× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0c5528b084adcaa91c58c183b45d49441608bd245b0b7a94f56ba0369335be2
File name: 69bd829c1702138d4b3f090e059d0b6efd20849d
Detection ratio: 29 / 56
Analysis date: 2016-03-08 09:05:20 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Cripack.Gen.1 20160308
Yandex Backdoor.Androm!FjVkziWjDb0 20160308
AhnLab-V3 Win-Trojan/Teslacrypt.Gen 20160307
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160308
Arcabit Trojan.Cripack.Gen.1 20160308
Avast Win32:Trojan-gen 20160308
AVG Downloader.Generic14.AJHY 20160308
Avira (no cloud) TR/Crypt.Xpack.324872 20160308
AVware Trojan.Win32.Generic!BT 20160308
BitDefender Trojan.Cripack.Gen.1 20160308
DrWeb Trojan.DownLoader17.56468 20160308
Emsisoft Trojan.Cripack.Gen.1 (B) 20160308
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20160308
F-Secure Trojan.Cripack.Gen.1 20160308
Fortinet W32/Kryptik.EFKT!tr 20160307
GData Trojan.Cripack.Gen.1 20160308
Jiangmin Backdoor.Androm.bre 20160308
K7AntiVirus Trojan-Downloader ( 004d776d1 ) 20160308
K7GW Trojan-Downloader ( 004d776d1 ) 20160308
Kaspersky HEUR:Trojan.Win32.Generic 20160307
McAfee GenericR-FXY!9FDD8214443E 20160308
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cm 20160308
Microsoft TrojanSpy:Win32/Ursnif!rfn 20160308
eScan Trojan.Cripack.Gen.1 20160308
NANO-Antivirus Trojan.Win32.DownLoader17.dyvwva 20160308
Panda Trj/Agent.KNK 20160307
Qihoo-360 QVM07.1.Malware.Gen 20160308
Sophos AV Mal/Ransom-DK 20160308
VIPRE Trojan.Win32.Generic!BT 20160308
AegisLab 20160308
Alibaba 20160308
ALYac 20160308
Baidu-International 20160307
Bkav 20160307
ByteHero 20160308
CAT-QuickHeal 20160308
ClamAV 20160308
CMC 20160307
Comodo 20160308
Cyren 20160308
F-Prot 20160308
Ikarus 20160308
Malwarebytes 20160308
nProtect 20160308
Rising 20160308
SUPERAntiSpyware 20160308
Symantec 20160307
Tencent 20160308
TheHacker 20160307
TotalDefense 20160306
TrendMicro 20160308
TrendMicro-HouseCall 20160308
VBA32 20160306
ViRobot 20160308
Zillya 20160306
Zoner 20160308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-09-21 08:14:53
Entry Point 0x00012369
Number of sections 4
PE sections
Overlays
MD5 3d34bac4d722dcf6e2a8832f73361db8
File type data
Offset 143360
Size 1178
Entropy 6.15
PE imports
LsaQueryInformationPolicy
LsaFreeMemory
RegSaveKeyA
RegQueryValueA
RegConnectRegistryW
RegCreateKeyW
RegSetValueExA
AreAnyAccessesGranted
RegDeleteValueA
RegOpenKeyExA
FoldStringA
GetFileAttributesExW
GetStartupInfoA
GlobalFindAtomW
GetModuleHandleA
GetCommProperties
GetThreadSelectorEntry
FatalAppExitA
BackupRead
GetExpandedNameW
__p__fmode
fputc
puts
_acmdln
_adjust_fdiv
__setusermatherr
__p__winmajor
__getmainargs
_initterm
_controlfp
feof
__p__commode
__set_app_type
CharPrevA
GetInputState
GetCapture
GetClassInfoA
FlashWindow
CharLowerA
DdeCreateStringHandleA
DdeUninitialize
SetWindowPlacement
PostMessageA
GetCursorPos
DdeUnaccessData
CharNextExA
GetDoubleClickTime
GetClipboardViewer
GetThreadDesktop
LoadAcceleratorsA
TranslateAcceleratorA
AdjustWindowRect
GetDialogBaseUnits
GetActiveWindow
GetKeyboardType
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 5
RT_DIALOG 3
RT_VERSION 1
Struct(111) 1
Number of PE resources by language
SPANISH MEXICAN 5
ENGLISH US 5
MACEDONIAN DEFAULT 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.69.172.113

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
294912

EntryPoint
0x12369

OriginalFileName
Linesman.exe

MIMEType
application/octet-stream

LegalCopyright
Markups (C) 2019

FileVersion
0,136,5,178

TimeStamp
2008:09:21 09:14:53+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,160,149,74

FileDescription
Propel

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The Linksys Group, Inc.

CodeSize
73728

FileSubtype
0

ProductVersionNumber
0.30.25.68

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9fdd8214443e0024719fca0464466f2e
SHA1 69bd829c1702138d4b3f090e059d0b6efd20849d
SHA256 e0c5528b084adcaa91c58c183b45d49441608bd245b0b7a94f56ba0369335be2
ssdeep
3072:myCZkkqbsvTpdz7URxKB/Y7jnjmfnJDzU/Y0+LF:dCZkcptpB/SLS9w/Y0+LF

authentihash 265eee6b01b5cf00722d79eb4621766681288ebfb7a686409dfd26698cd669ca
imphash 5944f51f729595b57e7559471f11e2d5
File size 141.2 KB ( 144538 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-08 09:05:20 UTC ( 2 years, 11 months ago )
Last submission 2016-03-08 09:05:20 UTC ( 2 years, 11 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications