× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cee9f6fb3bab45bf0ab7bf4f1b8dc9bbfd436ef4566c3464253b95661611b043
File name: 3.exe
Detection ratio: 3 / 42
Analysis date: 2012-05-13 05:34:18 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.SmartFixer 20120511
K7AntiVirus Trojan 20120511
SUPERAntiSpyware Trojan.Agent/Gen-FraudSoft 20120512
AVG 20120511
AntiVir 20120511
Antiy-AVL 20120512
Avast 20120512
BitDefender 20120512
ByteHero 20120511
CAT-QuickHeal 20120511
ClamAV 20120512
Commtouch 20120512
Comodo 20120512
DrWeb 20120512
Emsisoft 20120512
F-Prot 20120511
F-Secure 20120512
Fortinet 20120508
GData 20120512
Ikarus 20120512
Jiangmin 20120512
Kaspersky 20120511
McAfee 20120512
McAfee-GW-Edition 20120512
Microsoft 20120512
NOD32 20120512
Norman 20120511
PCTools 20120512
Panda 20120511
Rising 20120511
Sophos 20120512
Symantec 20120512
TheHacker 20120511
TrendMicro 20120512
TrendMicro-HouseCall 20120511
VBA32 20120511
VIPRE 20120512
ViRobot 20120512
VirusBuster 20120511
eSafe 20120509
eTrust-Vet 20120511
nProtect 20120511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
_

Product Dgg.exe
Original name Dgg.exe
Internal name Dgg.exe
File version 5.47.17.77
Description Dgg.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-11 12:42:17
Entry Point 0x00002970
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
CreateFontIndirectW
CreateHalftonePalette
CreatePen
SetStretchBltMode
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
SetLayout
Arc
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
RealizePalette
SetTextColor
MoveToEx
GetStockObject
SelectPalette
SetROP2
CreateCompatibleDC
StretchBlt
SetBrushOrgEx
SelectObject
Ellipse
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
CreatePenIndirect
GetLastError
InitializeCriticalSection
DisableThreadLibraryCalls
CopyFileW
EnterCriticalSection
lstrcpynW
ReleaseMutex
GetModuleFileNameW
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
MulDiv
GetTickCount
IsBadWritePtr
GlobalUnlock
lstrcmpW
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetCurrentProcessId
lstrlenW
UnhandledExceptionFilter
MultiByteToWideChar
DeleteFileW
GetProcAddress
ExitThread
CreateFileMappingW
CompareStringW
lstrcpyW
CreateThread
MapViewOfFile
SetUnhandledExceptionFilter
CreateMutexW
ResetEvent
GetSystemTimeAsFileTime
DuplicateHandle
GlobalLock
GetModuleHandleW
SetEvent
LocalFree
TerminateProcess
LoadLibraryW
CreateEventW
FreeLibraryAndExitThread
GetWindowsDirectoryW
UnmapViewOfFile
GlobalAlloc
InterlockedDecrement
Sleep
MoveFileW
CloseHandle
GetCurrentThreadId
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
AlphaBlend
Ord(4)
Ord(6)
Ord(2)
DragQueryFileW
SHGetFileInfoW
wnsprintfA
StrFormatByteSizeW
SetFocus
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
CharUpperBuffW
GetDC
GetCursorPos
MapDialogRect
SendMessageW
GetClientRect
DrawTextW
CallNextHookEx
LoadImageW
GetWindowTextW
RegisterClipboardFormatW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
DestroyWindow
GetParent
UpdateWindow
GetMessageW
ShowWindow
GetDesktopWindow
PeekMessageW
EnableWindow
CharUpperW
LoadIconW
TranslateMessage
IsWindowEnabled
GetDlgItemInt
GetIconInfo
MsgWaitForMultipleObjects
RegisterClassW
LoadStringW
EnableMenuItem
DrawFocusRect
SetTimer
IsDialogMessageW
FillRect
CreateAcceleratorTableW
GetSysColorBrush
CreateWindowExW
GetWindowLongW
PtInRect
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
DefWindowProcW
CopyIcon
KillTimer
SendNotifyMessageW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
MonitorFromRect
CreateDialogParamW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDlgItem
PostThreadMessageW
DestroyAcceleratorTable
SetDlgItemInt
SetWindowsHookExW
LoadCursorW
GetSystemMenu
FindWindowExW
DispatchMessageW
SetForegroundWindow
ReleaseDC
IntersectRect
EndDialog
CopyRect
GetCapture
MessageBeep
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
GetSysColor
SetDlgItemTextW
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
WinHelpW
MonitorFromWindow
FrameRect
InvalidateRect
CharNextW
GetClassNameW
IsRectEmpty
GetFocus
wsprintfW
TranslateAcceleratorW
SetCursor
PlaySoundW
GdipSetImageAttributesColorMatrix
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipDeleteGraphics
GdipSetImageAttributesThreshold
GdipCreateImageAttributes
GdipGetImageEncoders
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDrawImageRectRectI
GdipDisposeImageAttributes
GdipFree
GdipGetImageDecodersSize
GdipGetImageHeight
GdipCloneImage
GdipGetImageGraphicsContext
GdipGetImageDecoders
_except_handler3
malloc
_adjust_fdiv
free
wcscmp
_initterm
_vsnwprintf
CoUnmarshalInterface
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance
CoUninitialize
FreePropVariantArray
PropVariantClear
CLSIDFromString
CoAllowSetForegroundWindow
Number of PE resources by type
RT_ICON 2
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL DEFAULT 5
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
360448

ImageVersion
20.3

ProductName
Dgg.exe

FileVersionNumber
5.47.17.77

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

pv
7.5.7.9

CharacterSet
Unicode

LinkerVersion
11.2

OriginalFileName
Dgg.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.47.17.77

TimeStamp
2012:05:11 05:42:17-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dgg.exe

ProductVersion
1.0.0.0

FileDescription
Dgg.exe

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
_

MachineType
Intel 386 or later, and compatibles

CompanyName

CodeSize
0

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x2970

ObjectFileType
Executable application

File identification
MD5 e16d9e16cf1df9e4965c4be836fc046a
SHA1 c5fbae41260fb138dbd39c51566877a2781ebbdf
SHA256 cee9f6fb3bab45bf0ab7bf4f1b8dc9bbfd436ef4566c3464253b95661611b043
ssdeep
6144:FPOCHCicttHfhUoMLe+K+pph2HbRXtos5TUyjBNa5Yl4O1HQaZY0M+ensxNpIKQh:FPOTicLhU6+K+bIHlB5YyjB4S5lN1VGj

File size 368.5 KB ( 377344 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-05-12 09:48:23 UTC ( 1 year, 11 months ago )
Last submission 2012-09-04 05:36:41 UTC ( 1 year, 7 months ago )
File names Dgg.exe
file
3.exe
e16d9e16cf1df9e4965c4be836fc046a
C853B1B0001E0F59C29E05FF9B446700B110ECE7.tmp
file-3936306_exe
3.exe-MXjm3r
377344_e16d9e16cf1df9e4965c4be836fc046a.exe
setup_data.exe
24082
c5fbae41260fb138dbd39c51566877a2781ebbdf.bin
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!