× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cda75073be54f128b310f3a9fd6b47f6a0a0e69cb0d3e78a83012b7f09cfa86c
File name: CHECKTOPOLOGY.EXE
Detection ratio: 2 / 65
Analysis date: 2018-01-23 23:18:04 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
Ikarus Gen.Malware.Heur 20180123
Yandex Trojan.Agent!GivDIZwDJmw 20180112
Ad-Aware 20180123
AegisLab 20180123
AhnLab-V3 20180123
Alibaba 20180123
ALYac 20180123
Antiy-AVL 20180123
Arcabit 20180123
Avast 20180123
Avast-Mobile 20180123
AVG 20180123
Avira (no cloud) 20180123
AVware 20180123
Baidu 20180123
BitDefender 20180123
Bkav 20180122
CAT-QuickHeal 20180123
ClamAV 20180123
CMC 20180123
Comodo 20180123
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180124
Cyren 20180123
DrWeb 20180123
eGambit 20180124
Emsisoft 20180123
Endgame 20171130
ESET-NOD32 20180123
F-Prot 20180123
Fortinet 20180123
GData 20180123
Sophos ML 20180121
Jiangmin 20180123
K7AntiVirus 20180123
K7GW 20180123
Kaspersky 20180123
Kingsoft 20180124
Malwarebytes 20180123
MAX 20180124
McAfee 20180123
McAfee-GW-Edition 20180123
Microsoft 20180123
eScan 20180123
NANO-Antivirus 20180123
nProtect 20180123
Palo Alto Networks (Known Signatures) 20180124
Panda 20180123
Qihoo-360 20180124
Rising 20180123
SentinelOne (Static ML) 20180115
Sophos AV 20180123
SUPERAntiSpyware 20180123
Symantec 20180123
Symantec Mobile Insight 20180123
TheHacker 20180119
TotalDefense 20180118
TrendMicro 20180123
TrendMicro-HouseCall 20180123
Trustlook 20180124
VBA32 20180123
VIPRE 20180123
ViRobot 20180123
Webroot 20180124
Zillya 20180123
ZoneAlarm by Check Point 20180123
Zoner 20180123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2008-2009,Stepok Image Lab.

Product SelfPlayer
Original name Player.EXE
Internal name Player
File version 2, 3, 0, 1
Description SCREEN2EXE/SWF Player
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-10 01:14:34
Entry Point 0x00010A5F
Number of sections 4
PE sections
Overlays
MD5 822029bcc4f56660505967ba16ac6dee
File type data
Offset 122880
Size 318300
Entropy 7.89
PE imports
GetTextExtentPoint32A
CreateFontA
GetBitmapBits
StretchDIBits
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
InitializeCriticalSection
Sleep
GetTickCount
GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(2124)
Ord(2515)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(2446)
Ord(2864)
Ord(4297)
Ord(6215)
Ord(5875)
Ord(815)
Ord(641)
Ord(1175)
Ord(1948)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(5300)
Ord(2380)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(2982)
Ord(3920)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(2753)
Ord(4424)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(4224)
Ord(6307)
Ord(3584)
Ord(1727)
Ord(823)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(565)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(6375)
Ord(4167)
Ord(4699)
Ord(5303)
Ord(3262)
Ord(4317)
Ord(1576)
Ord(2256)
Ord(4299)
Ord(4353)
Ord(6157)
Ord(803)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(2726)
Ord(3922)
Ord(3499)
Ord(4376)
Ord(543)
Ord(324)
Ord(5265)
Ord(521)
Ord(3830)
Ord(2385)
Ord(3619)
Ord(3079)
Ord(4226)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5715)
Ord(355)
Ord(4133)
Ord(817)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(2567)
Ord(4673)
Ord(5302)
Ord(5731)
__p__fmode
malloc
rand
_ftol
fread
fclose
__dllonexit
_stricmp
fopen
_except_handler3
?terminate@@YAXXZ
fwrite
fseek
_onexit
ftell
exit
_XcptFilter
__setusermatherr
__p__commode
sprintf
_acmdln
_adjust_fdiv
free
__getmainargs
_exit
_setmbcp
__CxxFrameHandler
_initterm
_controlfp
__set_app_type
RedrawWindow
PostMessageA
OffsetRect
DrawIcon
GetSystemMetrics
GetWindowRect
EnableWindow
SetCapture
ReleaseCapture
GetDC
GetCursorPos
ReleaseDC
GetIconInfo
DrawIconEx
SendMessageA
GetClientRect
IsIconic
ScreenToClient
LoadCursorA
LoadIconA
CopyRect
GetDesktopWindow
PtInRect
PostThreadMessageA
SetCursor
waveOutReset
waveOutOpen
waveOutClose
waveOutUnprepareHeader
waveOutPause
waveOutPrepareHeader
waveOutWrite
PE exports
Number of PE resources by type
RT_ICON 12
RT_GROUP_ICON 11
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 24
CHINESE SIMPLIFIED 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
65536

EntryPoint
0x10a5f

OriginalFileName
Player.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2008-2009,Stepok Image Lab.

FileVersion
2, 3, 0, 1

TimeStamp
2009:07:10 02:14:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Player

ProductVersion
2, 3, 0, 1

FileDescription
SCREEN2EXE/SWF Player

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
69632

ProductName
SelfPlayer

ProductVersionNumber
2.3.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 02c0e7861e910060453e8c068470d5be
SHA1 98abb627f28f4f1dae2ce3fffd7bb8961a4277e7
SHA256 cda75073be54f128b310f3a9fd6b47f6a0a0e69cb0d3e78a83012b7f09cfa86c
ssdeep
12288:IuCSoT3/MXspEo3xWVBEbT2WzIqUxqDwo6TY:WDT3/M8hxWsmxVW

authentihash 8e3c88297236ee67d98eec491916f3ffc7deafd12ac86d86a39182b00d39771e
imphash 7330c1a4338b41cb756b94c82fa6f475
File size 430.8 KB ( 441180 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2012-12-17 07:54:47 UTC ( 5 years, 7 months ago )
Last submission 2018-01-23 23:18:04 UTC ( 5 months, 3 weeks ago )
File names CHECKTOPOLOGY.EXE
Player
Player.EXE
cda75073be54f128b310f3a9fd6b47f6a0a0e69cb0d3e78a83012b7f09cfa86c
CheckTopology.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0913.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.