× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f146d50dc794b14ef64b5b76cb51d3f222a8ff440990204458d19e2c53bdabd8
File name: vt-upload-22bvf
Detection ratio: 13 / 54
Analysis date: 2014-07-13 20:13:30 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.Xpack.73397 20140713
Avast Win32:Dropper-gen [Drp] 20140713
AVG Crypt3.AEGV 20140713
ESET-NOD32 a variant of Win32/Kryptik.CGNP 20140713
GData Win32.Trojan.Agent.VIJ1DY 20140713
Ikarus Trojan.Win32.Kryptik 20140713
Kaspersky Trojan-Spy.Win32.Zbot.tmps 20140713
Malwarebytes Spyware.Zbot.VXGen 20140713
McAfee Artemis!C9E6C0B84BA4 20140713
McAfee-GW-Edition Artemis!C9E6C0B84BA4 20140713
Sophos AV Mal/Generic-S 20140713
Tencent Win32.Trojan-spy.Zbot.Tccc 20140713
VIPRE Trojan.Win32.Generic!BT 20140713
Ad-Aware 20140713
AegisLab 20140713
Yandex 20140713
AhnLab-V3 20140713
Antiy-AVL 20140713
Baidu-International 20140713
BitDefender 20140713
Bkav 20140711
ByteHero 20140713
CAT-QuickHeal 20140712
ClamAV 20140713
CMC 20140711
Commtouch 20140713
Comodo 20140712
DrWeb 20140713
Emsisoft 20140713
F-Prot 20140713
F-Secure 20140713
Fortinet 20140713
Jiangmin 20140713
K7AntiVirus 20140711
K7GW 20140711
Kingsoft 20140713
Microsoft 20140713
eScan 20140713
NANO-Antivirus 20140713
Norman 20140713
nProtect 20140713
Panda 20140713
Qihoo-360 20140713
Rising 20140713
SUPERAntiSpyware 20140713
Symantec 20140713
TheHacker 20140711
TotalDefense 20140713
TrendMicro 20140713
TrendMicro-HouseCall 20140713
VBA32 20140712
ViRobot 20140713
Zillya 20140712
Zoner 20140711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Gpowersoft

Publisher Gpowersoft
Product IMS Image Manipullation Software
Original name ims imagge
Internal name imm manip softw
File version 1.0.9.1
Description IMS Image Manipullation Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-10 15:34:35
Entry Point 0x00004014
Number of sections 5
PE sections
PE imports
GetSaveFileNameA
ChooseColorW
CreatePen
CreateFontIndirectA
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
BitBlt
CreateBitmapIndirect
RealizePalette
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
MoveToEx
CreatePalette
GetStockObject
SelectPalette
CreateCompatibleDC
StretchBlt
ExtEscape
SelectObject
CreateSolidBrush
Polyline
DPtoLP
SetBkColor
BeginPath
DeleteObject
Ellipse
GetStdHandle
WaitForSingleObject
EncodePointer
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
InitializeCriticalSection
InterlockedDecrement
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetFileSize
DeleteFileA
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameA
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
GetProcessTimes
GetEnvironmentStringsW
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
GetStateTextA
SysFreeString
SysAllocString
ExtractIconA
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
Ord(680)
StrChrA
StrStrW
GetMessageA
GetMessagePos
GetClassInfoExW
DrawEdge
BeginPaint
DefWindowProcW
GetClassInfoExA
ShowWindow
GetForegroundWindow
GetNextDlgGroupItem
SetWindowPos
GetWindowThreadProcessId
SendDlgItemMessageA
GetSystemMetrics
SetScrollPos
IsWindow
SendMessageW
GetWindowRect
InflateRect
EndPaint
UpdateWindow
EnumDesktopsA
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
TranslateMessage
IsWindowEnabled
GetSysColor
GetDC
RegisterClassExA
DrawTextA
GetDlgCtrlID
CreatePopupMenu
ShowCaret
GetMenu
UnregisterClassA
FindWindowA
SendDlgItemMessageW
SendMessageA
SetWindowTextW
GetDlgItem
MessageBoxW
IsIconic
ScreenToClient
InvalidateRect
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemInfoA
RegisterClassA
IsDlgButtonChecked
CopyRect
ValidateRect
DispatchMessageA
IsRectEmpty
RedrawWindow
GetMenuStringA
GetUpdateRect
GetAncestor
CoUnmarshalInterface
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream
CoTaskMemFree
OleInitialize
Ord(202)
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.9.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
187904

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 Gpowersoft

FileVersion
1.0.9.1

TimeStamp
2014:07:10 16:34:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
imm manip softw

ProductVersion
1.0.9.1

FileDescription
IMS Image Manipullation Software

OSVersion
5.1

OriginalFilename
ims imagge

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Gpowersoft

CodeSize
71168

ProductName
IMS Image Manipullation Software

ProductVersionNumber
1.0.9.1

EntryPoint
0x4014

ObjectFileType
Executable application

File identification
MD5 c9e6c0b84ba4dac462cd85f37b0b131e
SHA1 995be4550b3e5cf675372d0783a07574059fae41
SHA256 f146d50dc794b14ef64b5b76cb51d3f222a8ff440990204458d19e2c53bdabd8
ssdeep
3072:Z4EIPBJLyu9x6wo2X8PkWSAg2VLoDPwpk7nIDDax8bDSS4XetqjJFcsO8hIasS7f:qvJDH65pP3gms7wyzIDDC3nFFSsMm1

authentihash 211dc322938cbb3ccb993250679bb2dd10e77275bb9bc79b83e266084d4d70d9
imphash 0cd0288de0e17bc1441a7e1fee5e12e5
File size 254.0 KB ( 260096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows Screen Saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-13 20:13:30 UTC ( 4 years, 8 months ago )
Last submission 2015-03-17 04:46:02 UTC ( 4 years ago )
File names imm manip softw
c9e6c0b84ba4dac462cd85f37b0b131e
f146d50dc794b14ef64b5b76cb51d3f222a8ff440990204458d19e2c53bdabd8
vt-upload-22bvf
ims imagge
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.