× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb7dd3e54a85c79e798ba6c5f4347f511073526aa10479aed23b143260ac2519
File name: pwsafe.exe
Detection ratio: 0 / 51
Analysis date: 2014-04-06 13:35:34 UTC ( 2 weeks, 2 days ago )
Antivirus Result Update
AVG 20140406
Ad-Aware 20140406
AegisLab 20140406
Agnitum 20140405
AhnLab-V3 20140406
AntiVir 20140406
Antiy-AVL 20140406
Avast 20140406
Baidu-International 20140406
BitDefender 20140406
Bkav 20140405
ByteHero 20140406
CAT-QuickHeal 20140406
CMC 20140404
ClamAV 20140406
Commtouch 20140406
Comodo 20140406
DrWeb 20140406
ESET-NOD32 20140405
Emsisoft 20140406
F-Prot 20140406
F-Secure 20140406
Fortinet 20140406
GData 20140406
Ikarus 20140406
Jiangmin 20140406
K7AntiVirus 20140404
K7GW 20140404
Kaspersky 20140406
Kingsoft 20140406
Malwarebytes 20140406
McAfee 20140406
McAfee-GW-Edition 20140405
MicroWorld-eScan 20140406
Microsoft 20140406
NANO-Antivirus 20140406
Norman 20140406
Panda 20140406
Qihoo-360 20140406
Rising 20140406
SUPERAntiSpyware 20140405
Sophos 20140406
Symantec 20140406
TheHacker 20140404
TotalDefense 20140406
TrendMicro 20140406
TrendMicro-HouseCall 20140406
VBA32 20140404
VIPRE 20140406
ViRobot 20140406
nProtect 20140406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © 2003-2014 by Rony Shapiro

Publisher SourceForge.net
Product Password Safe
Original name pwsafe.exe
Internal name Password Safe
File version 3, 33, 0, g68b1969
Description Password Safe Application
Comments PasswordSafe was originally written by Counterpane Systems, and is now an open source project under http://pwsafe.org
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-07 08:06:44
Link date 9:06 AM 2/7/2014
Entry Point 0x00231E52
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegEnumKeyW
RegDeleteValueW
RegQueryValueExA
RegCloseKey
GetUserNameW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueW
ImageList_BeginDrag
ImageList_DragMove
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_SetDragCursorImage
ImageList_GetDragImage
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
GetTextMetricsW
SetMapMode
GetWindowOrgEx
GetPaletteEntries
CombineRgn
GetViewportOrgEx
GetObjectType
GetBoundsRect
SetLayout
SetPixel
IntersectClipRect
OffsetWindowOrgEx
CreateEllipticRgn
GetTextFaceW
CreatePalette
CreateDIBitmap
SetTextAlign
StretchBlt
StretchDIBits
ScaleViewportExtEx
SetWindowExtEx
SetViewportExtEx
SetBkColor
GetBkColor
SetRectRgn
GetTextCharsetInfo
GetDIBColorTable
TextOutW
GetSystemPaletteEntries
OffsetRgn
CreateRectRgnIndirect
LPtoDP
GetPixel
GetLayout
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
EnumFontFamiliesW
RectInRegion
PtInRegion
BitBlt
FillRgn
FrameRgn
SelectPalette
PtVisible
ExtSelectClipRgn
ScaleWindowExtEx
SetROP2
GetNearestPaletteIndex
SetDIBColorTable
GetTextColor
SetPixelV
DeleteObject
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GetMapMode
CreateFontIndirectW
GetCharWidthW
GetObjectW
CreateDCW
RealizePalette
CreateHatchBrush
CreatePatternBrush
ExtTextOutW
SetPaletteEntries
CreateBitmap
RectVisible
GetStockObject
SelectClipRgn
RoundRect
SetWindowOrgEx
GetViewportExtEx
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
GetRgnBox
SaveDC
RestoreDC
CreateDIBSection
SetTextColor
ExtFloodFill
GetCurrentObject
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
CreateFontW
CreateRectRgn
Escape
SelectObject
SetPolyFillMode
CopyMetaFileW
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
Ellipse
HidD_SetFeature
HidD_GetFeature
HidD_GetAttributes
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
EncodePointer
GetFileAttributesW
lstrcmpW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
LoadLibraryExW
GetSystemDirectoryW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
InterlockedExchange
FindResourceExW
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
GetProfileIntW
ResumeThread
LocalLock
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
GetFullPathNameW
OutputDebugStringA
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
PeekNamedPipe
GlobalFindAtomW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetStringTypeExW
LoadLibraryA
VerSetConditionMask
SetConsoleCtrlHandler
EnumSystemLocalesW
InterlockedDecrement
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetPrivateProfileStringW
CreateEventW
VirtualLock
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
SetProcessShutdownParameters
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
ReadConsoleW
GetVersion
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetSystemTime
LoadLibraryW
GlobalGetAtomNameW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
CopyFileW
GlobalSize
LeaveCriticalSection
UnlockFile
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
GetModuleHandleW
GetDateFormatW
SetErrorMode
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
WriteFile
CompareStringW
lstrcpyW
GetFileSizeEx
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
FindNextFileW
GetModuleHandleA
FindFirstFileW
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LocalUnlock
InterlockedIncrement
GetLastError
LocalReAlloc
GlobalDeleteAtom
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetTimeFormatW
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
LockFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
HeapQueryInformation
WideCharToMultiByte
HeapSize
WritePrivateProfileStringW
SuspendThread
RaiseException
TlsFree
SetFilePointer
VirtualUnlock
ReadFile
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
GetFileAttributesExW
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
SetThreadPriority
VirtualAlloc
TransparentBlt
AlphaBlend
LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow
OleCreateFontIndirect
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VarBstrFromDate
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
UuidCreate
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
DragQueryFileW
SHCreateDirectoryExW
SHBrowseForFolderW
DragAcceptFiles
SHFileOperationW
SHGetDesktopFolder
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHAppBarMessage
SHGetFileInfoW
Shell_NotifyIconW
SHAddToRecentDocs
SHGetSpecialFolderPathW
SHGetMalloc
DragFinish
UrlUnescapeW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathIsUNCW
PathFindExtensionW
StrFormatKBSizeW
PathStripToRootW
AssocQueryStringW
PathIsDirectoryW
RedrawWindow
GetForegroundWindow
SetWindowRgn
GetMenuInfo
RegisterWindowMessageW
UnregisterHotKey
SetMenuItemBitmaps
DrawTextW
CharUpperW
EnableScrollBar
DestroyMenu
PostQuitMessage
TrackMouseEvent
GetMessagePos
DrawStateW
SetWindowPos
GetNextDlgTabItem
IsWindow
GrayStringW
EndPaint
EndDialog
WindowFromPoint
IntersectRect
CopyRect
CharUpperBuffW
VkKeyScanW
SetMenuItemInfoW
SendMessageW
SetActiveWindow
DispatchMessageW
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassW
GetClassInfoW
SetWindowContextHelpId
DefWindowProcW
AllowSetForegroundWindow
SetMenuDefaultItem
SetScrollPos
GetThreadDesktop
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
LoadImageW
TrackPopupMenu
GetKeyboardLayoutNameW
GetTopWindow
ShowCursor
OpenClipboard
GetWindowTextW
RegisterClipboardFormatW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
InvalidateRgn
GetKeyState
DestroyWindow
DrawEdge
RegisterHotKey
GetUserObjectInformationW
GetClassInfoExW
SetMenuInfo
UpdateWindow
GetPropW
EqualRect
SetClassLongW
EnumWindows
MapVirtualKeyExW
GetMessageW
ShowWindow
GetCaretPos
DrawFrameControl
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
CopyAcceleratorTableW
LoadIconW
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
SetClipboardData
GetIconInfo
GetMenuItemRect
RegisterClassW
OpenDesktopW
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
IsCharLowerW
IsIconic
InvertRect
DrawFocusRect
CreateMenu
GetActiveWindow
IsDialogMessageW
FillRect
MonitorFromPoint
CreateAcceleratorTableW
WaitForInputIdle
DeferWindowPos
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
GetMenuItemInfoW
IsChild
MapWindowPoints
VkKeyScanExW
GetMonitorInfoW
ReleaseCapture
SwitchDesktop
BeginPaint
OffsetRect
DefMDIChildProcW
GetScrollPos
CopyIcon
keybd_event
KillTimer
MapVirtualKeyW
GetComboBoxInfo
CheckMenuRadioItem
GetClipboardData
GetParent
ToUnicodeEx
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetRectEmpty
SetCapture
DrawIcon
DrawTextExW
ShowOwnedPopups
SetKeyboardState
MonitorFromRect
CheckDlgButton
WaitMessage
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
PtInRect
DrawIconEx
GetMessageTime
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
SetCursor
BringWindowToTop
ClientToScreen
PostMessageW
GetAsyncKeyState
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
SetParent
IsDlgButtonChecked
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetClientRect
NotifyWinEvent
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
GetScrollRange
SetLayeredWindowAttributes
GetScrollInfo
HideCaret
GetKeyboardLayout
SendInput
GetCapture
ScreenToClient
MessageBeep
LoadMenuW
SetFocus
GetWindowThreadProcessId
GetSysColorBrush
ShowScrollBar
MessageBoxW
DefFrameProcW
UnhookWindowsHookEx
MoveWindow
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetFocus
RemoveMenu
SetDlgItemTextW
SetScrollInfo
CopyImage
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
EnumDisplayMonitors
BeginDeferWindowPos
WinHelpW
LoadBitmapW
SetDoubleClickTime
GetDesktopWindow
SubtractRect
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
UnionRect
GetDC
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
CharNextW
CallWindowProcW
GetClassNameW
InvalidateRect
BlockInput
ModifyMenuW
MonitorFromWindow
EnableMenuItem
CloseDesktop
IsRectEmpty
IsMenu
SendMessageTimeoutW
EnableWindow
CloseClipboard
IsWindowVisible
TranslateAcceleratorW
SetMenu
RemovePropW
IsAppThemed
GetThemeSysColor
GetThemeColor
GetCurrentThemeName
DrawThemeText
OpenThemeData
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetCanonicalizeUrlW
InternetSetStatusCallbackW
InternetQueryDataAvailable
InternetQueryOptionW
InternetGetLastResponseInfoW
InternetCrackUrlW
InternetWriteFile
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetFilePointer
InternetOpenW
PlaySoundW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
htons
htonl
GetTimestampForLoadedLibrary
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipDisposeImage
GdipBitmapUnlockBits
GdiplusStartup
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImagePaletteSize
GdipDrawImageI
GdipDrawImageRectI
GdipSetInterpolationMode
GdipFree
GdipGetImageHeight
GdipCloneImage
GdipGetImageGraphicsContext
OleLockRunning
CoUninitialize
OleTranslateAccelerator
OleUninitialize
OleDestroyMenuDescriptor
DoDragDrop
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal
OleFlushClipboard
ReleaseStgMedium
CoCreateGuid
RegisterDragDrop
RevokeDragDrop
CoRegisterMessageFilter
OleCreateMenuDescriptor
OleGetClipboard
OleDuplicateData
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
StgCreateDocfileOnILockBytes
CoInitialize
OleInitialize
CoLockObjectExternal
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromProgID
CoFreeUnusedLibraries
IsAccelerator
OleIsCurrentClipboard
OleSetClipboard
OleUIBusyW
Number of PE resources by type
RT_BITMAP 251
RT_STRING 122
RT_DIALOG 76
RT_ICON 39
RT_GROUP_ICON 23
RT_MENU 16
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_ACCELERATOR 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 561
HEBREW DEFAULT 1
ExifTool file metadata
LegalTrademarks
Copyright 1997-8 by Counterpane Systems, 2003-2014 by Rony Shapiro

