× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f531717366e75786baf485a95fce28cbf4e23a61bf0e3c444d6fb3400885cbf8
File name: 2.exe
Detection ratio: 24 / 51
Analysis date: 2014-05-22 14:23:34 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1686549 20140522
AntiVir TR/Crypt.Xpack.67078 20140522
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140522
Avast Win32:Zbot-TUQ [Trj] 20140522
AVG Zbot.IZC 20140522
Baidu-International Trojan.Win32.Zbot.bABS 20140522
BitDefender Trojan.GenericKD.1686549 20140522
Emsisoft Trojan.GenericKD.1686549 (B) 20140522
ESET-NOD32 Win32/Spy.Zbot.ABS 20140522
F-Secure Trojan.GenericKD.1686549 20140522
Fortinet W32/Zbot.ABS!tr.spy 20140522
GData Trojan.GenericKD.1686549 20140522
Malwarebytes Spyware.Zbot.VXGen 20140522
McAfee Artemis!E0D6B40254FD 20140522
McAfee-GW-Edition Artemis!E0D6B40254FD 20140522
Microsoft PWS:Win32/Zbot 20140522
eScan Trojan.GenericKD.1686549 20140522
nProtect Trojan.GenericKD.1686549 20140522
Panda Generic Malware 20140522
Qihoo-360 Win32/Trojan.636 20140522
Symantec WS.Reputation.1 20140522
Tencent Win32.Trojan-spy.Zbot.Akew 20140522
TrendMicro-HouseCall TROJ_GEN.R0CBH07EK14 20140522
VIPRE Trojan.Win32.Generic!BT 20140522
AegisLab 20140522
Yandex 20140522
AhnLab-V3 20140521
Bkav 20140521
ByteHero 20140522
CAT-QuickHeal 20140522
ClamAV 20140522
CMC 20140521
Commtouch 20140522
Comodo 20140522
DrWeb 20140522
F-Prot 20140522
Ikarus 20140522
Jiangmin 20140522
K7AntiVirus 20140521
K7GW 20140521
Kingsoft 20140522
NANO-Antivirus 20140522
Norman 20140522
Rising 20140522
Sophos AV 20140522
SUPERAntiSpyware 20140522
TheHacker 20140520
TotalDefense 20140522
TrendMicro 20140522
VBA32 20140522
ViRobot 20140522
Zillya 20140521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 TripleNet Group

Publisher TripleNet Group
Product Provide Internal Communication Utility
Original name provcomm
Internal name prov int comm
File version 4.2.7.2
Description Provide Internal Communication Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-18 20:52:11
Entry Point 0x000038B0
Number of sections 8
PE sections
PE imports
PropertySheetA
CreatePatternBrush
LineTo
DeleteDC
AddFontResourceA
CreateBitmap
CreatePalette
GetStockObject
CreateDIBitmap
CreateSolidBrush
Rectangle
SelectObject
DeleteObject
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetConsoleMode
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
GetQueuedCompletionStatus
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetHandleCount
CreateIoCompletionPort
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
FormatMessageA
SetStdHandle
RaiseException
UnhandledExceptionFilter
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetConsoleCP
ResetEvent
IsValidCodePage
HeapCreate
CreateFileW
GetConsoleWindow
InterlockedDecrement
Sleep
SetLastError
ReadConsoleW
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
WriteConsoleW
InterlockedIncrement
SysFreeString
SysAllocString
Ord(680)
SHGetPathFromIDListW
SHBrowseForFolderW
StrStrIA
GetMessageA
GetForegroundWindow
GetParent
UpdateWindow
BeginPaint
DefWindowProcW
KillTimer
ShowWindow
SetClassLongA
GetWindowThreadProcessId
GetSystemMetrics
IsWindow
DispatchMessageA
EndPaint
SetDlgItemTextA
EnumDesktopsA
GetDlgItemTextA
TranslateMessage
GetSysColor
GetDC
RegisterClassExA
ReleaseDC
SendMessageW
SendMessageA
GetDlgItem
SetScrollPos
InvalidateRect
SetTimer
LoadCursorA
LoadIconA
GetActiveWindow
GetWindowTextA
DestroyWindow
midiStreamOpen
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.2.7.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
215552

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 TripleNet Group

FileVersion
4.2.7.2

TimeStamp
2014:05:18 21:52:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
prov int comm

FileAccessDate
2014:06:14 01:04:53+01:00

ProductVersion
4.2.7.2

FileDescription
Provide Internal Communication Utility

OSVersion
5.1

FileCreateDate
2014:06:14 01:04:53+01:00

OriginalFilename
provcomm

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TripleNet Group

CodeSize
53760

ProductName
Provide Internal Communication Utility

ProductVersionNumber
4.2.7.2

EntryPoint
0x38b0

ObjectFileType
Executable application

File identification
MD5 e0d6b40254fd9ec8215ac9e63d3032b3
SHA1 6a31ecd70af898d02853c15f1b2add79fe169b8a
SHA256 f531717366e75786baf485a95fce28cbf4e23a61bf0e3c444d6fb3400885cbf8
ssdeep
6144:YJsv9d98neiRDUDD1bOmzMgpQZ1mXK4kDUvQPJ8pku:f1d98eIGAKMTZQzyiQQr

imphash 659aa421b5e7f80acc3dca4bf23b73c2
File size 264.0 KB ( 270336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-19 11:26:54 UTC ( 4 years, 10 months ago )
Last submission 2014-05-19 13:30:09 UTC ( 4 years, 10 months ago )
File names provcomm
prov int comm
2.exe
e0d6b40254fd9ec8215ac9e63d3032b3
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections