× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d34b75fb7f86b5ce79330ef44f7ff55424cc14666ce776c17d1f2470a1d72b83
File name: 3ed67d0cefb79d67ddede5e6572447c2
Detection ratio: 33 / 57
Analysis date: 2016-12-03 14:31:10 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3774998 20161203
ALYac Trojan.GenericKD.3774998 20161203
Antiy-AVL Trojan[Backdoor]/Win32.Vawtrak 20161203
Arcabit Trojan.Generic.D399A16 20161203
Avast Win32:Malware-gen 20161203
AVG PSW.Generic13.RFW 20161202
AVware Trojan.Win32.Generic!BT 20161203
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161202
BitDefender Trojan.GenericKD.3774998 20161203
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.PWS.Papras.2166 20161203
Emsisoft Trojan.GenericKD.3774998 (B) 20161203
ESET-NOD32 Win32/PSW.Papras.EJ 20161203
F-Secure Trojan.GenericKD.3774998 20161203
Fortinet W32/Kryptick.HL!tr 20161203
GData Trojan.GenericKD.3774998 20161203
Sophos ML ransom.win32.nymaim.f 20161202
Kaspersky Backdoor.Win32.Vawtrak.gp 20161203
Malwarebytes Trojan.Bublik 20161203
McAfee Artemis!3ED67D0CEFB7 20161203
McAfee-GW-Edition BehavesLike.Win32.Worm.dh 20161202
Microsoft Backdoor:Win32/Vawtrak.E 20161203
eScan Trojan.GenericKD.3774998 20161203
NANO-Antivirus Trojan.Win32.Vawtrak.eizgpl 20161203
Panda Trj/GdSda.A 20161203
Qihoo-360 HEUR/QVM20.1.5719.Malware.Gen 20161203
Rising Malware.Generic!iEeGRHBg7v@5 (thunder) 20161203
Symantec Backdoor.Trojan 20161203
Tencent Win32.Trojan.Inject.Auto 20161203
TrendMicro TROJ_GEN.R011C0DKM16 20161203
TrendMicro-HouseCall BKDR_VAWTRAK.SMSM 20161203
VIPRE Trojan.Win32.Generic!BT 20161203
Yandex Trojan.PWS.Papras!aPUvqUB6Aug 20161202
AegisLab 20161203
AhnLab-V3 20161203
Alibaba 20161203
Avira (no cloud) 20161203
Bkav 20161203
CAT-QuickHeal 20161203
ClamAV 20161203
CMC 20161203
Comodo 20161203
Cyren 20161203
F-Prot 20161203
Ikarus 20161203
Jiangmin 20161203
K7AntiVirus 20161203
K7GW 20161203
Kingsoft 20161203
nProtect 20161203
Sophos AV 20161203
SUPERAntiSpyware 20161203
TheHacker 20161130
TotalDefense 20161203
Trustlook 20161203
VBA32 20161202
ViRobot 20161203
WhiteArmor 20161125
Zillya 20161202
Zoner 20161203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2000-2010 FRISK Software International

Product F-PROT Antivirus for Windows
Original name fptrayproc
File version 1.3.8.21
Description Handling of upfates (F-PROT Antivirus)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-12 05:40:41
Entry Point 0x000051CC
Number of sections 7
PE sections
PE imports
GetSystemTime
GetLastError
GetSystemInfo
GetThreadPriorityBoost
DeactivateActCtx
GetVersionExW
FreeLibrary
LocalAlloc
DeleteTimerQueueEx
DisableThreadLibraryCalls
VirtualProtect
LoadLibraryA
GetCurrentProcess
GetDateFormatA
AddConsoleAliasA
SetThreadPriority
TerminateThread
AddAtomA
CopyFileExA
BuildCommDCBAndTimeoutsW
CreateDirectoryW
GetCompressedFileSizeA
GetProcAddress
AddAtomW
GetCurrentThread
GetTempFileNameW
GetTimeFormatW
RaiseException
GetModuleHandleA
InterlockedExchange
BackupWrite
lstrcpyA
CancelWaitableTimer
CompareStringA
DeleteFileW
GetPriorityClass
MoveFileExA
SetThreadExecutionState
IsBadStringPtrW
LocalFree
GetLogicalDriveStringsA
GetNumberFormatW
GetCurrentThreadId
SleepEx
GetTimeFormatA
GetForegroundWindow
IntersectRect
GetKeyboardLayoutNameW
CharPrevW
GetDoubleClickTime
GetClipboardViewer
IsWindow
GetWindowRect
GetDialogBaseUnits
GetClipboardFormatNameW
IsCharAlphaA
IsWindowEnabled
GetWindow
CreatePopupMenu
GetMenu
GetKeyboardLayoutList
GetThreadDesktop
GetKeyboardLayout
GetActiveWindow
GetWindowTextW
IsWindowUnicode
IsCharUpperW
GetWindowTextLengthW
GetMenuItemCount
Number of PE resources by type
RT_ICON 9
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
200704

ImageVersion
0.0

ProductName
F-PROT Antivirus for Windows

FileVersionNumber
1.3.8.21

Website
http://www.f-prot.com

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Handling of upfates (F-PROT Antivirus)

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
fptrayproc

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.3.8.21

TimeStamp
2015:04:12 06:40:41+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT

LegalCopyright
Copyright 2000-2010 FRISK Software International

MachineType
Intel 386 or later, and compatibles

CompanyName
FRISK Software International

CodeSize
24576

FileSubtype
0

ProductVersionNumber
6.0.9.0

EntryPoint
0x51cc

ObjectFileType
Executable application

File identification
MD5 3ed67d0cefb79d67ddede5e6572447c2
SHA1 6def904b4797ee86fa52efef039ef859c7d30614
SHA256 d34b75fb7f86b5ce79330ef44f7ff55424cc14666ce776c17d1f2470a1d72b83
ssdeep
3072:WXZ5MUnl6NLk0e2vcligfdN+UnlUNJ1V0uDiZWadE/G:Wpdnl6heplis+OUz1vPadE/

authentihash 3c3044ef1d5b40c62455aa569f66e60cc536ce87a0fe310ced8415c6fe47e5b4
imphash 247621301ee9313f3fef83e8ed0ce385
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-03 14:31:10 UTC ( 2 years, 3 months ago )
Last submission 2016-12-03 14:31:10 UTC ( 2 years, 3 months ago )
File names fptrayproc
d34b75fb7f86b5ce79330ef44f7ff55424cc14666ce776c17d1f2470a1d72b83
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications