× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8d3d0a961275a754eeac3cf37c6ecae6dce302281075a87962eb2eca950a7bd
File name: 680119b94dcddf9bc3abdad4da9926382e6be34b
Detection ratio: 11 / 55
Analysis date: 2014-12-12 19:04:19 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.515148 20141212
Avast Win32:Malware-gen 20141212
BitDefender Gen:Variant.Kazy.515148 20141212
CMC Packed.Win32.Obfuscated.10!O 20141212
DrWeb Trojan.PWS.Panda.7708 20141212
Emsisoft Gen:Variant.Kazy.515148 (B) 20141212
ESET-NOD32 Win32/Spy.Zbot.ACB 20141212
F-Secure Gen:Variant.Kazy.515148 20141212
Fortinet W32/Kryptik.CRQZ!tr 20141212
GData Gen:Variant.Kazy.515148 20141212
eScan Gen:Variant.Kazy.515148 20141212
AegisLab 20141212
Yandex 20141212
AhnLab-V3 20141212
ALYac 20141212
Antiy-AVL 20141212
AVG 20141212
Avira (no cloud) 20141212
AVware 20141212
Baidu-International 20141212
Bkav 20141212
ByteHero 20141212
CAT-QuickHeal 20141212
Comodo 20141212
Cyren 20141212
F-Prot 20141212
Ikarus 20141212
Jiangmin 20141211
K7AntiVirus 20141212
K7GW 20141212
Kaspersky 20141212
Kingsoft 20141212
Malwarebytes 20141212
McAfee 20141212
McAfee-GW-Edition 20141212
Microsoft 20141212
NANO-Antivirus 20141212
Norman 20141212
nProtect 20141212
Panda 20141212
Qihoo-360 20141212
Rising 20141212
Sophos AV 20141212
SUPERAntiSpyware 20141212
Symantec 20141212
Tencent 20141212
TheHacker 20141212
TotalDefense 20141212
TrendMicro 20141212
TrendMicro-HouseCall 20141212
VBA32 20141212
VIPRE 20141212
ViRobot 20141212
Zillya 20141212
Zoner 20141210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright(c) 2007 Corel Corporation

