× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf1aff945df2586a3a8ba95f19e3c374da4f28ae68be9118f2837bc8223dc18a
File name: fteproxy.exe
Detection ratio: 0 / 68
Analysis date: 2018-11-14 03:36:09 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20181112
AegisLab 20181114
AhnLab-V3 20181114
Alibaba 20180921
ALYac 20181114
Antiy-AVL 20181114
Arcabit 20181114
Avast 20181114
Avast-Mobile 20181113
AVG 20181114
Avira (no cloud) 20181114
Babable 20180918
Baidu 20181112
BitDefender 20181114
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181114
CMC 20181114
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181114
Cyren 20181114
DrWeb 20181114
eGambit 20181114
Emsisoft 20181114
Endgame 20181108
ESET-NOD32 20181114
F-Prot 20181114
F-Secure 20181114
Fortinet 20181114
GData 20181114
Ikarus 20181113
Sophos ML 20181108
Jiangmin 20181114
K7AntiVirus 20181113
K7GW 20181113
Kaspersky 20181114
Kingsoft 20181114
Malwarebytes 20181114
MAX 20181114
McAfee 20181114
McAfee-GW-Edition 20181114
Microsoft 20181114
eScan 20181114
NANO-Antivirus 20181114
Palo Alto Networks (Known Signatures) 20181114
Panda 20181113
Qihoo-360 20181114
Rising 20181114
SentinelOne (Static ML) 20181011
Sophos AV 20181114
SUPERAntiSpyware 20181114
Symantec 20181114
Symantec Mobile Insight 20181108
TACHYON 20181114
Tencent 20181114
TheHacker 20181113
TotalDefense 20181113
TrendMicro 20181114
TrendMicro-HouseCall 20181114
Trustlook 20181114
VBA32 20181113
VIPRE 20181113
ViRobot 20181113
Webroot 20181114
Yandex 20181113
Zillya 20181113
ZoneAlarm by Check Point 20181114
Zoner 20181114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Product fteproxy
Original name fteproxy.exe
File version 0.2.19
Description fteproxy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-10 09:40:34
Entry Point 0x00002B28
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
LoadResource
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
VirtualProtect
LoadLibraryA
GetModuleFileNameA
GetCurrentProcess
GetCurrentProcessId
LockResource
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
MapViewOfFile
GetModuleHandleA
FormatMessageA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingA
OutputDebugStringA
GetFullPathNameA
LocalFree
TerminateProcess
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
CreateFileA
GetTickCount
GetCurrentThreadId
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
strncmp
__p__fmode
malloc
_crt_debugger_hook
realloc
memset
__dllonexit
_stricmp
_controlfp_s
fprintf
_invoke_watson
strncpy
_cexit
?terminate@@YAXXZ
_lock
qsort
_onexit
__initenv
exit
_XcptFilter
_encode_pointer
__setusermatherr
_initterm_e
_adjust_fdiv
_amsg_exit
_unlock
strrchr
__p__commode
memcpy
getenv
_except_handler4_common
atoi
free
__getmainargs
setbuf
_exit
_decode_pointer
__iob_func
bsearch
_snprintf
_configthreadlocale
_initterm
_strdup
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
PYTHONSCRIPT 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
10240

ImageVersion
0.0

ProductName
fteproxy

FileVersionNumber
0.2.19.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
fteproxy.exe

MIMEType
application/octet-stream

FileVersion
0.2.19

TimeStamp
2008:11:10 10:40:34+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.2.19

FileDescription
fteproxy

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
8704

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x2b28

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 d4a27c1e8510dacb7b5e8881f5b09440
SHA1 be861cf927ae8a0fb633f6bc5078d9eac20a81aa
SHA256 cf1aff945df2586a3a8ba95f19e3c374da4f28ae68be9118f2837bc8223dc18a
ssdeep
384:t/n2vPeqUfmEZ+nUn0fJCfMdXWgugoL2RPyD2SEhzWY0Kt0K:tOPeqYmEb0kUXFeT80K

authentihash 6c942c680e4b402422222211a1c7306b9111138e2d6fd1175316e4fb82ade602
imphash b28c641d753fb51b62a00fe6115070ae
File size 19.5 KB ( 19968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-10-10 15:51:10 UTC ( 4 years, 4 months ago )
Last submission 2018-03-26 17:09:14 UTC ( 11 months ago )
File names fteproxy (2016_01_09 22_17_59 utc).exe
fteproxy (2015_10_25 07_36_10 utc).exe
fteproxy (2015_12_13 18_19_20 utc).exe
fteproxy (2015_10_24 16_32_54 utc).exe
fteproxy (2016_01_23 06_35_43 utc).exe
x2dbz6jhv2fa7nrt626fa6gz5lbavank.exe
fteproxy (2015_10_18 18_51_16 utc).exe
fteproxy (2015_10_23 02_59_54 utc).exe
fteproxy.exe
fteproxy (2016_01_04 02_54_29 utc).exe
fteproxy (2015_11_18 07_30_19 utc).exe
fteproxy (2015_12_04 22_46_50 utc).exe
fteproxy (2016_02_04 03_28_48 utc).exe
fteproxy.exe
fteproxy.exe
fteproxy (2015_12_27 07_40_46 utc).exe
fteproxy (2016_01_07 10_49_22 utc).exe
fteproxy (2015_11_25 17_55_00 utc).exe
fteproxy (2015_11_03 07_38_49 utc).exe
fteproxy (2015_10_19 08_39_59 utc).exe
fteproxy.exe
fteproxy (2015_10_28 20_51_59 utc).exe
fteproxy (2016_01_10 22_22_28 utc).exe
fteproxy (2015_12_04 23_59_32 utc).exe
fteproxy.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs