× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: ceb1b45ba3cc3b4c8b3f632cfc74c38b8b1067062731c1f16f983cd58dddf92d
File name: pwtoolm.exe
Detection ratio: 4 / 47
Analysis date: 2013-07-03 15:48:59 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Comodo UnclassifiedMalware 20130703
Kaspersky UDS:DangerousObject.Multi.Generic 20130703
Symantec WS.Reputation.1 20130703
TrendMicro-HouseCall TROJ_GEN.F47V0102 20130703
Yandex 20130703
AhnLab-V3 20130703
AntiVir 20130703
Antiy-AVL 20130702
Avast 20130703
AVG 20130703
BitDefender 20130701
ByteHero 20130613
CAT-QuickHeal 20130703
ClamAV 20130702
Commtouch 20130703
DrWeb 20130703
Emsisoft 20130703
eSafe 20130703
ESET-NOD32 20130703
F-Prot 20130703
F-Secure 20130703
Fortinet 20130703
GData 20130703
Ikarus 20130703
Jiangmin 20130703
K7AntiVirus 20130703
K7GW 20130703
Kingsoft 20130506
Malwarebytes 20130703
McAfee 20130703
McAfee-GW-Edition 20130703
Microsoft 20130703
eScan 20130702
NANO-Antivirus 20130703
Norman 20130703
nProtect 20130703
Panda 20130703
PCTools 20130703
Rising 20130703
Sophos 20130703
SUPERAntiSpyware 20130703
TheHacker 20130703
TotalDefense 20130703
TrendMicro 20130703
VBA32 20130702
VIPRE 20130703
ViRobot 20130703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2012 © Para-Welt.com

File version 1.0.0.0
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x0011BF40
Number of sections 3
PE sections
PE imports
[+] ADVAPI32.dll
GetAce
[+] COMCTL32.dll
ImageList_Remove
[+] COMDLG32.dll
GetSaveFileNameW
[+] GDI32.dll
LineTo
[+] KERNEL32.DLL
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
[+] MPR.dll
WNetGetConnectionW
[+] OLEAUT32.dll
Ord(8)
[+] PSAPI.DLL
EnumProcesses
[+] SHELL32.dll
DragFinish
[+] USER32.dll
GetDC
[+] USERENV.dll
LoadUserProfileW
[+] VERSION.dll
VerQueryValueW
[+] WININET.dll
FtpOpenFileW
[+] WINMM.dll
timeGetTime
[+] WSOCK32.dll
Ord(16)
[+] ole32.dll
CoInitialize
Number of PE resources by type
RT_ICON 12
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 26
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
888832

InitializedDataSize
438272

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
10.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2012:01:29 21:32:28+00:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
2012 Para-Welt.com

MachineType
Intel 386 or later, and compatibles

CodeSize
274432

FileSubtype
0

ProductVersionNumber
3.3.8.1

EntryPoint
0x11bf40

ObjectFileType
Unknown

File identification
MD5 f2c6ea20d90b84941cc80d3fea81c211
SHA1 3c5949bb4a3e65b52c8948f471d0abb76ed15ef6
SHA256 ceb1b45ba3cc3b4c8b3f632cfc74c38b8b1067062731c1f16f983cd58dddf92d
ssdeep
12288:M6Wq4aaE6KwyF5L0Y2D1PqL+abbD9/CgPocPuXxsSYsOh:KthEVaPqLBYgQsS/Oh

File size 725.4 KB ( 742795 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-01-02 21:16:21 UTC ( 4 years, 5 months ago )
Last submission 2013-07-03 15:48:59 UTC ( 3 years, 11 months ago )
File names PWToolM.exe
pwtoolm.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | | Google groups | ToS | Privacy policy