× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df9252b96801267cf4132eecb02c6ced3e7c638b3dd3bed1b87a3732c4b2f8f1
File name: tg435t3df.exe
Detection ratio: 30 / 54
Analysis date: 2014-06-24 11:05:23 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1721515 20140624
AntiVir TR/Crypt.XPACK.Gen 20140624
Antiy-AVL Trojan/Win32.Yakes 20140624
Avast Win32:Malware-gen 20140624
AVG Crypt3.ZJR 20140624
Baidu-International Trojan.Win32.Yakes.aw 20140624
BitDefender Trojan.GenericKD.1721515 20140624
CAT-QuickHeal Trojan.Yakes.r4 20140624
CMC Trojan.Win32.Swizzor.1!O 20140624
DrWeb Trojan.Siggen6.19452 20140624
Emsisoft Trojan.GenericKD.1721515 (B) 20140624
ESET-NOD32 a variant of Win32/Kryptik.CELS 20140624
F-Secure Trojan.GenericKD.1721515 20140624
Fortinet W32/Kryptik.CELS!tr 20140624
GData Trojan.GenericKD.1721515 20140624
Ikarus Trojan.Crypt 20140624
K7AntiVirus Trojan ( 0049bc861 ) 20140623
K7GW Trojan ( 050000001 ) 20140623
Kaspersky Trojan.Win32.Yakes.fdmq 20140624
Malwarebytes Spyware.Zbot.VXGen 20140624
Microsoft PWS:Win32/Zbot 20140624
eScan Trojan.GenericKD.1721515 20140624
NANO-Antivirus Trojan.Win32.Yakes.dbgfth 20140624
nProtect Trojan.GenericKD.1721515 20140624
Panda Trj/CI.A 20140624
Qihoo-360 HEUR/Malware.QVM20.Gen 20140624
Sophos AV Mal/Generic-S 20140624
Symantec WS.Reputation.1 20140624
TrendMicro-HouseCall TROJ_GEN.R047B01FN14 20140624
VIPRE Trojan.Win32.Generic!BT 20140624
AegisLab 20140624
Yandex 20140623
AhnLab-V3 20140624
Bkav 20140623
ByteHero 20140624
ClamAV 20140624
Commtouch 20140624
Comodo 20140624
F-Prot 20140624
Jiangmin 20140624
Kingsoft 20140624
McAfee 20140624
McAfee-GW-Edition 20140623
Norman 20140624
Rising 20140623
SUPERAntiSpyware 20140624
Tencent 20140624
TheHacker 20140622
TotalDefense 20140624
TrendMicro 20140624
VBA32 20140624
ViRobot 20140624
Zillya 20140624
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1986 - 2012

Publisher Pocket Soft, Inc.
Product r64k36P2z66S
Original name l3h48BqF9.exe
Internal name l3h48BqF9.exe
File version 3.0.6.8
Description X19pnaO8vC9
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-16 10:03:53
Entry Point 0x00010FC0
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegUnLoadKeyW
SetTextColor
WriteProfileStringW
GetProfileIntW
lstrcpyW
CreateEventW
TerminateProcess
GetModuleHandleA
UnhandledExceptionFilter
WaitForSingleObject
GetCommandLineW
SetEvent
GetCurrentProcess
lstrcpynW
GetStartupInfoA
IsDebuggerPresent
CloseHandle
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GlobalUnlock
GlobalLock
lstrlenW
ResetEvent
SetFocus
MapWindowPoints
UpdateWindow
EndDialog
GetMessageW
HideCaret
GetProcessDefaultLayout
DestroyMenu
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
GetSysColorBrush
SetWindowLongW
MessageBoxW
DialogBoxParamW
ChildWindowFromPoint
GetClipboardData
TranslateMessage
GetSysColor
CheckDlgButton
CreateDialogParamW
GetDlgCtrlID
CheckMenuItem
SendMessageW
LoadStringW
SetWindowTextW
GetDlgItem
SystemParametersInfoW
TrackPopupMenuEx
GetSubMenu
CharNextW
InvalidateRect
OpenClipboard
GetWindowTextW
GetDesktopWindow
LoadCursorW
LoadIconW
DestroyWindow
IsChild
TranslateAcceleratorW
Number of PE resources by type
RT_DIALOG 1
RT_VERSION 1
WP00GA 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.6.8

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Taiwan (Big5)

InitializedDataSize
309248

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1986 - 2012

FileVersion
3.0.6.8

TimeStamp
2014:06:16 11:03:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
l3h48BqF9.exe

FileAccessDate
2014:06:24 12:00:41+01:00

ProductVersion
3.0.6.8

FileDescription
X19pnaO8vC9

OSVersion
5.1

FileCreateDate
2014:06:24 12:00:41+01:00

OriginalFilename
l3h48BqF9.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pocket Soft, Inc.

CodeSize
148992

ProductName
r64k36P2z66S

ProductVersionNumber
3.0.6.8

EntryPoint
0x10fc0

ObjectFileType
Executable application

File identification
MD5 dd9034c6aef787987bdde0c4e6ad0954
SHA1 b4560a6482254579e373df9a9b4af41cc4129b12
SHA256 df9252b96801267cf4132eecb02c6ced3e7c638b3dd3bed1b87a3732c4b2f8f1
ssdeep
6144:BCNIrxtqeOWO7lN+uxQr8AYBqDybteagdoKzDFcoAX4mC:BCSt5OV+r8QUteagdoKnFcom

imphash 54722bf6eadc5ca15d40dfed991dfb12
File size 259.0 KB ( 265216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-17 11:03:10 UTC ( 4 years, 9 months ago )
Last submission 2014-06-17 11:03:10 UTC ( 4 years, 9 months ago )
File names l3h48BqF9.exe
tg435t3df.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.