× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9f5afeb7b1ed8494468da91fff0aef69468e3de1b246df5aae990d6c854c605
File name: ab75b64a134b1c8e358bd1c936761f5e88a02e3a
Detection ratio: 5 / 57
Analysis date: 2015-09-24 18:23:50 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.CryptoWall 20150924
Bkav HW32.Packed.83E1 20150923
DrWeb Trojan.DownLoader16.41433 20150924
K7AntiVirus Trojan ( 004ce30e1 ) 20150924
K7GW Trojan ( 004ce30e1 ) 20150924
Ad-Aware 20150924
AegisLab 20150924
Yandex 20150923
Alibaba 20150924
ALYac 20150924
Antiy-AVL 20150924
Arcabit 20150924
Avast 20150924
AVG 20150924
Avira (no cloud) 20150924
AVware 20150924
Baidu-International 20150924
BitDefender 20150924
ByteHero 20150924
CAT-QuickHeal 20150924
ClamAV 20150924
CMC 20150922
Comodo 20150924
Cyren 20150924
Emsisoft 20150924
ESET-NOD32 20150924
F-Prot 20150924
F-Secure 20150924
Fortinet 20150924
GData 20150924
Ikarus 20150924
Jiangmin 20150922
Kaspersky 20150924
Kingsoft 20150924
Malwarebytes 20150924
McAfee 20150924
McAfee-GW-Edition 20150924
Microsoft 20150924
eScan 20150924
NANO-Antivirus 20150924
nProtect 20150924
Panda 20150924
Qihoo-360 20150924
Rising 20150924
Sophos AV 20150924
SUPERAntiSpyware 20150924
Symantec 20150923
Tencent 20150924
TheHacker 20150923
TotalDefense 20150924
TrendMicro 20150924
TrendMicro-HouseCall 20150924
VBA32 20150924
VIPRE 20150924
ViRobot 20150924
Zillya 20150924
Zoner 20150924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2012

Publisher
Product FortiClient
Original name FortiClient .exe
Internal name FortiClient
File version 1, 0, 0, 1
Description FortiClient
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-20 19:30:01
Entry Point 0x000078BF
Number of sections 4
PE sections
Overlays
MD5 81b93c1b0867aacb2214d9172a9dcbda
File type data
Offset 307200
Size 512
Entropy 7.64
PE imports
GetObjectA
SelectObject
CreateCompatibleDC
StretchBlt
CreateFontIndirectW
GetSystemTime
GetStartupInfoA
GlobalMemoryStatus
GetStringTypeA
GetModuleHandleA
GetModuleFileNameW
FindFirstFileA
CreateProcessW
GetDateFormatW
FindNextFileW
CreateFileW
SetEndOfFile
GetThreadTimes
GlobalUnlock
GlobalLock
Ord(6197)
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(6650)
Ord(6375)
Ord(2648)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(6614)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(2864)
Ord(4892)
Ord(6172)
Ord(6215)
Ord(5875)
Ord(4441)
Ord(1725)
Ord(5277)
Ord(6591)
Ord(815)
Ord(641)
Ord(6858)
Ord(6835)
Ord(4353)
Ord(2514)
Ord(6845)
Ord(2554)
Ord(5199)
Ord(3574)
Ord(4465)
Ord(4108)
Ord(609)
Ord(5300)
Ord(6816)
Ord(4425)
Ord(6691)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(6478)
Ord(2982)
Ord(3402)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4531)
Ord(567)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(6514)
Ord(4078)
Ord(3089)
Ord(6376)
Ord(6817)
Ord(1727)
Ord(823)
Ord(5785)
Ord(6597)
Ord(2379)
Ord(2725)
Ord(640)
Ord(3874)
Ord(4998)
Ord(6856)
Ord(800)
Ord(3749)
Ord(4899)
Ord(6847)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(6807)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(6814)
Ord(4284)
Ord(3262)
Ord(5241)
Ord(1576)
Ord(6857)
Ord(2575)
Ord(3748)
Ord(5065)
Ord(6867)
Ord(6846)
Ord(4275)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6839)
Ord(4545)
Ord(5280)
Ord(6453)
Ord(4960)
Ord(6815)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(6052)
Ord(4376)
Ord(1776)
Ord(2450)
Ord(4347)
Ord(324)
Ord(6800)
Ord(3830)
Ord(5281)
Ord(4720)
Ord(3079)
Ord(2512)
Ord(4396)
Ord(2055)
Ord(6054)
Ord(4837)
Ord(4340)
Ord(3571)
Ord(6855)
Ord(6832)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(6812)
Ord(4622)
Ord(561)
Ord(1640)
Ord(4543)
Ord(2302)
Ord(4486)
Ord(2385)
Ord(4529)
Ord(6859)
Ord(4698)
Ord(4370)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(6823)
Ord(4673)
Ord(4889)
Ord(4432)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
__dllonexit
_setmbcp
?terminate@@YAXXZ
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_onexit
_controlfp
_adjust_fdiv
__set_app_type
Shell_NotifyIconA
EmptyClipboard
EnableMenuItem
LoadIconA
InvalidateRect
GetWindowRect
SendMessageA
EnableWindow
SetCapture
IsDlgButtonChecked
ReleaseCapture
GetDlgItemTextA
GetDesktopWindow
GetClientRect
CopyRect
ReleaseDC
PostQuitMessage
SetForegroundWindow
IsIconic
LoadBitmapA
GetDC
PtInRect
Number of PE resources by type
RT_ICON 6
RT_BITMAP 2
24 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
CHINESE SIMPLIFIED 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
274432

ImageVersion
0.0

ProductName
FortiClient

FileVersionNumber
1.0.0.1

LanguageCode
German

FileFlagsMask
0x003f

FileDescription
FortiClient

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
FortiClient .exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2015:09:20 20:30:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FortiClient

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.32

FileOS
Windows NT 32-bit

LegalCopyright
(C) 2012

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x78bf

ObjectFileType
Executable application

File identification
MD5 941804f86c9e6d3fecd70aaeabab007a
SHA1 24d8e4854bc264507bc6d8cfe047c48c60a60fd7
SHA256 f9f5afeb7b1ed8494468da91fff0aef69468e3de1b246df5aae990d6c854c605
ssdeep
6144:PnmohFNxykSaek1X12Yv3ORaDv31ChsRtwcD7IV7hZXSzLkzTN2s96ih6j:5FNxykSaek1lWEvQK7sRh6j

authentihash 3c3eaa526086cb5770c8b3090fc090833eadcd9cc7e8fda74fd325ad15da9e4d
imphash 95eb440b4fd60af89de84b2be65431ca
File size 300.5 KB ( 307712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-24 18:23:50 UTC ( 3 years, 6 months ago )
Last submission 2015-09-24 18:23:50 UTC ( 3 years, 6 months ago )
File names FortiClient .exe
SysResetErr.exe
FortiClient
ab75b64a134b1c8e358bd1c936761f5e88a02e3a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
UDP communications