× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db1fcca5188be441a40c4d237d25e29b606ff2383d15a398ba888fcd9a34ee33
File name: RAD221E9.TMP.EXE
Detection ratio: 45 / 62
Analysis date: 2017-06-25 22:20:01 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.Cerber.1 20170625
AegisLab Troj.W32.Yakes!c 20170623
AhnLab-V3 Win-Trojan/Cerber.Gen 20170625
ALYac Trojan.Ransom.Cerber.1 20170625
Antiy-AVL Trojan/Win32.Yakes 20170625
Arcabit Trojan.Ransom.Cerber.1 20170625
Avira (no cloud) TR/Crypt.ZPACK.zhhi 20170625
AVware Trojan.Win32.Generic.pak!cobra 20170625
Baidu Win32.Trojan.Kryptik.alb 20170623
BitDefender Trojan.Ransom.Cerber.1 20170625
CAT-QuickHeal Ransom.Cerber.A4 20170624
Comodo TrojWare.Win32.Kryptik.FBWM 20170625
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/Cerber.A2.gen!Eldorado 20170625
Emsisoft Trojan.Ransom.Cerber.1 (B) 20170625
Endgame malicious (high confidence) 20170615
ESET-NOD32 a variant of Win32/Kryptik.EZUE 20170625
F-Prot W32/Cerber.A2.gen!Eldorado 20170625
F-Secure Trojan.Ransom.Cerber.1 20170625
Fortinet W32/Generic.AP.44240 20170625
GData Trojan.Ransom.Cerber.1 20170625
Ikarus PUA.Downloader 20170625
Sophos ML heuristic 20170607
K7AntiVirus Trojan ( 004f1de61 ) 20170623
K7GW Trojan ( 004f1de61 ) 20170625
Kaspersky Trojan.Win32.Yakes.pvyn 20170625
McAfee Ransomware-FUO!FFB98CB28325 20170625
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20170625
Microsoft TrojanDownloader:Win32/Talalpek.A 20170625
eScan Trojan.Ransom.Cerber.1 20170625
NANO-Antivirus Trojan.Win32.MlwGen.efikaa 20170625
Panda Trj/GdSda.A 20170625
Qihoo-360 HEUR/QVM20.1.1193.Malware.Gen 20170625
Rising Malware.XPACK-HIE/Heur!1.9C48 (cloud:lXhXzweT97L) 20170625
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Ransom-EJ 20170625
Symantec Packed.Generic.459 20170625
Tencent Win32.Trojan.Yakes.Eibp 20170625
TrendMicro Ransom_CERBER.SMFE 20170625
TrendMicro-HouseCall Ransom_CERBER.SMFE 20170625
VIPRE Trojan.Win32.Generic.pak!cobra 20170625
Webroot W32.Trojan.Gen 20170625
Yandex Trojan.Kryptik!0cvcFN55aGM 20170623
Zillya Trojan.Yakes.Win32.58527 20170623
ZoneAlarm by Check Point Trojan.Win32.Yakes.pvyn 20170625
Alibaba 20170623
Avast 20170625
AVG 20170625
Bkav 20170624
ClamAV 20170625
CMC 20170625
DrWeb 20170625
Jiangmin 20170625
Kingsoft 20170625
Malwarebytes 20170625
nProtect 20170625
Palo Alto Networks (Known Signatures) 20170626
SUPERAntiSpyware 20170625
Symantec Mobile Insight 20170623
TheHacker 20170623
TotalDefense 20170625
Trustlook 20170626
VBA32 20170623
ViRobot 20170625
WhiteArmor 20170616
Zoner 20170625
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2000-2012 Cortado AG

Product ThinPrint Virtual Channel Gateway
Original name TPVCGateway.exe
Internal name TPVCGateway
File version 8,6,239,1
Description ThinPrint Virtual Channel Gateway Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-11 11:35:22
Entry Point 0x00001170
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
CryptDestroyKey
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
RegOpenKeyW
RegQueryValueExA
RegOpenKeyExW
CryptAcquireContextW
CryptDeriveKey
RegEnumKeyW
RegOpenKeyExA
CryptHashData
CryptDecrypt
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
ImageList_Destroy
CreateFontIndirectW
PatBlt
OffsetRgn
GetBkMode
ResizePalette
AddFontResourceW
CloseEnhMetaFile
SetStretchBltMode
GdiGetCharDimensions
GetDeviceCaps
ExcludeClipRect
GetColorAdjustment
CreateCompatibleDC
DeleteDC
SwapBuffers
SetBkMode
SetWorldTransform
DeleteObject
GetObjectW
BitBlt
GetFontLanguageInfo
GetICMProfileW
SetTextColor
GetTextExtentPointW
ExtTextOutW
GdiReleaseDC
EngUnicodeToMultiByteN
CLIPOBJ_bEnum
CreatePalette
GetStockObject
CreateMetaFileA
GetPolyFillMode
SelectPalette
AbortPath
EndPage
GetDIBits
CreateRoundRectRgn
SelectClipRgn
EnumFontFamiliesExA
StretchDIBits
GdiGetDC
GetKerningPairsW
GetTextExtentPointI
CreateRectRgn
SelectObject
GdiGetBatchLimit
RealizePalette
CreateSolidBrush
EngWideCharToMultiByte
SetBkColor
SetTextCharacterExtra
GdiConvertBitmapV5
GetTextExtentPoint32W
CreateCompatibleBitmap
Toolhelp32ReadProcessMemory
GetDriveTypeW
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
SignalObjectAndWait
GetConsoleTitleW
GetFileAttributesW
GetCommandLineW
DeleteCriticalSection
OpenFileMappingW
Heap32Next
LocalAlloc
MapViewOfFileEx
SetErrorMode
_llseek
GetLogicalDrives
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
_lopen
Module32NextW
WritePrivateProfileStructW
LocalFree
MoveFileA
ConnectNamedPipe
InitializeCriticalSection
GlobalHandle
GetLogicalDriveStringsW
InterlockedDecrement
GetProfileIntA
SetLastError
EnumUILanguagesW
GetUserDefaultUILanguage
LocalLock
FindNextVolumeA
RemoveDirectoryW
Beep
HeapAlloc
lstrcmpiW
SetProcessWorkingSetSize
SetThreadPriority
WritePrivateProfileSectionW
MultiByteToWideChar
GetPrivateProfileStringW
LeaveCriticalSection
_lclose
EraseTape
CreateThread
GetSystemDirectoryW
GetExitCodeThread
GetConsoleDisplayMode
CreateMutexW
GetVolumeNameForVolumeMountPointW
ExitThread
GlobalMemoryStatus
FindCloseChangeNotification
SearchPathW
GlobalAlloc
SearchPathA
ReadConsoleW
GetCurrentThreadId
GetProcAddress
EnterCriticalSection
WriteConsoleInputA
LoadLibraryW
GetVersionExW
FreeLibrary
GetTickCount
LoadLibraryA
GetStartupInfoA
DeleteFileW
GetUserDefaultLCID
_lread
GetTempFileNameW
CreateWaitableTimerW
lstrcpyW
WaitNamedPipeW
GlobalReAlloc
GetModuleFileNameW
VirtualLock
lstrcmpW
GlobalLock
SetVolumeLabelW
GetPrivateProfileIntW
CreateFileW
GetConsoleWindow
WriteProfileSectionW
ExitProcess
InterlockedIncrement
GetComputerNameExA
GetLastError
GetShortPathNameW
GlobalFree
GlobalUnlock
lstrlenW
GetCurrentProcessId
ProcessIdToSessionId
GetProcessHeaps
ExpandEnvironmentStringsW
GetModuleHandleA
ReadFile
FatalAppExitW
CloseHandle
GetModuleHandleW
SetThreadExecutionState
CreateProcessA
WriteConsoleOutputCharacterW
GetTempPathW
Sleep
IsBadStringPtrA
SetMailslotInfo
VirtualAlloc
DragQueryFileW
SHBindToParent
SHFileOperationW
SHBrowseForFolderA
Shell_NotifyIcon
Shell_NotifyIconW
SHFormatDrive
SHEmptyRecycleBinW
SHCreateDirectoryExW
DuplicateIcon
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
DragAcceptFiles
ShellAboutW
SHCreateProcessAsUserW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetDataFromIDListW
DragFinish
SHGetFileInfo
ShellExecuteW
SHGetFolderPathA
CommandLineToArgvW
StrStrIA
PathAppendW
StrCmpNIA
RedrawWindow
GetMessagePos
SetWindowRgn
GetInputState
DrawTextW
DrawStateA
DestroyMenu
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
EndPaint
WindowFromPoint
CharUpperBuffW
SetMenuItemInfoW
DispatchMessageW
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
IsDialogMessageW
EndMenu
UnregisterClassW
GetClientRect
SetMenuDefaultItem
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
LoadImageW
ClientToScreen
GetTopWindow
GetWindowTextW
LockWindowUpdate
DestroyWindow
DrawEdge
DdeDisconnectList
GetParent
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
EnumDisplayMonitors
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
MapWindowPoints
LoadIconW
ChildWindowFromPoint
GetMenuCheckMarkDimensions
TranslateMessage
IsWindowEnabled
RegisterClassW
GetWindowPlacement
LoadStringW
EnableMenuItem
TrackPopupMenuEx
DrawFocusRect
SetTimer
GetKeyboardLayout
FillRect
DeferWindowPos
GetDialogBaseUnits
CreateWindowExW
GetWindowLongW
PtInRect
IsChild
SetFocus
RegisterWindowMessageW
IsIconic
BeginPaint
DefWindowProcW
DrawIcon
KillTimer
GetClipboardOwner
GetClipboardData
LoadBitmapW
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
EnumChildWindows
RegisterDeviceNotificationW
SendDlgItemMessageW
CharLowerW
PostMessageW
InvalidateRect
CheckDlgButton
CreateDialogParamW
WaitMessage
CreatePopupMenu
GetSubMenu
GetLastActivePopup
DrawIconEx
GetMessageTime
SetWindowTextW
GetDlgItem
RemovePropW
BringWindowToTop
ScreenToClient
TrackPopupMenu
GetMenuItemCount
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetSystemMenu
GetDC
SetForegroundWindow
GetMenuItemInfoW
GetAsyncKeyState
IntersectRect
EndDialog
FindWindowW
GetCapture
GetShellWindow
MessageBeep
LoadMenuW
RemoveMenu
wvsprintfW
GetSysColorBrush
BeginDeferWindowPos
MessageBoxW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
GetSysColor
SetDlgItemTextW
EndDeferWindowPos
GetDoubleClickTime
DestroyIcon
IsWindowVisible
WinHelpW
SystemParametersInfoW
SetRect
MonitorFromRect
CallWindowProcW
ModifyMenuW
UnregisterDeviceNotification
GetFocus
wsprintfW
DefDlgProcW
LookupIconIdFromDirectory
SetCursor
__p__fmode
_wcsupr
rand
_ftol
srand
wcschr
_wcslwr
isdigit
towupper
_except_handler3
__p__commode
wcslen
wcscmp
exit
_XcptFilter
__setusermatherr
wcsncpy
towlower
_acmdln
iswctype
_adjust_fdiv
wcscat
wcscspn
__getmainargs
_controlfp
wcsspn
swscanf
wcscpy
wcsstr
_initterm
_exit
__set_app_type
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 12
RT_DIALOG 4
RT_BITMAP 2
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
MOF 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 53
NEUTRAL 15
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
75264

