× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f1764830f1b7a8a126e5ca2de5ac12f90d55f109ec0050ecf6fcf499401aaa20
File name: D6EAA8DD46553B57301F0A57B6A80300FCD5B4CC.exe
Detection ratio: 0 / 41
Analysis date: 2009-06-12 03:26:51 UTC ( 7 years, 9 months ago ) View latest
Antivirus Result Update
a-squared 20090612
AhnLab-V3 20090611
AntiVir 20090612
Antiy-AVL 20090611
Authentium 20090611
Avast 20090611
AVG 20090611
BitDefender 20090612
CAT-QuickHeal 20090611
ClamAV 20090612
Comodo 20090612
DrWeb 20090612
eSafe 20090611
eTrust-Vet 20090611
F-Prot 20090612
F-Secure 20090612
Fortinet 20090611
GData 20090612
Ikarus 20090612
K7AntiVirus 20090610
Kaspersky 20090612
McAfee 20090611
McAfee+Artemis 20090611
McAfee-GW-Edition 20090612
Microsoft 20090611
NOD32 20090611
NOD32Beta 20090611
Norman 20090611
nProtect 20090611
Panda 20090611
PCTools 20090612
Prevx 20090612
Rising 20090611
Sophos 20090612
Sunbelt 20090612
Symantec 20090612
TheHacker 20090611
TrendMicro 20090611
VBA32 20090611
ViRobot 20090611
VirusBuster 20090611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Remote Control 4.0
Internal name Remote Control 4.0
File version 4.0
Description Remote Control for Win32
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-08-21 07:01:33
Entry Point 0x00056E20
Number of sections 5
PE sections
Overlays
MD5 2c85f026a7f5fa2351138e2ea026e282
File type data
Offset 667648
Size 70
Entropy 5.06
PE imports
RegDeleteKeyA
RegCloseKey
OpenServiceA
RegEnumValueA
RegQueryValueExA
ControlService
RegNotifyChangeKeyValue
DeleteService
RegCreateKeyA
CloseServiceHandle
OpenProcessToken
RegSetValueExA
CreateServiceA
RegisterEventSourceA
RegOpenKeyExA
RegDeleteValueA
CryptReleaseContext
CryptAcquireContextA
SetServiceStatus
CreateProcessAsUserA
CryptGenRandom
GetUserNameA
RegQueryInfoKeyA
RegisterServiceCtrlHandlerA
RevertToSelf
StartServiceCtrlDispatcherA
DeregisterEventSource
StartServiceA
ImpersonateLoggedOnUser
OpenSCManagerA
ReportEventA
CreatePropertySheetPageA
PropertySheetA
GetSystemPaletteEntries
ResizePalette
GetClipBox
GetBitmapBits
GetObjectA
CreateDCA
DeleteDC
SetPaletteEntries
BitBlt
CreateDIBSection
RealizePalette
GetDeviceCaps
CreatePalette
SelectPalette
UnrealizeObject
GetDIBits
GdiFlush
CreateCompatibleDC
SelectObject
SetDIBColorTable
DeleteObject
CreateCompatibleBitmap
GetStdHandle
SetEvent
HeapDestroy
DebugBreak
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
ResumeThread
InitializeCriticalSection
LoadResource
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
GetSystemTime
ExitProcess
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceFrequency
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
LeaveCriticalSection
CreateMutexA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
GetProcAddress
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
GetUserDefaultLCID
CompareStringW
HeapValidate
CompareStringA
FreeConsole
GetComputerNameA
IsValidLocale
WaitForMultipleObjects
GlobalLock
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GlobalFree
LCMapStringA
SetProcessShutdownParameters
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
GetCommandLineA
GetCurrentThread
OpenMutexA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
ResetEvent
Shell_NotifyIconA
GetMessageA
GetClipboardData
MapVirtualKeyA
OpenInputDesktop
EmptyClipboard
VkKeyScanA
EndDialog
LoadMenuA
EnumWindows
keybd_event
GetUserObjectInformationA
GetClipboardOwner
PostQuitMessage
DefWindowProcA
GetIconInfo
SetWindowPos
GetWindowThreadProcessId
SetDlgItemInt
GetSystemMetrics
EnableMenuItem
IsWindow
mouse_event
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
LoadImageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
SetThreadDesktop
SetTimer
GetDlgItemInt
GetDC
ChangeClipboardChain
GetAsyncKeyState
ReleaseDC
SystemParametersInfoA
SetWindowTextA
FindWindowA
UnregisterClassA
GetCursorPos
SetClipboardData
GetDesktopWindow
DrawIconEx
IsWindowVisible
GetForegroundWindow
SendMessageA
DialogBoxParamA
GetClientRect
ToAscii
GetDlgItem
SetForegroundWindow
SetMenuDefaultItem
SetClipboardViewer
IsIconic
GetThreadDesktop
OpenDesktopA
GetWindowLongA
CreateWindowExA
TrackPopupMenu
ClientToScreen
RegisterClassA
GetSubMenu
KillTimer
WaitForInputIdle
CloseDesktop
IsRectEmpty
GetClassNameA
MsgWaitForMultipleObjects
CloseClipboard
OpenClipboard
ExitWindowsEx
PostThreadMessageA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
htonl
getsockname
accept
WSACreateEvent
WSAStartup
connect
shutdown
WSAResetEvent
htons
getpeername
select
recv
WSACloseEvent
inet_addr
send
ntohs
WSAGetLastError
listen
WSAEventSelect
gethostbyname
inet_ntoa
closesocket
setsockopt
socket
bind
WSAEnumNetworkEvents
CoCreateInstance
CoUninitialize
CoInitialize
WM_Hooks_WindowBorderChanged
WM_Hooks_Remove
WM_Hooks_EnableCursorShape
WM_Hooks_WindowChanged
WM_Hooks_SetDiagnosticRange
WM_Hooks_Diagnostic
WM_Hooks_WindowClientAreaChanged
WM_Hooks_RectangleChanged
WM_Hooks_CursorChanged
WM_Hooks_Install
WM_Hooks_EnableRealInputs
Number of PE resources by type
HTTPFILE 3
RT_ICON 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.0.26

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
200704

EntryPoint
0x56e20

MIMEType
application/octet-stream

FileVersion
4.0

TimeStamp
2006:08:21 08:01:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Remote Control 4.0

ProductVersion
4.0

FileDescription
Remote Control for Win32

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
471040

ProductName
Remote Control 4.0

ProductVersionNumber
4.0.0.26

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7f4d6cb72ee03579a70988ccd41c0ada
SHA1 8c879898260a1bbae698e58c4f91f37a3305c87d
SHA256 f1764830f1b7a8a126e5ca2de5ac12f90d55f109ec0050ecf6fcf499401aaa20
ssdeep
12288:poLSRndRBvVIcEUDqmPMhZL/oDp5h3w/j1rRc+d14/Jli:FvVEUDQ45h3w71rRD2/y

authentihash 7c92cc83723bb1724a8e76537541f9cce4874bd86ab703cc76f202eb8162a35f
imphash 10529edf2bc4030084c60dc16f76c030
File size 652.1 KB ( 667718 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe installshield overlay

VirusTotal metadata
First submission 2009-06-12 03:26:51 UTC ( 7 years, 9 months ago )
Last submission 2014-12-23 08:37:33 UTC ( 2 years, 3 months ago )
File names rmserver.exe
Remote Control 4.0
7F4D6CB72EE03579A70988CCD41C0ADA
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!