Product Corel Graphics Applications
Original name CdrConv.exe
Internal name CdrConv
File version 14.0.0.701
Description CdrConverter
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-11 12:02:56
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
CopySid
CryptEncrypt
RegSetKeySecurity
AddAuditAccessObjectAce
GetSecurityDescriptorGroup
RegOpenKeyExW
LookupAccountNameW
RegOpenKeyExA
ConvertSidToStringSidW
GetTokenInformation
GetSecurityDescriptorDacl
OpenThreadToken
GetSecurityDescriptorSacl
IsValidAcl
InitializeAcl
CryptDestroyKey
AddAccessDeniedAce
RegQueryValueExA
OpenServiceW
LookupPrivilegeValueW
LsaNtStatusToWinError
GetAclInformation
RegQueryValueExW
CryptImportKey
SetSecurityDescriptorDacl
CloseServiceHandle
GetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterEventSourceW
AddAccessAllowedAce
AddAccessAllowedObjectAce
RegGetKeySecurity
CryptVerifySignatureW
CryptDecrypt
CreateProcessAsUserW
RegDeleteValueW
LogonUserW
RegSetValueExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
InitializeSecurityDescriptor
AddAuditAccessAceEx
EqualSid
SetThreadToken
AddAce
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
AccessCheck
AddAccessDeniedAceEx
DeleteService
CryptCreateHash
CryptDeriveKey
ChangeServiceConfig2W
OpenProcessToken
DeregisterEventSource
SetFileSecurityW
CreateServiceW
CryptReleaseContext
RegisterServiceCtrlHandlerW
AddAccessDeniedObjectAce
RegEnumKeyExW
LsaAddAccountRights
CryptDestroyHash
MapGenericMask
RegEnumValueW
RevertToSelf
SetSecurityDescriptorControl
FreeSid
MakeSelfRelativeSD
AllocateAndInitializeSid
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
GetSecurityDescriptorControl
GetAce
AdjustTokenPrivileges
ControlService
RegDeleteKeyW
CryptHashData
LsaOpenPolicy
ConvertStringSidToSidW
MakeAbsoluteSD
RegConnectRegistryW
RegEnumKeyW
GetSecurityDescriptorOwner
DuplicateTokenEx
DeleteAce
SetServiceStatus
RegQueryInfoKeyW
AddAccessAllowedAceEx
GetLengthSid
LsaClose
CryptAcquireContextW
OpenSCManagerW
ReportEventW
StartServiceCtrlDispatcherW
SetSecurityDescriptorGroup
GetEnhMetaFileA
AddFontResourceA
DeleteEnhMetaFile
CreateMetaFileA
GetBkMode
SaveDC
GdiFlush
AddFontResourceW
GetEnhMetaFileW
GetLayout
DeleteDC
EndDoc
FillPath
CreateHalftonePalette
GetFontLanguageInfo
CreateMetaFileW
SetTextColor
CreatePatternBrush
GetDCBrushColor
GetColorSpace
DeleteColorSpace
AbortPath
GetDCPenColor
GetGraphicsMode
SetTextAlign
CreateCompatibleDC
GetBkColor
CloseEnhMetaFile
EndPage
CloseFigure
SelectObject
CloseMetaFile
CancelDC
BeginPath
DeleteObject
EndPath
FileTimeToDosDateTime
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
OpenFileMappingW
GetLocaleInfoA
LocalAlloc
GetSystemDirectoryW
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
IsDBCSLeadByteEx
WideCharToMultiByte
GetProcAddress
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
FreeLibrary
LocalFree
FormatMessageW
GetThreadPriority
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
RemoveDirectoryW
HeapAlloc
FlushViewOfFile
LoadLibraryA
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
FindNextChangeNotification
CreateEventW
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
CreateMutexW
TerminateProcess
FindCloseChangeNotification
GlobalAlloc
GetVersion
LeaveCriticalSection
GetModuleHandleA
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
lstrcmpiW
GlobalSize
GetStartupInfoA
GetWindowsDirectoryW
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
DuplicateHandle
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
GetShortPathNameW
lstrlenA
GlobalFree
GlobalUnlock
IsDBCSLeadByte
lstrlenW
FindFirstChangeNotificationW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
GetCommandLineA
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
GetACP
GlobalLock
GetModuleHandleW
GetFileAttributesExW
LoadLibraryW
CompareFileTime
UnmapViewOfFile
FindResourceW
Sleep
CompareStringA
StrStrIW
StrChrA
GetParent
UpdateWindow
LoadBitmapW
GetMessageW
ShowWindow
LoadBitmapA
GetSystemMetrics
IsWindow
PeekMessageW
CharUpperW
TranslateMessage
CharUpperBuffW
GetSysColor
SendMessageW
DispatchMessageW
GetMenu
SendMessageA
LoadStringW
GetDlgItem
EnableMenuItem
LoadCursorA
LoadIconA
PostThreadMessageW
IsDlgButtonChecked
CharNextA
LoadIconW
MsgWaitForMultipleObjects
CharNextW
GetKeyboardType
DestroyWindow
timeGetTime
_except_handler3
_cexit
_c_exit
_adjust_fdiv
__wgetmainargs
__p__commode
__setusermatherr
wcschr
__dllonexit
_tempnam
__p__fmode
_XcptFilter
exit
_initterm
_wcmdln
wcsncpy
_exit
__set_app_type
CreateStreamOnHGlobal
StgCreateStorageEx
CoUninitialize
CoTaskMemAlloc
CoRevokeClassObject
GetHGlobalFromStream
CoCreateGuid
CoTaskMemRealloc
CoSuspendClassObjects
StgOpenStorageEx
CoInitializeSecurity
StringFromCLSID
CLSIDFromString
CoRegisterClassObject
CoCreateInstanceEx
CoInitializeEx
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
CoGetCallContext
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
LegalTrademarks
Corel, CorelDRAW, Corel DESIGNER, Corel R.A.V.E., Corel PHOTO-PAINT, CorelTRACE and Corel CAPTURE are trademarks or registered trademarks of Corel Corporation and/or its subsidiaries in Canada, the U.S. and/or other countries.

UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.0.0.701

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
154624

EntryPoint
0x1000

OriginalFileName
CdrConv.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright(c) 2007 Corel Corporation

FileVersion
14.0.0.701

TimeStamp
2014:12:11 13:02:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CdrConv

SubsystemVersion
5.0

FileDescription
CdrConverter

Builton
Fri 11/21/2008 21:36:24.30

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Corel Corporation

CodeSize
281088

ProductName
Corel Graphics Applications

ProductVersionNumber
14.0.0.701

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c4540e10b0fc2b36caabb2b99118ea7f
SHA1 24be7d7e2bfd2ddde694d7fbd7285bc49347b738
SHA256 e8d3d0a961275a754eeac3cf37c6ecae6dce302281075a87962eb2eca950a7bd
ssdeep
6144:P3oO8ADJmorINVpkqTg1snjd+jZTylnmTn9nXnlnvVPnfnBQzr/:98KhVQR+1m2QH

authentihash 008baa91a21e23e1ec0ab5d4cd5809476d885720929f51a9987f91ce1db362ec
imphash aa4455d75da8016f905481d8dfffcaf6
File size 426.0 KB ( 436224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-12 19:04:19 UTC ( 4 years, 3 months ago )
Last submission 2014-12-12 19:04:19 UTC ( 4 years, 3 months ago )
File names 680119b94dcddf9bc3abdad4da9926382e6be34b
e8d3d0a961275a754eeac3cf37c6ecae6dce302281075a87962eb2eca950a7bd.exe
CdrConv
CdrConv.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.