ImageVersion
0.0

ProductName
ThinPrint Virtual Channel Gateway

FileVersionNumber
8.6.239.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ThinPrint Virtual Channel Gateway Service

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
TPVCGateway.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8,6,239,1

TimeStamp
2016:06:11 12:35:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TPVCGateway

ProductVersion
8,6,239,1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2000-2012 Cortado AG

MachineType
Intel 386 or later, and compatibles

CompanyName
Cortado AG

CodeSize
105984

FileSubtype
0

ProductVersionNumber
8.6.239.1

EntryPoint
0x1170

ObjectFileType
Executable application

File identification
MD5 ffb98cb28325fcbf8c20f5170fb37446
SHA1 deb8a1d4c0216663a749be92b538cfd9fbf37b6b
SHA256 db1fcca5188be441a40c4d237d25e29b606ff2383d15a398ba888fcd9a34ee33
ssdeep
3072:uhHVYB+hMwAT01ntnsUZnu18GnUHVPankyB7labvvOW0bfOF9ZJJ:uh1xmhY1ts+nlGUHVPav7laLv

authentihash 18cc4cb5eb6b0ac19712cdab6f172446fb31badfca0d3f4b429f1fbc0f917f78
imphash 6cc32afdaa1cd4ba4bae7e62007a7e0e
File size 178.0 KB ( 182272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-22 06:11:20 UTC ( 1 year, 8 months ago )
Last submission 2017-06-22 06:11:20 UTC ( 1 year, 8 months ago )
File names RAD221E9.TMP.EXE
TPVCGateway.exe
TPVCGateway
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications