× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d371c88fafd5316a908a68b4a305a91c7d405cecaeeab1697e299be08eacddca
File name: 147a162ab9e304f50c932a0862c14a4bf443cd0f
Detection ratio: 10 / 56
Analysis date: 2014-12-25 00:43:27 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.169290 20141224
Avast Win32:Malware-gen 20141225
AVG Zbot.WFI 20141224
BitDefender Gen:Variant.Graftor.169290 20141224
DrWeb Trojan.PWS.Panda.7708 20141225
Emsisoft Gen:Variant.Graftor.169290 (B) 20141225
ESET-NOD32 Win32/Spy.Zbot.ACB 20141225
GData Gen:Variant.Graftor.169290 20141225
eScan Gen:Variant.Graftor.169290 20141225
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141224
AegisLab 20141224
Yandex 20141224
AhnLab-V3 20141224
ALYac 20141225
Antiy-AVL 20141224
Avira (no cloud) 20141224
AVware 20141224
Baidu-International 20141224
Bkav 20141224
ByteHero 20141225
CAT-QuickHeal 20141224
ClamAV 20141225
CMC 20141218
Comodo 20141225
Cyren 20141225
F-Prot 20141225
F-Secure 20141224
Fortinet 20141225
Ikarus 20141224
Jiangmin 20141224
K7AntiVirus 20141224
K7GW 20141224
Kaspersky 20141225
Kingsoft 20141225
Malwarebytes 20141225
McAfee 20141225
McAfee-GW-Edition 20141224
Microsoft 20141225
NANO-Antivirus 20141224
Norman 20141224
nProtect 20141224
Panda 20141224
Qihoo-360 20141225
Sophos AV 20141225
SUPERAntiSpyware 20141224
Symantec 20141225
Tencent 20141225
TheHacker 20141224
TotalDefense 20141224
TrendMicro 20141225
TrendMicro-HouseCall 20141225
VBA32 20141224
VIPRE 20141225
ViRobot 20141224
Zillya 20141224
Zoner 20141223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2006 Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Original name clview.exe
Internal name Microsoft Office Help
File version 12.0.6606.1000
Description Microsoft Office Help Viewer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-24 10:20:59
Entry Point 0x00001170
Number of sections 5
PE sections
PE imports
RegOpenKeyA
RegQueryValueExA
GetBkColor
AddFontResourceW
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
WritePrivateProfileStringW
VirtualAllocEx
TerminateThread
LoadLibraryW
GlobalFree
WaitForSingleObject
FreeLibrary
GetTickCount
IsBadWritePtr
GlobalUnlock
GlobalAlloc
SetConsoleScreenBufferSize
lstrlenW
lstrcatW
DeleteCriticalSection
GetWindowsDirectoryW
HeapSize
GetModuleHandleW
GlobalReAlloc
GetStartupInfoW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcessHeap
lstrcpynW
lstrcpyW
CreateThread
WriteFile
CloseHandle
FreeConsole
HeapReAlloc
GlobalLock
SetEvent
CreateEventW
InitializeCriticalSection
OutputDebugStringW
CreateFileW
GlobalHandle
AllocConsole
InterlockedDecrement
Sleep
HeapAlloc
LeaveCriticalSection
InterlockedIncrement
MapWindowPoints
SetFocus
GetParent
IntersectRect
SetMenuDefaultItem
LoadBitmapW
SetClassLongW
DefWindowProcW
FindWindowW
GetMenuState
KillTimer
DestroyMenu
ShowWindow
CheckMenuRadioItem
MessageBeep
ValidateRect
LoadMenuW
SetWindowPos
RemoveMenu
GetDesktopWindow
GetSystemMetrics
IsIconic
MessageBoxW
RegisterClassExW
SetCapture
ReleaseCapture
AppendMenuW
GetWindow
GetSysColor
SetActiveWindow
GetDC
EndDeferWindowPos
ReleaseDC
GetDlgCtrlID
CreatePopupMenu
CheckMenuItem
GetMenu
GetSubMenu
GetLastActivePopup
BeginDeferWindowPos
WinHelpW
GetClientRect
SetWindowLongW
GetDlgItem
SetRectEmpty
SystemParametersInfoW
SetCursor
EnableMenuItem
DeleteMenu
GetMenuItemCount
DrawFocusRect
GetDCEx
LoadImageW
LoadIconA
TrackPopupMenu
FillRect
ModifyMenuW
CopyRect
TrackPopupMenuEx
DeferWindowPos
SetMenuItemInfoW
LoadCursorW
LoadIconW
GetFocus
GetMenuItemID
InsertMenuW
GetActiveWindow
SetForegroundWindow
DrawTextW
GetMenuStringW
GetMenuItemInfoW
Number of PE resources by type
RT_ICON 12
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
96768

ImageVersion
0.0

FileVersionNumber
12.0.6606.1000

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

FileVersion
12.0.6606.1000

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2014:12:24 11:20:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Microsoft Office Help

FileAccessDate
2014:12:25 01:54:46+01:00

FileDescription
Microsoft Office Help Viewer

OSVersion
5.0

FileCreateDate
2014:12:25 01:54:46+01:00

OriginalFilename
clview.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
205312

FileSubtype
0

ProductVersionNumber
12.0.6606.0

EntryPoint
0x1170

ObjectFileType
Executable application

File identification
MD5 e91ac62d989d8ab8e608a2b05528185a
SHA1 147a162ab9e304f50c932a0862c14a4bf443cd0f
SHA256 d371c88fafd5316a908a68b4a305a91c7d405cecaeeab1697e299be08eacddca
ssdeep
3072:lBsS14Gd3p+7Rhy9P413hcGqQS5zPbCN5hUf11bR+ByJKt6wIH3uyrNzKuAYn:lBUGe793hcGqQMbbCGfnN20p7rN

authentihash 58abd0ac675b6f9c1283057c9732eaf2461d5f0cee2daf7ac2b2dfcc1482e48d
imphash 0d77dc3ea12fc376eb3d114580424b79
File size 295.5 KB ( 302592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-25 00:43:27 UTC ( 4 years, 2 months ago )
Last submission 2014-12-25 00:43:27 UTC ( 4 years, 2 months ago )
File names Microsoft Office Help
147a162ab9e304f50c932a0862c14a4bf443cd0f
clview.exe
d371c88fafd5316a908a68b4a305a91c7d405cecaeeab1697e299be08eacddca.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.