× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc27dbe3e4e1db4f986c6fa47d30529d76b392bbac8e88d7be435a77f9fd458b
File name: fc27dbe3e4e1db4f986c6fa47d30529d76b392bbac8e88d7be435a77f9fd458b
Detection ratio: 24 / 70
Analysis date: 2018-12-20 03:55:14 UTC ( 5 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan/Win32.Propagate 20181220
Avast Win32:Malware-gen 20181220
AVG Win32:Malware-gen 20181220
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cylance Unsafe 20181220
Cyren W32/Trojan.ZCNS-2545 20181220
DrWeb Trojan.PWS.Spy.21017 20181220
ESET-NOD32 a variant of Win32/GenKryptik.CUKX 20181219
F-Prot W32/Trojan3.ANLX 20181220
Fortinet W32/GenKryptik.CNMT!tr.ransom 20181220
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181219
K7GW Riskware ( 0040eff71 ) 20181219
Kaspersky UDS:DangerousObject.Multi.Generic 20181220
McAfee GenericRXGR-SX!FCD2002DB731 20181219
McAfee-GW-Edition Artemis 20181219
Microsoft Trojan:Win32/Cloxer.D!cl 20181219
NANO-Antivirus Trojan.Win32.Propagate.flgasr 20181219
Palo Alto Networks (Known Signatures) generic.ml 20181220
Panda Trj/GdSda.A 20181219
Qihoo-360 Win32/Trojan.Dropper.dd5 20181220
Trapmine malicious.moderate.ml.score 20181205
TrendMicro-HouseCall TROJ_GEN.R020H0CLJ18 20181220
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181220
Acronis 20180726
Ad-Aware 20181220
AegisLab 20181219
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181220
Arcabit 20181220
Avast-Mobile 20181219
Avira (no cloud) 20181220
Babable 20180918
Baidu 20181207
BitDefender 20181220
Bkav 20181219
CAT-QuickHeal 20181219
ClamAV 20181219
CMC 20181219
Comodo 20181220
Cybereason 20180225
eGambit 20181220
Emsisoft 20181220
Endgame 20181108
F-Secure 20181220
GData 20181220
Ikarus 20181219
Jiangmin 20181220
Kingsoft 20181220
Malwarebytes 20181219
MAX 20181220
eScan 20181219
Rising 20181219
SentinelOne (Static ML) 20181011
Sophos AV 20181219
SUPERAntiSpyware 20181212
Symantec 20181219
Symantec Mobile Insight 20181215
TACHYON 20181219
Tencent 20181220
TheHacker 20181216
TotalDefense 20181219
TrendMicro 20181219
Trustlook 20181220
VBA32 20181219
ViRobot 20181219
Webroot 20181220
Yandex 20181219
Zillya 20181219
Zoner 20181220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2000-2018 by Bitvise Limited.

Product Bitvise SSH Client
Original name BvSsh.exe
Internal name BvSshClient
File version 7.45.0.0
Description Bitvise SSH Client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:23:16
Entry Point 0x0000AEF2
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
GetWindowExtEx
SetMapMode
PatBlt
SaveDC
TextOutA
LPtoDP
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SelectObject
IntersectClipRect
BitBlt
SetTextColor
DPtoLP
GetObjectA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetTextExtentPointA
CreateCompatibleDC
ScaleViewportExtEx
DeleteObject
GetMapMode
SetWindowExtEx
GetTextColor
CreateSolidBrush
SetViewportExtEx
Escape
GetViewportExtEx
GetBkColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GlobalFindAtomA
HeapAlloc
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
SetEvent
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GlobalLock
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
ResetEvent
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
Ord(253)
SetFocus
RegisterClipboardFormatA
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
ClientToScreen
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
ExcludeUpdateRgn
GetActiveWindow
GetWindowTextA
EnumWindowStationsW
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
ShowWindow
GetPropA
GetNextDlgGroupItem
GetDesktopWindow
EnableWindow
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CopyRect
GetSysColorBrush
IsWindowUnicode
ReleaseDC
EndPaint
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
CharNextA
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
HideCaret
SetWindowContextHelpId
GetCapture
MessageBeep
ShowCaret
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
SetRect
InvalidateRect
wsprintfA
DefDlgProcA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
SnmpMgrClose
SnmpMgrOpen
SnmpMgrTrapListen
SnmpMgrRequest
SnmpMgrOidToStr
SnmpMgrGetTrap
SnmpMgrStrToOid
OleUninitialize
CLSIDFromString
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
SnmpUtilOidFree
SnmpUtilMemAlloc
SnmpUtilMemReAlloc
SnmpUtilMemFree
SnmpUtilVarBindListFree
SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.45.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Bitvise SSH Client

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
438272

EntryPoint
0xaef2

OriginalFileName
BvSsh.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2000-2018 by Bitvise Limited.

FileVersion
7.45.0.0

TimeStamp
2016:12:06 03:23:16-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
BvSshClient

ProductVersion
7.45

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bitvise Limited

CodeSize
139264

ProductName
Bitvise SSH Client

ProductVersionNumber
7.45.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fcd2002db731a7cd952aa4113107c750
SHA1 c35c639ea4fe482006737829d6017e5d7a173acf
SHA256 fc27dbe3e4e1db4f986c6fa47d30529d76b392bbac8e88d7be435a77f9fd458b
ssdeep
12288:iZ8MjxlWdbW7gi00OMZCj1V57Z4E7cRGo8sOgZQi00aE6XCIghiX+:6WdbW5jZCZWE7cRGo8sOgZQi00a9CIV

authentihash 7fc5cd12da4e56c30bdf6d8d63b9725c4650308339f6e79f6e2e854f048ba2c2
imphash 78bea0cb69e7b6b5028e66c9f180453a
File size 568.0 KB ( 581632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-19 21:46:06 UTC ( 5 months ago )
Last submission 2018-12-22 00:49:49 UTC ( 5 months ago )
File names BvSshClient
zbetcheckin_tracker_liwx.jpg
BvSsh.exe
liwx.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs