen:Variant.Symmi.14468 (B) 20130805
F-Prot W32/SmallDl.F.gen!Eldorado 20130805
F-Secure Gen:Variant.Symmi.14468 20130805
Fortinet W32/Rodecap.BA!tr 20130805
GData Gen:Variant.Symmi.14468 20130805
Ikarus Trojan.Win32.Small 20130805
K7AntiVirus Trojan-Downloader 20130805
Kaspersky Trojan-Ransom.Win32.Foreign.fxpn 20130805
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130723
Malwarebytes Trojan.FakeMS 20130805
McAfee Downloader-FIK!BC445781BE29 20130805
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20130805
MicroWorld-eScan Gen:Variant.Symmi.14468 20130805
Microsoft Trojan:Win32/Small.BH 20130805
NANO-Antivirus Trojan.Win32.XPACK.byeeqi 20130805
Norman Smalltroj.ACEMZ 20130805
Panda Trj/Genetic.gen 20130805
Sophos Mal/Generic-S 20130805
Symantec WS.Reputation.1 20130805
TheHacker Trojan/Rodecap.ba 20130805
TrendMicro TROJ_GEN.F0C2C0KH213 20130805
TrendMicro-HouseCall TROJ_GEN.F0C2C0KH213 20130805
VBA32 Hoax.Foreign 20130805
VIPRE Trojan.Win32.Small.bhn (v) 20130805
Agnitum 20130805
ByteHero 20130724
ClamAV 20130805
Jiangmin 20130805
K7GW 20130805
PCTools 20130805
Rising 20130805
SUPERAntiSpyware 20130805
TotalDefense 20130805
ViRobot 20130805
nProtect 20130805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Developer metadata
Copyright
? Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft? Windows? Operating System
Version 5.1.2600.0
Original name rsvp.exe
Internal name rsvp.exe
File version 5.1.2600.0
Description Microsoft RSVP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-15 21:44:01
Entry Point 0x0003D489
Number of sections 5
PE sections
PE imports
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
DnsFree
DnsQuery_A
GetStdHandle
GetConsoleOutputCP
VerifyVersionInfoA
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
SetFileTime
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
GetProcAddress
WaitForDebugEvent
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
TlsGetValue
FindNextChangeNotification
BeginUpdateResourceA
SetLastError
GetSystemTime
InitializeCriticalSection
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UpdateResourceA
GetVolumeInformationA
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FormatMessageA
CreateMutexA
GetModuleHandleA
SetUnhandledExceptionFilter
HeapCreate
GlobalMemoryStatus
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
EndUpdateResourceA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
ReadProcessMemory
GetCPInfo
WaitForMultipleObjects
GetProcessHeap
CompareStringW
FindFirstFileA
CompareStringA
CreateFileMappingA
FindNextFileA
IsValidLocale
GlobalLock
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetShortPathNameA
GetEnvironmentStrings
GetCurrentProcessId
ContinueDebugEvent
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetStringTypeA
GetCurrentThread
OpenMutexA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
EnumSystemLocalesA
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
TerminateProcess
VirtualAlloc
GetCursorPos
EmptyClipboard
GetCapture
GetForegroundWindow
GetActiveWindow
SetClipboardData
GetSystemMetrics
GetDesktopWindow
MessageBoxA
GetFocus
GetClipboardOwner
wsprintfW
CloseClipboard
GetCaretPos
GetClipboardData
OpenClipboard
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
FtpGetFileSize
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
FtpOpenFileA
InternetOpenA
InternetConnectA
HttpQueryInfoA
InternetCrackUrlA
InternetCreateUrlA
Ord(3)
Ord(23)
Ord(20)
Ord(115)
Ord(52)
Ord(9)
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
File identification
MD5 bc445781be2960d96b9bcf5d215b1405
SHA1 5fdf608d11005923209fdd8a9b1a2f13ac4726c0
SHA256 cceaaf978e137023ff333095383a1dd8c6559bf07e70c589d0a53082185006df
ssdeep
6144:TEkfYALXkdi7dPwDGRFrSgtotBzRoCqK0RVl82Z0Ncv9WR:QwY6Xkdi7dPwDGRFrS7RoD5RnrZ0rR

File size 454.5 KB ( 465408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-24 17:12:37 UTC ( 1 year, 7 months ago )
Last submission 2013-07-24 17:12:37 UTC ( 1 year, 7 months ago )
File names bc445781be2960d96b9bcf5d215b1405
rsvp.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications