× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e68422f678c60e1478690cd0ab11b15f6ec2eee078b96221d6121c17f345dc84
File name: 215416e19b104e33ca9c29f285ea23fa
Detection ratio: 8 / 56
Analysis date: 2016-09-20 10:21:40 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Avast Win32:Malware-gen 20160920
Avira (no cloud) TR/Crypt.Xpack.dvtvt 20160920
Bkav HW32.Packed.2CD4 20160919
CrowdStrike Falcon (ML) malicious_confidence_62% (D) 20160725
Sophos ML trojan.win32.lethic.i 20160917
Panda Trj/Agent.FBT 20160919
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20160920
Rising Malware.Heuristic!ET (rdm+) 20160920
Ad-Aware 20160920
AegisLab 20160920
AhnLab-V3 20160920
Alibaba 20160920
ALYac 20160920
Antiy-AVL 20160920
Arcabit 20160920
AVG 20160920
AVware 20160920
Baidu 20160920
BitDefender 20160920
CAT-QuickHeal 20160920
ClamAV 20160920
CMC 20160916
Comodo 20160919
Cyren 20160920
DrWeb 20160920
Emsisoft 20160920
ESET-NOD32 20160920
F-Prot 20160920
F-Secure 20160920
Fortinet 20160920
GData 20160920
Ikarus 20160920
Jiangmin 20160920
K7AntiVirus 20160920
K7GW 20160920
Kaspersky 20160920
Kingsoft 20160920
Malwarebytes 20160920
McAfee 20160920
McAfee-GW-Edition 20160920
Microsoft 20160920
eScan 20160920
NANO-Antivirus 20160920
nProtect 20160920
Sophos AV 20160920
SUPERAntiSpyware 20160919
Symantec 20160920
Tencent 20160920
TheHacker 20160920
TrendMicro-HouseCall 20160920
VBA32 20160919
VIPRE 20160920
ViRobot 20160920
Yandex 20160919
Zillya 20160920
Zoner 20160920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2009 - 2013 Nir Sofer

Product DevManView
Original name DevManView.exe
Internal name DevManView
File version 1.41
Description DevManView
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-28 16:11:08
Entry Point 0x00002D04
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
LoadLibraryW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
HeapReAlloc
HeapDestroy
HeapAlloc
ReplaceFileW
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetFileAttributesW
RtlUnwind
GetModuleFileNameA
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetLocaleInfoA
HeapSize
GetFileSize
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetFileAttributesW
WideCharToMultiByte
TlsFree
GetModuleHandleA
FindNextFileW
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
FindFirstFileExW
GetStringTypeW
LoadLibraryA
IsDebuggerPresent
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualFree
FindClose
TlsGetValue
Sleep
GetFileType
GetFullPathNameW
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
LocalAlloc
SetLastError
LeaveCriticalSection
EndDialog
DialogBoxParamW
Number of PE resources by type
RT_ICON 5
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
GERMAN 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
271360

ImageVersion
0.0

ProductName
DevManView

FileVersionNumber
1.4.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
DevManView

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
DevManView.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.41

TimeStamp
2016:08:28 17:11:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DevManView

ProductVersion
1.41

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2009 - 2013 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
31744

FileSubtype
0

ProductVersionNumber
1.4.1.0

EntryPoint
0x2d04

ObjectFileType
Executable application

File identification
MD5 215416e19b104e33ca9c29f285ea23fa
SHA1 a42213b62843d2b8decc7f4cf13924dff430c889
SHA256 e68422f678c60e1478690cd0ab11b15f6ec2eee078b96221d6121c17f345dc84
ssdeep
3072:Q02F3sntB/tTSL4rmVA665o63lJ6DIjTFNEGC+vw+YYp7lGoxaSIcJZEL+ypkZ:0FctB/tTS8CVHP63lJp1oYDIxcJak

authentihash e63d99b2e21ef176ddc1ed1745da39c921d0a80e29eeb8333e8c0160b4e134b5
imphash ed74ab9fadf21c13007f145075b3f66f
File size 218.0 KB ( 223232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-20 10:21:40 UTC ( 2 years, 5 months ago )
Last submission 2016-09-20 10:21:40 UTC ( 2 years, 5 months ago )
File names DevManView.exe
DevManView
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications