× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f40361b663037d54b437edd09f03d8b5aeb44ebfd3f245161d1917315a9fe875
File name: FontViewOK
Detection ratio: 0 / 54
Analysis date: 2014-09-22 22:43:26 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
AVG 20140922
Ad-Aware 20140922
AegisLab 20140922
Agnitum 20140922
AhnLab-V3 20140922
Antiy-AVL 20140922
Avast 20140922
Avira 20140922
Baidu-International 20140922
BitDefender 20140922
Bkav 20140922
ByteHero 20140922
CAT-QuickHeal 20140922
CMC 20140922
ClamAV 20140922
Comodo 20140922
Cyren 20140922
DrWeb 20140922
ESET-NOD32 20140922
Emsisoft 20140922
F-Prot 20140922
F-Secure 20140922
Fortinet 20140922
GData 20140922
Ikarus 20140922
Jiangmin 20140922
K7AntiVirus 20140922
K7GW 20140922
Kaspersky 20140922
Kingsoft 20140922
Malwarebytes 20140922
McAfee 20140922
McAfee-GW-Edition 20140922
MicroWorld-eScan 20140922
Microsoft 20140922
NANO-Antivirus 20140922
Norman 20140922
Panda 20140922
Qihoo-360 20140922
Rising 20140922
SUPERAntiSpyware 20140922
Sophos 20140922
Symantec 20140922
Tencent 20140922
TheHacker 20140919
TotalDefense 20140922
TrendMicro 20140922
TrendMicro-HouseCall 20140922
VBA32 20140922
VIPRE 20140922
ViRobot 20140922
Zillya 20140921
Zoner 20140919
nProtect 20140922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright (C) 2004-2012

Publisher Nenad Hrg SoftwareOK.de
Product Anwendung FontViewOK
Original name FontViewOK.exe
Internal name FontViewOK
File version 2, 6, 6, 0
Description FontViewOK 2.66
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-01 08:25:25
Link date 9:25 AM 6/1/2012
Entry Point 0x00011AFF
Number of sections 4
PE sections
PE imports
RegOpenKeyExA, RegCloseKey, RegEnumValueA
ImageList_SetImageCount, ImageList_ReplaceIcon, ImageList_Draw
CreateFontA, GetStockObject, GetBkColor, EnumFontsA, CreateSolidBrush, CreateFontIndirectA, GetTextMetricsA, GetTextExtentPoint32A, GetDeviceCaps, CreatePen, DeleteObject, CreateCompatibleDC, CreateCompatibleBitmap, DeleteDC, AddFontResourceA, GetObjectA, PatBlt, SelectObject
GetWindowsDirectoryA, GetCurrentThreadId, GetTempPathA, lstrcpynA, DeleteFileA, WriteFile, WideCharToMultiByte, lstrlenA, GetLastError, FormatMessageA, LocalFree, GetFileAttributesA, GetProcAddress, LoadLibraryA, FreeLibrary, LockResource, CloseHandle, ReadFile, GlobalAlloc, GetFileSize, CreateFileA, lstrcpyA, GetStartupInfoA, lstrcatA, GetVersionExA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetSystemDefaultLangID, GetModuleHandleA, GetLocalTime, MulDiv
-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
__0_Lockit@std@@QAE@XZ, __1_Lockit@std@@QAE@XZ
__p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p__fmode, _XcptFilter, _exit, _onexit, _setmbcp, _stricmp, __set_app_type, _acmdln, __CxxFrameHandler, _mbscmp, atoi, _mbsnbicmp, _ftol, _mbsnbcpy, _mbsstr, strncpy, _except_handler3, atof, exit, putc, getc, fread, malloc, free, _mbsicmp, vsprintf, toupper, _mbsrchr, __dllonexit, _controlfp
SHBrowseForFolderA, ShellExecuteExA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHFileOperationA, ShellExecuteA, SHGetMalloc
GetMenuStringA, GetMenuItemInfoA, SystemParametersInfoA, LoadMenuA, CallNextHookEx, GetParent, ScreenToClient, PostMessageA, UnhookWindowsHookEx, TrackPopupMenuEx, SetWindowsHookExA, GetDesktopWindow, GetSubMenu, MessageBoxA, DrawFocusRect, CreateMenu, IsZoomed, LoadIconA, SetMenu, PtInRect, DrawTextA, FillRect, GetDlgItem, SetWindowTextA, GetWindowTextA, GetDC, ReleaseDC, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, CreatePopupMenu, AppendMenuA, GetCursorPos, TrackPopupMenu, KillTimer, CopyRect, IntersectRect, GetFocus, PeekMessageA, PostQuitMessage, IsWindowVisible, GetSystemMetrics, SetRect, IsWindow, SetClassLongA, LoadCursorA, GetSysColor, GetWindowRect, SendMessageA, SetTimer, UpdateWindow, EnableWindow, SetWindowPos, RedrawWindow, GetClientRect, GetMenuItemCount
OleInitialize
Number of PE resources by type
RT_ICON 13
RT_STRING 8
RT_BITMAP 7
RT_GROUP_ICON 7
RT_DIALOG 4
Struct(241) 4
RT_MENU 3
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
GERMAN 48
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.6.6.0

LanguageCode
German

FileFlagsMask
0x003f

FileDescription
FontViewOK 2.66

CharacterSet
Unicode

InitializedDataSize
114688

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2004-2012

FileVersion
2, 6, 6, 0

TimeStamp
2012:06:01 10:25:25+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
FontViewOK

ProductVersion
2, 6, 6, 0

UninitializedDataSize
0

OSVersion
4.0

OriginalFilename
FontViewOK.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nenad Hrg SoftwareOK.de

CodeSize
77824

ProductName
Anwendung FontViewOK

ProductVersionNumber
2.6.6.0

EntryPoint
0x11aff

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e9f2e4c11cd30703cfa084b4bfda9234
SHA1 abeeeaf6acd3fc8adb3afb8c4393b231bd90cf61
SHA256 f40361b663037d54b437edd09f03d8b5aeb44ebfd3f245161d1917315a9fe875
ssdeep
3072:6WYoEELEXFeKgC+WWqHeAGPdyrLQEOxI8QY4/cSuku16nyr:6ukHL+WWgaoXQP4/vuku1D

authentihash 08b6fcd641b2d05dc22533e038a46ee02ac6fafda87ed038cd06544acee00c3b
imphash c600bab9265f5a4a604275fe4beb8c12
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-06-04 15:18:30 UTC ( 3 years, 1 month ago )
Last submission 2012-06-04 15:18:30 UTC ( 3 years, 1 month ago )
File names FontViewOK.exe
smona_f40361b663037d54b437edd09f03d8b5aeb44ebfd3f245161d1917315a9fe875.bin
FontViewOK
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications