× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d45c0463489cf01d03009f4ffc33b817b707a6a982de1cd2b64bd414e84fe2ef
File name: YSpq2bkGVIi5yaPcv6667.exe
Detection ratio: 1 / 53
Analysis date: 2015-11-26 13:03:38 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Qihoo-360 QVM19.1.Malware.Gen 20151126
AegisLab 20151126
Yandex 20151125
AhnLab-V3 20151126
Alibaba 20151126
ALYac 20151126
Antiy-AVL 20151126
Arcabit 20151126
Avast 20151126
AVG 20151126
Avira (no cloud) 20151126
AVware 20151126
Baidu-International 20151126
BitDefender 20151126
Bkav 20151126
ByteHero 20151126
CAT-QuickHeal 20151126
ClamAV 20151126
CMC 20151124
Comodo 20151126
Cyren 20151126
DrWeb 20151126
ESET-NOD32 20151126
F-Prot 20151126
F-Secure 20151126
Fortinet 20151126
GData 20151126
Ikarus 20151126
Jiangmin 20151125
K7AntiVirus 20151126
K7GW 20151126
Kaspersky 20151126
Malwarebytes 20151126
McAfee 20151126
McAfee-GW-Edition 20151126
Microsoft 20151126
eScan 20151126
NANO-Antivirus 20151126
nProtect 20151126
Panda 20151126
Rising 20151124
Sophos 20151126
SUPERAntiSpyware 20151126
Symantec 20151125
Tencent 20151126
TheHacker 20151125
TrendMicro 20151126
TrendMicro-HouseCall 20151126
VBA32 20151126
VIPRE 20151126
ViRobot 20151126
Zillya 20151123
Zoner 20151126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©Agere Systems 1998-2004

Product LTRemove
Original name ltremove.exe
Internal name LTRemove
File version 1.69A
Description LTRemove
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-18 03:10:37
Entry Point 0x0002D7B0
Number of sections 11
PE sections
PE imports
WaitForMultipleObjectsEx
LoadLibraryExA
LocalSize
CancelDeviceWakeupRequest
CreateDirectoryExA
GetCurrentActCtx
SetProcessAffinityMask
GetProcAddress
FindFirstVolumeMountPointA
QueryPerformanceFrequency
wnsprintfA
wsprintfW
wcslen
cos
Number of PE resources by type
RT_STRING 19
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PORTUGUESE 1
ITALIAN NEUTRAL 1
DANISH NEUTRAL 1
SWEDISH NEUTRAL 1
CHINESE TRADITIONAL 1
SPANISH NEUTRAL 1
GERMAN NEUTRAL 1
POLISH DEFAULT 1
CHINESE SIMPLIFIED 1
PORTUGUESE BRAZILIAN 1
JAPANESE DEFAULT 1
SPANISH MODERN 1
FRENCH NEUTRAL 1
DUTCH NEUTRAL 1
FRENCH CANADIAN 1
KOREAN 1
FINNISH NEUTRAL 1
NORWEGIAN NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
1.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.6.9.1

UninitializedDataSize
5632

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
132096

EntryPoint
0x2d7b0

OriginalFileName
ltremove.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Agere Systems 1998-2004

FileVersion
1.69A

TimeStamp
2018:07:18 04:10:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LTRemove

ProductVersion
1.69A

FileDescription
LTRemove

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Agere Systems

CodeSize
48640

ProductName
LTRemove

ProductVersionNumber
1.6.9.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6c14578c2b77b1917b3dee9da6efcd56
SHA1 66ec4b005cbb05cb8c132ee61fbb8c645f37bb34
SHA256 d45c0463489cf01d03009f4ffc33b817b707a6a982de1cd2b64bd414e84fe2ef
ssdeep
3072:wuUeGsdUivS8YIVqnaw7a0SQueRBFw3U+NdbF6d8IhwhMP:wuU0vSCV6aw7a0SpgBFw3UxdVwhM

authentihash a77fb1201b0293558734661403db2e0ab9a1aba05dad1533c30d75c157d0db13
imphash beb668add406ded0fa044d3ba518b0e5
File size 193.0 KB ( 197632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-26 10:53:49 UTC ( 1 year, 6 months ago )
Last submission 2016-12-15 20:36:21 UTC ( 5 months, 1 week ago )
File names d45c0463489cf01d03009f4ffc33b817b707a6a982de1cd2b64bd414e84fe2ef.bin
D45C0463489CF01D03009F4FFC33B817B707A6A982DE1CD2B64BD414E84FE2EF.exe
ven_req_6c14578c2b77b1917b3dee9da6efcd56.exe.exe
YSpq2bkGVIi5yaPcv6667.exe
YSpq2bkGVIi5yaPcv3159.exe.3924.dr
LTRemove
YSpq2bkGVIi5yaPcv7369.exe
YSpq2bkGVIi5yaPcv268.exe.3824.dr
YSpq2bkGVIi5yaPcv3336.exe.2080.dr
YSpq2bkGVIi5yaPcv955.exe
ltremove.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections