× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: ceb1b45ba3cc3b4c8b3f632cfc74c38b8b1067062731c1f16f983cd58dddf92d
File name: pwtoolm.exe
Detection ratio: 6 / 66
Analysis date: 2017-12-18 09:10:53 UTC ( 4 months ago )
Antivirus Result Update
AegisLab Troj.W32.Autoit.lZhY 20171218
CMC Trojan.Win32.Generic!O 20171218
Comodo UnclassifiedMalware 20171218
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171218
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171218
Ad-Aware 20171218
AhnLab-V3 20171218
Alibaba 20171218
ALYac 20171218
Antiy-AVL 20171218
Arcabit 20171218
Avast 20171218
Avast-Mobile 20171217
AVG 20171218
Avira (no cloud) 20171218
AVware 20171218
Baidu 20171216
BitDefender 20171218
Bkav 20171216
CAT-QuickHeal 20171218
ClamAV 20171218
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171218
Cyren 20171218
DrWeb 20171218
eGambit 20171218
Emsisoft 20171218
Endgame 20171130
ESET-NOD32 20171218
F-Prot 20171218
F-Secure 20171218
Fortinet 20171218
GData 20171218
Jiangmin 20171218
K7AntiVirus 20171217
K7GW 20171218
Kingsoft 20171218
Malwarebytes 20171218
MAX 20171218
McAfee 20171218
McAfee-GW-Edition 20171218
Microsoft 20171218
eScan 20171218
NANO-Antivirus 20171218
nProtect 20171218
Palo Alto Networks (Known Signatures) 20171218
Panda 20171217
Qihoo-360 20171218
Rising 20171218
SentinelOne (Static ML) 20171207
Sophos AV 20171218
SUPERAntiSpyware 20171218
Symantec 20171218
Symantec Mobile Insight 20171215
Tencent 20171218
TheHacker 20171210
TotalDefense 20171218
TrendMicro-HouseCall 20171218
Trustlook 20171218
VBA32 20171215
VIPRE 20171218
ViRobot 20171218
Webroot 20171218
WhiteArmor 20171204
Yandex 20171216
Zillya 20171217
Zoner 20171218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2012 © Para-Welt.com

File version 1.0.0.0
Packers identified
F-PROT AutoIt, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x0011BF40
Number of sections 3
PE sections
Overlays
MD5 833c2774563408551ce35d1352bef816
File type data
Offset 709120
Size 33675
Entropy 7.99
PE imports
[+] ADVAPI32.dll
GetAce
[+] COMCTL32.dll
ImageList_Remove
[+] COMDLG32.dll
GetSaveFileNameW
[+] GDI32.dll
LineTo
[+] KERNEL32.DLL
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
[+] MPR.dll
WNetGetConnectionW
[+] OLEAUT32.dll
VariantInit
[+] PSAPI.DLL
EnumProcesses
[+] SHELL32.dll
DragFinish
[+] USER32.dll
GetDC
[+] USERENV.dll
LoadUserProfileW
[+] VERSION.dll
VerQueryValueW
[+] WININET.dll
FtpOpenFileW
[+] WINMM.dll
timeGetTime
[+] WSOCK32.dll
recv
[+] ole32.dll
CoInitialize
Number of PE resources by type
RT_ICON 12
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 26
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
888832

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
438272

EntryPoint
0x11bf40

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2012:01:29 22:32:28+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
2012 Para-Welt.com

MachineType
Intel 386 or later, and compatibles

CodeSize
274432

FileSubtype
0

ProductVersionNumber
3.3.8.1

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 f2c6ea20d90b84941cc80d3fea81c211
SHA1 3c5949bb4a3e65b52c8948f471d0abb76ed15ef6
SHA256 ceb1b45ba3cc3b4c8b3f632cfc74c38b8b1067062731c1f16f983cd58dddf92d
ssdeep
12288:M6Wq4aaE6KwyF5L0Y2D1PqL+abbD9/CgPocPuXxsSYsOh:KthEVaPqLBYgQsS/Oh

authentihash 0a9b437ae5546bf837bcfb56d384714523a35c54cc5d17a6c993e131af99b70f
imphash 890e522b31701e079a367b89393329e6
File size 725.4 KB ( 742795 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2013-01-02 21:16:21 UTC ( 5 years, 3 months ago )
Last submission 2017-12-18 09:10:53 UTC ( 4 months ago )
File names PWToolM.exe
pwtoolm.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | | Google groups | ToS | Privacy policy