× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ccfe517699505a40d8c82307c3adcb30277a39cc4bc2f1edb132080cc189062d
File name: Ohqiu.bin
Detection ratio: 4 / 57
Analysis date: 2015-01-30 13:24:32 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Zbot.A.1654 20150130
CMC Trojan.Win32.Swizzor.1!O 20150129
ESET-NOD32 Win32/Spy.Zbot.ACB 20150130
Kaspersky Trojan.Win32.Yakes.iszr 20150130
Ad-Aware 20150130
AegisLab 20150130
Yandex 20150129
AhnLab-V3 20150130
Alibaba 20150129
ALYac 20150130
Antiy-AVL 20150130
Avast 20150130
AVG 20150130
AVware 20150130
Baidu-International 20150130
BitDefender 20150130
Bkav 20150130
ByteHero 20150130
CAT-QuickHeal 20150130
ClamAV 20150130
Comodo 20150130
Cyren 20150130
DrWeb 20150130
Emsisoft 20150130
F-Prot 20150130
F-Secure 20150130
Fortinet 20150130
GData 20150130
Ikarus 20150130
Jiangmin 20150129
K7AntiVirus 20150130
K7GW 20150130
Kingsoft 20150130
Malwarebytes 20150130
McAfee 20150130
McAfee-GW-Edition 20150130
Microsoft 20150130
eScan 20150130
NANO-Antivirus 20150130
Norman 20150130
nProtect 20150130
Panda 20150130
Qihoo-360 20150130
Rising 20150129
Sophos AV 20150130
SUPERAntiSpyware 20150130
Symantec 20150130
Tencent 20150130
TheHacker 20150129
TotalDefense 20150129
TrendMicro 20150130
TrendMicro-HouseCall 20150130
VBA32 20150129
VIPRE 20150130
ViRobot 20150130
Zillya 20150129
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2000-2014 Disc Soft Ltd.

Product DAEMON Tools Ultra
Original name DTLauncher.exe
Internal name DTLauncher.exe
File version 3.0.0.0309
Description DAEMON Tools Ultra
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-29 22:40:45
Entry Point 0x00003560
Number of sections 5
PE sections
PE imports
ImageList_ReplaceIcon
ImageList_Create
CreatePropertySheetPageW
GetSaveFileNameW
Ord(12)
DnsQueryConfig
GetObjectA
EndPage
DeleteDC
CreateHalftonePalette
StartDocA
GetStockObject
CreateBitmap
TextOutA
EndDoc
GetPaletteEntries
SelectObject
StartPage
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
ImmGetDefaultIMEWnd
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
DecodePointer
GetCurrentProcessId
lstrcatA
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStartupInfoW
ExitProcess
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
WNetGetConnectionA
EnumProtocolsA
Shell_NotifyIconA
SetFocus
GetParent
BeginPaint
SetMenuItemInfoA
LoadImageA
DefWindowProcA
ShowWindow
SendDlgItemMessageA
IsWindow
MoveWindow
GetWindow
GetDC
RegisterClassExA
GetCursorPos
ReleaseDC
GetMenu
GetWindowLongA
SendMessageA
GetClientRect
GetSubMenu
LoadCursorA
LoadIconA
FillRect
GetSysColorBrush
CallWindowProcA
SnmpSvcGetUptime
PE exports
Number of PE resources by type
RT_RCDATA 18
RT_GROUP_CURSOR 10
RT_BITMAP 8
RT_STRING 4
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 42
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.0.309

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
283648

EntryPoint
0x3560

OriginalFileName
DTLauncher.exe

MIMEType
application/octet-stream

LegalCopyright
2000-2014 Disc Soft Ltd.

FileVersion
3.0.0.0309

TimeStamp
2015:01:29 23:40:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DTLauncher.exe

ProductVersion
3.0.0.0309

FileDescription
DAEMON Tools Ultra

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Disc Soft Ltd

CodeSize
55296

ProductName
DAEMON Tools Ultra

ProductVersionNumber
3.0.0.309

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f00004316d66341c8fb116f66eaddf9a
SHA1 4cc306b49482bef0c0716b4860304c3c1db056ad
SHA256 ccfe517699505a40d8c82307c3adcb30277a39cc4bc2f1edb132080cc189062d
ssdeep
6144:zz0bEIaof6s4ob4DMSTOQGehWEnb4HkQagjR9BIsNSI05j6/AObt:P0bhbf6gb4DMiBkkQaWhSL6/

authentihash 4818f9782d5211e210cb5a81b8b526cc4e21f19b6b1230d6ef3b87ecc0f72063
imphash e82f193651ced2856ee89b08d164c9ae
File size 332.0 KB ( 339968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-30 11:33:20 UTC ( 4 years, 1 month ago )
Last submission 2015-01-30 13:24:32 UTC ( 4 years, 1 month ago )
File names Ohqiu.bin
hptcpu.exe
DTLauncher.exe
PNdhCgIJ.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.