SubsystemVersion
5.1

Comments
PasswordSafe was originally written by Counterpane Systems, and is now an open source project under http://pwsafe.org

InitializedDataSize
1822208

ImageVersion
0.0

ProductName
Password Safe

FileVersionNumber
3.33.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

OriginalFilename
pwsafe.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3, 33, 0, g68b1969

TimeStamp
2014:02:07 09:06:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Password Safe

FileAccessDate
2014:04:06 14:32:15+01:00

ProductVersion
3, 33, 0, g68b1969

FileDescription
Password Safe Application

OSVersion
5.1

FileCreateDate
2014:04:06 14:32:15+01:00

FileOS
Win32

LegalCopyright
Copyright 2003-2014 by Rony Shapiro

MachineType
Intel 386 or later, and compatibles

CompanyName
SourceForge.net

CodeSize
2655744

FileSubtype
0

ProductVersionNumber
3.33.0.0

EntryPoint
0x231e52

ObjectFileType
Executable application

File identification
MD5 f4242b1394683cb29630a203aca2d319
SHA1 7269d3a8af02b6251050f7307bab8af21d74d537
SHA256 eb7dd3e54a85c79e798ba6c5f4347f511073526aa10479aed23b143260ac2519
ssdeep
98304:XbIPhF/rKfbz3kW0QdEvtmewyETEHTQuhnLOZtOO9bSo:XwKDNpyES7hnLO3V

imphash d577b7d153959e34d2ed5398f692eab9
File size 4.2 MB ( 4425728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (93.1%)
Win32 Executable (generic) (3.6%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-07 10:39:15 UTC ( 2 months, 2 weeks ago )
Last submission 2014-04-06 13:35:34 UTC ( 2 weeks, 2 days ago )
File names vt-upload-PQonRu
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
pwsafe.exe
Password Safe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
screen-capture

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.