× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7fa6cbdee4157c4b2e511f695c29c97b4fa3af715d6198703f13f76dd6b7428
File name: F7FA6CBDEE4157C4B2E511F695C29C97B4FA3AF715D6198703F13F76DD6B7428
Detection ratio: 26 / 53
Analysis date: 2016-07-09 07:08:40 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.Cerber.1 20160709
Arcabit Trojan.Ransom.Cerber.1 20160709
Avast Win32:Trojan-gen 20160709
AVG Crypt5.BWDG 20160709
AVware Trojan.Win32.Reveton.a (v) 20160709
Baidu Win32.Trojan.WisdomEyes.151026.9950.9982 20160706
BitDefender Trojan.Ransom.Cerber.1 20160709
Cyren W32/Ransom.ZGPC-2069 20160709
Emsisoft Trojan.Ransom.Cerber.1 (B) 20160709
ESET-NOD32 a variant of Win32/Kryptik.FBSQ 20160708
F-Secure Trojan.Ransom.Cerber.1 20160709
GData Trojan.Ransom.Cerber.1 20160709
Ikarus Trojan.Win32.Crypt 20160709
Jiangmin Downloader.LMN.don 20160709
K7AntiVirus Trojan ( 004f3b201 ) 20160709
K7GW Trojan ( 004f3b201 ) 20160709
Kaspersky not-a-virus:HEUR:Downloader.Win32.LMN.gen 20160709
McAfee RDN/Generic.dx 20160709
McAfee-GW-Edition BehavesLike.Win32.PackedAP.ch 20160709
Microsoft TrojanDownloader:Win32/Talalpek.A 20160709
eScan Trojan.Ransom.Cerber.1 20160709
nProtect Trojan.Ransom.Cerber.1 20160708
Sophos AV Mal/Generic-S 20160709
Symantec Suspicious.Cloud.9 20160709
Tencent Win32.Trojan.Kryptik.Eem 20160709
VIPRE Trojan.Win32.Reveton.a (v) 20160709
AegisLab 20160709
AhnLab-V3 20160708
Alibaba 20160708
ALYac 20160709
Antiy-AVL 20160709
Bkav 20160708
CAT-QuickHeal 20160708
ClamAV 20160709
CMC 20160704
Comodo 20160708
DrWeb 20160709
F-Prot 20160709
Fortinet 20160709
Kingsoft 20160709
Malwarebytes 20160709
NANO-Antivirus 20160708
Panda 20160708
Qihoo-360 20160709
SUPERAntiSpyware 20160709
TheHacker 20160709
TrendMicro 20160709
TrendMicro-HouseCall 20160709
VBA32 20160708
ViRobot 20160709
Yandex 20160708
Zillya 20160708
Zoner 20160709
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2008-2010 ashampoo Technology GmbH Co. KG

Internal name Ashampoo AMF Slave
File version 0.0.0.0 alpha
Description Ashampoo AMF Slave
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-08 09:23:20
Entry Point 0x00001200
Number of sections 4
PE sections
PE imports
RegDeleteValueW
RegCloseKey
RegSetValueExW
GetUserNameW
RegEnumValueW
RegOpenKeyExW
GetUserNameA
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
GetEnhMetaFileA
GetDIBColorTable
DeleteEnhMetaFile
CreateHalftonePalette
EnumFontsW
GdiPlayPageEMF
EndPath
GdiConvertAndCheckDC
GetTextExtentPointI
GetTextExtentExPointA
DeleteDC
GdiGetBatchLimit
SetBkMode
SetLayout
EndDoc
FillPath
CreateDCW
GetCharWidthA
CreateDIBSection
CreateBitmapIndirect
EnumFontFamiliesA
GetTextExtentPointW
CreatePatternBrush
EnableEUDC
DeleteColorSpace
DrawEscape
GetBkMode
AbortPath
GetGraphicsMode
GdiFlush
SetROP2
CreateCompatibleDC
HT_Get8BPPMaskPalette
CloseEnhMetaFile
PolyPolygon
ScaleViewportExtEx
EndPage
CloseFigure
DeleteObject
GetTextExtentPoint32A
GdiInitSpool
CloseMetaFile
CancelDC
CreateSolidBrush
SetSystemPaletteUse
CopyMetaFileA
BeginPath
AbortDoc
DeleteMetaFile
AddFontResourceW
SetThreadLocale
GetStdHandle
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
SetThreadPriorityBoost
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
WideCharToMultiByte
GetProcAddress
WritePrivateProfileStructA
InterlockedExchange
WriteFile
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
SetFileAttributesA
FreeLibrary
LocalFree
FormatMessageW
GetEnvironmentVariableA
OutputDebugStringW
FormatMessageA
SetLastError
GetSystemTime
ReadConsoleInputA
GetModuleFileNameW
CopyFileA
HeapAlloc
LoadLibraryA
QueryPerformanceFrequency
GetPrivateProfileStringA
Module32First
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
GetProcessPriorityBoost
ExitThread
SetHandleInformation
TerminateProcess
SearchPathW
GetCommState
GetCurrentThreadId
LeaveCriticalSection
SleepEx
WriteConsoleW
HeapFree
EnterCriticalSection
TerminateThread
WriteConsoleInputA
lstrcmpiA
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
GetVersionExA
lstrcmpiW
GetStartupInfoA
GetWindowsDirectoryW
GetPrivateProfileIntA
DeleteFileA
GetWindowsDirectoryA
WaitForMultipleObjects
GetProcessHeap
GetComputerNameW
GlobalReAlloc
WaitNamedPipeA
lstrcpyA
lstrcmpW
IsValidLanguageGroup
GetBinaryTypeA
SetCommTimeouts
CreateEventA
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
InitializeCriticalSection
FlushConsoleInputBuffer
lstrlenA
GetEnvironmentStringsA
GetThreadLocale
LockFile
Process32NextW
OpenFile
GetCurrentProcessId
CopyFileExA
GetBinaryTypeW
SetConsoleTitleW
RaiseException
SetFilePointer
ReadFile
CloseHandle
PeekConsoleInputA
SetThreadExecutionState
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
ExtractIconA
ShellExecuteExA
SHGetIconOverlayIndexA
SHBrowseForFolderA
DragFinish
ExtractIconExA
SHGetDesktopFolder
ExtractIconW
DragQueryPoint
SHGetFolderPathA
ExtractAssociatedIconExA
SHGetSpecialFolderLocation
SHInvokePrinterCommandA
SHFileOperation
ExtractAssociatedIconA
SHQueryRecycleBinA
SHGetSpecialFolderPathW
ShellExecuteA
SHBrowseForFolderW
StrStrA
StrCmpNIW
StrChrA
StrRStrIA
StrRChrIW
SetFocus
GetForegroundWindow
EndDialog
GetScrollPos
KillTimer
CharToOemBuffA
MessageBoxW
GetWindowRect
RegisterClipboardFormatA
DialogBoxParamW
MessageBoxA
CharLowerW
PostMessageW
SwapMouseButton
MapDialogRect
SendMessageW
IsZoomed
SetWindowTextW
GetDlgItem
SetTimer
GetWindowTextW
LoadCursorW
SetForegroundWindow
SetCursor
__p__fmode
malloc
_acmdln
_wcsnicmp
_mbsicmp
_mbslwr
_snwprintf
fprintf
wcsrchr
_vsnwprintf
_cexit
wcslen
_c_exit
_abnormal_termination
setlocale
_mbscmp
_open
__initenv
wcscmp
exit
_XcptFilter
strrchr
__setusermatherr
_adjust_fdiv
_close
_except_handler3
_mbscpy
_wcsicmp
iswctype
wcschr
__p__commode
_mbsinc
wcsncmp
__getmainargs
fwprintf
_write
_exit
memmove
wcscpy
_mbsnbicmp
_initterm
_controlfp
__set_app_type
_mbsnbcmp
_iob
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
SubsystemVersion
5.0

ampooAMFSlave
2ProductVersion

LinkerVersion
9.0

galTrademarks2
@ OriginalFilename

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ashampoo AMF Slave

CharacterSet
Unicode

InitializedDataSize
60416

EntryPoint
0x1200

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2008-2010 ashampoo Technology GmbH Co. KG

Tag0a
D

FileVersion
0.0.0.0 alpha

LegalTrademarks1
(

TimeStamp
2016:07:08 10:23:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ashampoo AMF Slave

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ashampoo

CodeSize
121344

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Tag_slvexe
FProductName

File identification
MD5 0924042f1ebcc49dccd4f471808ce7ec
SHA1 44f4f0663395008988436398a14ce0a3aaff3f32
SHA256 f7fa6cbdee4157c4b2e511f695c29c97b4fa3af715d6198703f13f76dd6b7428
ssdeep
3072:/u7NvoLsrEoDmnEDj9P8UWplqVUzoPkb+iKUywYWa6:+Nva8EoDmn+j9EUWplqVUEcbopwYWa

authentihash 440929c35df79118cf922858da6d9020e83b3cbcb6f1baa9689fb8cb66f03b34
imphash f562d31b4c56095fba29ad09bbe99d2f
File size 178.5 KB ( 182784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-07 16:10:26 UTC ( 2 years, 7 months ago )
Last submission 2016-08-13 05:34:47 UTC ( 2 years, 6 months ago )
File names Ashampoo AMF Slave
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications