× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d34b378ede04c585c2bff8cf32112904e8512ee80c5a9fbb34ba224d8dbc868b
File name: GermanCrimeTimeSrvmgr.exe
Detection ratio: 48 / 54
Analysis date: 2014-08-12 21:51:57 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.6139667 20140812
Yandex TrojanSpy.SpyEyes!fBe7oB/zAIY 20140812
AhnLab-V3 Spyware/Win32.SpyEyes 20140812
AntiVir TR/Lacubor.A 20140812
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20140812
Avast Win32:Spyeye-EF [Spy] 20140812
AVG SHeur3.BRIO 20140812
AVware Trojan.Win32.Spyeyes.Lbn (v) 20140812
BitDefender Trojan.Generic.6139667 20140812
Bkav W32.FafiveB.Worm 20140812
CAT-QuickHeal TrojanSpy.SpyEyes.fpr 20140812
Commtouch W32/Ramnit.QXDG-4641 20140812
Comodo TrojWare.Win32.Kryptik.MNM 20140812
DrWeb Trojan.Starter.1591 20140812
Emsisoft Trojan.Generic.6139667 (B) 20140812
ESET-NOD32 a variant of Win32/Kryptik.LPK 20140812
F-Prot W32/Ramnit.G 20140812
F-Secure Trojan.Generic.6139667 20140812
Fortinet W32/SpyEyes.LBN!tr.spy 20140812
GData Trojan.Generic.6139667 20140812
Ikarus Trojan-Spy.Win32.SpyEyes 20140812
Jiangmin TrojanSpy.SpyEyes.bsw 20140812
K7AntiVirus Trojan ( 003c36381 ) 20140812
K7GW Trojan ( 003c36381 ) 20140812
Kaspersky HEUR:Trojan.Win32.Generic 20140812
Kingsoft Win32.Troj.Obfuscated.ap.(kcloud) 20140812
Malwarebytes Trojan.FakeMS.ED 20140812
McAfee W32/Ramnit 20140812
McAfee-GW-Edition W32/Ramnit 20140812
Microsoft Trojan:Win32/Ramnit.A 20140812
eScan Trojan.Generic.6139667 20140812
NANO-Antivirus Trojan.Win32.Starter.cqpenn 20140812
Norman Suspicious_Gen2.PSTXV 20140812
nProtect Trojan/W32.Agent.97130 20140812
Panda Generic Trojan 20140812
Qihoo-360 Win32/Trojan.Spy.57e 20140812
Rising PE:Trojan.Win32.Generic.1280FB82!310442882 20140812
Sophos AV Mal/Zbot-CJ 20140812
SUPERAntiSpyware Trojan.Agent/Gen-Koobface 20140804
Symantec Trojan.Gen 20140812
Tencent Win32.Trojan.Generic.Ectn 20140812
TheHacker Trojan/Spy.SpyEyes.fpr 20140812
TotalDefense Win32/Zbot.AZFCHZB 20140812
TrendMicro PE_RAMNIT.DEN-O 20140812
TrendMicro-HouseCall PE_RAMNIT.DEN-O 20140812
VBA32 Backdoor.IRCNite.clf 20140812
VIPRE Trojan.Win32.Spyeyes.Lbn (v) 20140812
ViRobot Trojan.Win32.A.SpyEyes.97130.B 20140812
AegisLab 20140812
Baidu-International 20140812
ByteHero 20140812
ClamAV 20140812
CMC 20140809
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-10 14:47:41
Entry Point 0x000032FC
Number of sections 4
PE sections
Overlays
MD5 d7a5d7f4938408b6080e8ac1119ada1d
File type data
Offset 96768
Size 362
Entropy 7.13
PE imports
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
GetROP2
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
EndDoc
CreateSolidBrush
StartPage
GetObjectW
BitBlt
CreateHatchBrush
GetTextExtentPointW
CreatePatternBrush
ExtTextOutW
CreateBitmap
MoveToEx
GetStockObject
SetTextAlign
CreateCompatibleDC
CreateFontW
SetBrushOrgEx
GetTextExtentPoint32W
RemoveFontResourceW
SetWindowOrgEx
DPtoLP
SetTextColor
SetBkColor
OffsetWindowOrgEx
DeleteObject
GetStdHandle
WaitForSingleObject
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
LoadResource
FindClose
GetFullPathNameW
CopyFileW
GetModuleFileNameW
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateThread
CreatePipe
SetEnvironmentVariableA
TerminateProcess
SetCurrentDirectoryW
VirtualQuery
GetCurrentThreadId
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
lstrcpyW
ExpandEnvironmentStringsW
GetTimeFormatA
lstrcmpW
GetTimeZoneInformation
GetFileType
HeapAlloc
GetLastError
LCMapStringW
VirtualAllocEx
GetSystemInfo
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
HeapCreate
OpenEventW
VirtualFree
VirtualAlloc
CompareStringA
SetFocus
EmptyClipboard
GetMonitorInfoW
GetParent
SetScrollInfo
EndDialog
LoadBitmapW
GetClassNameW
DeferWindowPos
CreateCaret
GetDlgItemInt
DestroyMenu
ShowWindow
PostQuitMessage
CheckMenuRadioItem
LoadMenuW
GetClipboardData
SetDlgItemInt
ShowScrollBar
EnableMenuItem
SetScrollRange
PeekMessageW
InflateRect
InsertMenuItemW
EndDeferWindowPos
IsWindowUnicode
DialogBoxParamW
WindowFromPoint
AppendMenuW
CharLowerW
SetWindowLongA
TranslateMessage
RealChildWindowFromPoint
PostMessageW
DispatchMessageW
SetDlgItemTextW
GetMenuItemID
DestroyCursor
GetCursorPos
GetDlgCtrlID
CreatePopupMenu
CheckMenuItem
GetMenu
MonitorFromWindow
SetParent
GetWindowLongW
PtInRect
GetWindowPlacement
GetClientRect
ToAscii
DrawMenuBar
MessageBoxW
IsIconic
FrameRect
SetWindowLongW
InvalidateRect
IsClipboardFormatAvailable
GetKeyboardState
TrackPopupMenu
GetActiveWindow
IsDialogMessageW
GetMenuItemCount
ModifyMenuW
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
CallWindowProcA
GetFocus
CreateWindowExW
InsertMenuW
ScrollWindow
GetMessageA
GetKeyState
DragDetect
IsDialogMessageA
TranslateAcceleratorW
PrintDlgA
GetFileTitleA
ReplaceTextA
FindTextA
GetFileTitleW
GetOpenFileNameW
ChooseColorW
ChooseFontW
GetSaveFileNameW
PageSetupDlgA
GetOpenFileNameA
ChooseColorA
FindTextW
ReplaceTextW
PrintDlgW
PageSetupDlgW
GetSaveFileNameA
ChooseFontA
Number of PE resources by type
RT_ICON 3
RT_MENU 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.3.6000.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft XPS Document Writer

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
128512

EntryPoint
0x32fc

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.0.6000.16438 (winmain(wmbla).070123-1244)

TimeStamp
2011:03:10 15:47:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MXDWDRV.DLL

ProductVersion
6.0.6000.16438

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
29184

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.0.6000.16438

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 f8434f362add5334f4f050f4b4b373a7
SHA1 f5915cb0d72c8faffe11126bc29da1b1db8092bc
SHA256 d34b378ede04c585c2bff8cf32112904e8512ee80c5a9fbb34ba224d8dbc868b
ssdeep
1536:ImJ3sqZXfb3Bgnq40yneyoBq/aabbj6w8wSZs97efjpl6N9t5YVJC7DY2mHM+y:7fbxgnqTHBq/aabbjp3SZs9K7K5YVKD0

authentihash c7cd74061387a991d0191a901585ea83911be63b5567fd0609c20376f1afd3a1
imphash 17df7ace5bd001f104b1999119ae876c
File size 94.9 KB ( 97130 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe usb-autorun overlay

VirusTotal metadata
First submission 2011-03-10 19:18:27 UTC ( 7 years, 8 months ago )
Last submission 2018-05-25 07:22:09 UTC ( 6 months ago )
File names qrhmaqqd.exe
siqhkgbq.exe
cvoakxek.exe
windentmgr.exe
fhgabxek.exe
IBwKWmZm.exe
YoPljxTS.exe
GTA_SAmgr.exe
ClientUpdatemgr.exe
d34b378ede04c585_cuckoo-8368e4e646bbaba903d7fd832568f646f10ee585708edaf10ddc2be270871109mgr.exe
HaxWinmgr.exe
toexingk.exe
file-5376256_exe
pawnomgr.exe
jvtrqnyg.exe
hlmgr.exe
csgomgr.exe
titeahhi.exe
d34b378ede04c585_0051c03bc92f1997ef87830ce2c25b8b46f40c6dmgr.exe
EterNexusmgr.exe
announcemgr.exe
UlOdBden.exe
metin2mgr.exe
Wowmgr.exe
GermanCrimeTimeSrvmgr.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!