× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d25b12a9aafc91dfe137d4a99c73632c5571091109b238061e57670befea7a0e
File name: 3e6cb7a2f888f1bc45e783eea5634738cb556bd1
Detection ratio: 4 / 56
Analysis date: 2014-12-17 00:54:05 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Spy.Zbot.ACB 20141216
McAfee Generic-FAVU!183B96C1409B 20141216
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20141216
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141216
Ad-Aware 20141217
AegisLab 20141217
Yandex 20141216
AhnLab-V3 20141216
ALYac 20141217
Antiy-AVL 20141216
Avast 20141217
AVG 20141217
Avira (no cloud) 20141217
AVware 20141217
Baidu-International 20141216
BitDefender 20141216
Bkav 20141216
ByteHero 20141217
CAT-QuickHeal 20141216
ClamAV 20141216
CMC 20141215
Comodo 20141216
Cyren 20141217
DrWeb 20141217
Emsisoft 20141217
F-Prot 20141215
F-Secure 20141216
Fortinet 20141217
GData 20141216
Ikarus 20141216
Jiangmin 20141216
K7AntiVirus 20141216
K7GW 20141216
Kaspersky 20141216
Kingsoft 20141217
Malwarebytes 20141216
Microsoft 20141216
eScan 20141217
NANO-Antivirus 20141216
Norman 20141216
nProtect 20141216
Panda 20141216
Qihoo-360 20141217
Sophos AV 20141217
SUPERAntiSpyware 20141216
Symantec 20141217
Tencent 20141217
TheHacker 20141216
TotalDefense 20141216
TrendMicro 20141217
TrendMicro-HouseCall 20141216
VBA32 20141216
VIPRE 20141217
ViRobot 20141216
Zillya 20141216
Zoner 20141216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1991-2012 by Pierre-e Gougelet

Publisher XnView, http://www.xnview.com
Product XnView
Original name XnView.exe
Internal name XnView
File version 2.25
Description XnView for Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-16 18:51:29
Entry Point 0x00008B91
Number of sections 4
PE sections
PE imports
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
InitializeSecurityDescriptor
GetOpenFileNameA
GetDeviceCaps
CreateDCA
GetBitmapBits
CreateBitmapIndirect
TextOutW
DeleteDC
RestoreDC
SelectObject
SelectPalette
CreateCompatibleBitmap
GetBitmapDimensionEx
GetDIBits
RealizePalette
BitBlt
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
GetFontLanguageInfo
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
InterlockedDecrement
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
_lclose
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
_lcreat
lstrcpyA
InterlockedIncrement
IsValidLocale
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
_lwrite
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
NetUserEnum
NetApiBufferFree
OleLoadPicture
glLoadIdentity
glClear
ExtractAssociatedIconA
SHParseDisplayName
PathFindFileNameW
GetCursorPos
ReleaseDC
SetWindowTextA
LoadIconA
SendDlgItemMessageA
SendMessageA
GetCursorInfo
GetDesktopWindow
DefWindowProcA
GetIconInfo
GetMonitorInfoA
GetDC
FindWindowA
CreatePopupMenu
EnumDesktopsA
ScreenToClient
GetClassLongA
OemToCharA
OpenThemeData
CloseThemeData
SetPrinterDataExA
DeviceCapabilitiesA
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 8
RT_STRING 6
RT_BITMAP 5
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 23
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.25.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
65536

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1991-2012 by Pierre-e Gougelet

FileVersion
2.25

TimeStamp
2014:12:16 19:51:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XnView

ProductVersion
2.25

FileDescription
XnView for Windows

OSVersion
5.1

OriginalFilename
XnView.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
XnView, http://www.xnview.com

CodeSize
260096

ProductName
XnView

ProductVersionNumber
2.25.0.0

EntryPoint
0x8b91

ObjectFileType
Executable application

File identification
MD5 183b96c1409b3485a0bb9f9b71714fac
SHA1 3e6cb7a2f888f1bc45e783eea5634738cb556bd1
SHA256 d25b12a9aafc91dfe137d4a99c73632c5571091109b238061e57670befea7a0e
ssdeep
6144:LYeY1rqK+efWL6qYymQK3SL4dSShSpFLmwwPKo6MLaLoIsHdue:0kLefWLpVmh3SAJCL1w76XG9

authentihash dae9fa00f43f7acf4d6459bdacf085c7e96e1690a3ee5a98a57e679375511a4f
imphash 194dc0d8e63a7816777c1efcc6fb6c25
File size 319.0 KB ( 326656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-17 00:54:05 UTC ( 4 years, 3 months ago )
Last submission 2014-12-17 00:54:05 UTC ( 4 years, 3 months ago )
File names 3e6cb7a2f888f1bc45e783eea5634738cb556bd1
d25b12a9aafc91dfe137d4a99c73632c5571091109b238061e57670befea7a0e.exe
XnView.exe
XnView
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.