× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f78dd348d39061bbef7908a90071c7c2641a5ab5d2483edcb6fb781fb2d7f93f
File name: 45403
Detection ratio: 25 / 57
Analysis date: 2016-04-02 07:17:07 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
AegisLab Nettool.W32.Gen!c 20160402
Antiy-AVL GrayWare[:not-a-virus]/Win32.Downloader.gen 20160402
Avast Win32:PUP-gen [PUP] 20160402
Avira (no cloud) DR/ICQMonitor.11.3 20160402
AVware Trojan.Win32.Generic!BT 20160402
CMC NetTool.Win32.ICQMonitor!O 20160401
Comodo Application.Win32.NetTool.ICQMonitor.11 20160402
Cyren W32/Tool.KGNA-1443 20160402
DrWeb Tool.Siggen.6266 20160402
ESET-NOD32 a variant of Win32/AIMSniffer.A potentially unsafe 20160402
F-Prot W32/HackToolX.SU 20160402
Fortinet Riskware/ICQMonitor 20160401
Ikarus not-a-virus:NetTool.Win32.ICQMonitor 20160402
Kaspersky not-a-virus:NetTool.Win32.ICQMonitor.11 20160402
Malwarebytes PUP.Optional.ICQSniffer 20160402
McAfee HTool-ICQSniffer 20160402
McAfee-GW-Edition HTool-ICQSniffer 20160402
Microsoft MonitoringTool:Win32/HTTPICQSniffer 20160402
NANO-Antivirus Riskware.Win32.ICQMonitor.crpadi 20160402
Panda Generic Malware 20160401
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160402
Sophos AV Generic PUA FA (PUA) 20160402
Tencent Win32.Trojan.Generic.Phqf 20160402
VIPRE Trojan.Win32.Generic!BT 20160402
ViRobot Adware.Icqmonitor.930333[h] 20160402
Ad-Aware 20160402
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160402
Arcabit 20160402
AVG 20160402
Baidu 20160402
Baidu-International 20160401
BitDefender 20160402
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160402
Emsisoft 20160402
F-Secure 20160402
GData 20160402
Jiangmin 20160402
K7AntiVirus 20160402
K7GW 20160402
Kingsoft 20160402
eScan 20160402
nProtect 20160401
Qihoo-360 20160402
SUPERAntiSpyware 20160402
Symantec 20160331
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160402
TrendMicro-HouseCall 20160402
VBA32 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description ICQ Sniffer v1.2 Evaluation Version Installation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-10-25 19:47:11
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 96372def6a94179fd7a75127e570c689
File type data
Offset 14848
Size 915485
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
1.2.0.0

ETech2006
XXXXXXXXXXXXXXXXXXXX

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ICQ Sniffer v1.2 Evaluation Version Install

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
5632

EntryPoint
0x21af

MIMEType
application/octet-stream

On
eVersion

TimeStamp
2001:10:25 21:47:11+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
EffeTech

CodeSize
8704

FileSubtype
0

ProductVersionNumber
1.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 bb89a7e88978648c89df69adb1fc99df
SHA1 04a46ca58a0b64683301d00b8f6db3e992c598ac
SHA256 f78dd348d39061bbef7908a90071c7c2641a5ab5d2483edcb6fb781fb2d7f93f
ssdeep
24576:0HJduFt5v/prq2wXSsNrmiE4ZUnzpQoJ2tSvTBVsVWSkf:GJMzEScr41nDJjTBVgWSg

authentihash 533a3d6d87c670d88893d376e31f274501450f708768c761e8edc69e92d37690
imphash e41c25ab7824b3df73334188c40518ae
File size 908.5 KB ( 930333 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (91.3%)
Win64 Executable (generic) (5.3%)
Win32 Dynamic Link Library (generic) (1.2%)
Win32 Executable (generic) (0.8%)
OS/2 Executable (generic) (0.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2006-11-12 20:11:23 UTC ( 12 years, 4 months ago )
Last submission 2018-05-26 02:08:22 UTC ( 9 months, 3 weeks ago )
File names IcqSniffer_trial_setup, orig.exe
45403
1738bd909fda8106a55c2b8483d31c05
bb89a7e88978648c89df69adb1fc99df
BB89A7E88978648C89DF69ADB1FC99DF
1023668
IcqSniffer_trial_setup.exe
1022689
bb89a7e88978648c89df69adb1fc99df.exe
IcqSniffer_trial_setup.exe
file-3693267_exe
ICQ_Sniffer_26985.exe
1002-04a46ca58a0b64683301d00b8f6db3e992c598ac
f78dd348d39061bbef7908a90071c7c2641a5ab5d2483edcb6fb781fb2d7f93f
file-290318_exe
bb89a7e88978648c89df69adb1fc99df04a46ca58a0b64683301d00b8f6db3e992c598ac930333.exe
icqsniffer_trial_setup.exe
04a46ca58a0b64683301d00b8f6db3e992c598ac.bin
f78dd348d39061bbef7908a90071c7c2641a5ab5d2483edcb6fb781fb2d7f93f.dat
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0EBB01JF15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!