× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7285b31112c18843a9db8aa85a87c7af4d86d8bc64c55b413beca01da7fc7d0
File name: Button for TC
Detection ratio: 38 / 57
Analysis date: 2016-06-06 05:36:56 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.4871017 20160606
AegisLab Troj.Generic!c 20160604
AhnLab-V3 Trojan/Win32.ADH 20160605
ALYac Trojan.Generic.4871017 20160606
Antiy-AVL Trojan/Win32.SGeneric 20160606
Arcabit Trojan.Generic.D4A5369 20160606
Avast Win32:Malware-gen 20160606
AVG upack 20160606
Avira (no cloud) TR/Rogue.4871017 20160605
AVware Trojan.Win32.Packer.Upack0.3.9 (ep) 20160606
Baidu Win32.Trojan.WisdomEyes.151026.9950.9958 20160603
BitDefender Trojan.Generic.4871017 20160606
Bkav HW32.Packed.FBA1 20160604
CMC Trojan-GameThief.Win32.OnLineGames!O 20160602
Comodo Packed.Win32.MUPACK.~KW 20160606
Cyren W32/Heuristic-162!Eldorado 20160606
Emsisoft Trojan.Generic.4871017 (B) 20160606
F-Prot W32/Heuristic-162!Eldorado 20160606
F-Secure Trojan.Generic.4871017 20160606
Fortinet W32/Xed.12 20160606
GData Trojan.Generic.4871017 20160606
Ikarus Trojan-PWS.Win32.Prast 20160606
Jiangmin Trojan/BAT.op 20160606
Malwarebytes Trojan.MalPack.Generic 20160606
McAfee Generic.dx 20160606
McAfee-GW-Edition Generic.dx 20160606
eScan Trojan.Generic.4871017 20160606
Panda Trj/Pupack.A 20160605
Qihoo-360 HEUR/QVM14.0.Malware.Gen 20160606
Rising Trojan.Generic-vk3xdrVi2CI (Cloud) 20160606
Sophos AV Mal/Packer 20160606
Symantec Heur.AdvML.B 20160606
TheHacker W32/Behav-Heuristic-060 20160604
TrendMicro Cryp_Mangled 20160606
TrendMicro-HouseCall Cryp_Mangled 20160606
VIPRE Trojan.Win32.Packer.Upack0.3.9 (ep) 20160606
ViRobot Trojan.Win32.Z.Packer.12007326[h] 20160606
Yandex Trojan.Rogue!nW5YCngFsAM 20160605
Alibaba 20160603
Baidu-International 20160605
CAT-QuickHeal 20160606
ClamAV 20160606
DrWeb 20160606
ESET-NOD32 20160606
K7AntiVirus 20160605
K7GW 20160606
Kaspersky 20160606
Kingsoft 20160606
Microsoft 20160606
NANO-Antivirus 20160606
nProtect 20160603
SUPERAntiSpyware 20160606
Tencent 20160606
TotalDefense 20160606
VBA32 20160603
Zillya 20160605
Zoner 20160606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Jekson07

Product Screen
Original name Screen.exe
Internal name Button for TC
File version Version of a file 2.2
Description ???????????? (????????? ??????)
Comments Button for creation and job with 7z SXF archives
Packers identified
F-PROT Unicode, appended, Aspack, UPX, UPack, 7Z
PEiD Upack v0.399 -> Dwing
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-23 23:39:42
Entry Point 0x00001018
Number of sections 3
PE sections
Overlays
MD5 c0be1e3206f95e5db425e97e355132b5
File type data
Offset 50464
Size 11956862
Entropy 8.00
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:01:24 00:39:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1766614113

LinkerVersion
76.111

EntryPoint
0x1018

InitializedDataSize
1918988898

SubsystemVersion
4.0

ImageVersion
0.58

OSVersion
4.0

UninitializedDataSize
16761

File identification
MD5 579daba234eca5487364cb147bcda250
SHA1 cc89114a42414fb1ac67bcb6212fee227b3f2468
SHA256 d7285b31112c18843a9db8aa85a87c7af4d86d8bc64c55b413beca01da7fc7d0
ssdeep
196608:2UyUqVw5zI4dG+N5UiL3Gal5xnvtDHten9ObxkJ+hDrT7SrfjpYbf:2UF75XVN5tV/hlDHtenoxkcdrfifjg

authentihash 66ee2579f041ed72b44e81f71db8cc6af1235a03c6775337d81c8e1a418601a1
File size 11.5 MB ( 12007326 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID DOS Executable Generic (100.0%)
Tags
peexe upack aspack upx overlay

VirusTotal metadata
First submission 2009-05-10 21:18:43 UTC ( 9 years, 11 months ago )
Last submission 2016-06-06 05:36:56 UTC ( 2 years, 10 months ago )
File names Button for TC
Screen.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.