× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd724d5f1497648535ab59c7e6c4fcb13cbdb6375b7817526499a9d69ee1ca1c
File name: lanml.exe
Detection ratio: 20 / 57
Analysis date: 2016-10-25 16:28:19 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.99629 20161025
ALYac Gen:Variant.Razy.99629 20161025
Arcabit Trojan.Razy.D1852D 20161025
AVG Atros4.AKUL 20161025
Avira (no cloud) TR/Crypt.XPACK.Gen2 20161025
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9939 20161025
BitDefender Gen:Variant.Razy.99629 20161025
Bkav W32.eHeur.Malware08 20161025
CrowdStrike Falcon (ML) malicious_confidence_69% (D) 20160725
Emsisoft Gen:Variant.Razy.99629 (B) 20161025
ESET-NOD32 a variant of Win32/GenKryptik.IEY 20161025
F-Secure Gen:Variant.Razy.99629 20161025
GData Gen:Variant.Razy.99629 20161025
Sophos ML backdoor.win32.ircbot.fu 20161018
Kaspersky Trojan-Downloader.Win32.Kuluoz.wgo 20161025
eScan Gen:Variant.Razy.99629 20161025
Panda Trj/GdSda.A 20161025
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161025
Rising Malware.Generic!8qyDySuvA5S@2 (thunder) 20161025
Symantec Heur.AdvML.B 20161025
AegisLab 20161025
AhnLab-V3 20161025
Alibaba 20161025
Antiy-AVL 20161025
Avast 20161025
AVware 20161025
CAT-QuickHeal 20161025
ClamAV 20161025
CMC 20161025
Comodo 20161025
Cyren 20161025
DrWeb 20161025
F-Prot 20161025
Fortinet 20161025
Ikarus 20161025
Jiangmin 20161025
K7AntiVirus 20161025
K7GW 20161025
Kingsoft 20161025
Malwarebytes 20161025
McAfee 20161025
McAfee-GW-Edition 20161025
Microsoft 20161025
NANO-Antivirus 20161025
nProtect 20161025
Sophos AV 20161025
SUPERAntiSpyware 20161025
Tencent 20161025
TheHacker 20161025
TotalDefense 20161025
TrendMicro 20161025
TrendMicro-HouseCall 20161025
VBA32 20161025
VIPRE 20161025
ViRobot 20161025
Yandex 20161025
Zillya 20161025
Zoner 20161025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 1998-2014 by AceBIT GmbH

Product Password Depot
Original name pdVirtKbd.exe
Internal name pdVirtKbd
File version 8.1.8.0
Description Password Depot Virtual Keyboard
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-22 06:27:19
Entry Point 0x00009F10
Number of sections 4
PE sections
PE imports
RegEnumValueW
RegOpenKeyA
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExA
RegFlushKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
GetProcAddress
GetModuleHandleA
Sleep
LoadLibraryA
RedrawWindow
GetForegroundWindow
SetWindowRgn
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
IntersectRect
PeekMessageA
CharUpperBuffW
SetMenuItemInfoW
SendMessageW
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetKeyState
DefFrameProcW
OffsetRect
SendMessageA
IsWindowEnabled
GetClassInfoW
DefWindowProcW
DrawTextW
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
CountClipboardFormats
GetActiveWindow
OpenClipboard
GetWindowTextW
EnumClipboardFormats
MsgWaitForMultipleObjects
GetTopWindow
GetMenuItemID
DestroyWindow
DrawEdge
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
ShowWindow
DrawFrameControl
SetPropW
EnumDisplayMonitors
IsCharAlphaW
PeekMessageW
SetWindowsHookExW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
ChildWindowFromPoint
TranslateMessage
GetAsyncKeyState
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
SetClipboardData
GetIconInfo
SetParent
RegisterClassW
ScrollWindow
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
GetKeyboardLayoutList
DrawMenuBar
EnableMenuItem
GetSubMenu
GetDCEx
GetKeyboardLayout
FillRect
EnumThreadWindows
MonitorFromPoint
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
GetMenuStringW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
ReleaseCapture
SystemParametersInfoW
MsgWaitForMultipleObjectsEx
DefMDIChildProcW
GetScrollPos
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
SetTimer
GetClipboardData
GetSystemMetrics
IsIconic
SetScrollRange
TrackPopupMenu
GetWindowRect
InflateRect
SetCapture
DrawIcon
EnumChildWindows
GetScrollRange
GetMessageExtraInfo
CharLowerW
ShowOwnedPopups
PostMessageW
InvalidateRect
WaitMessage
CreatePopupMenu
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
PtInRect
DrawIconEx
SetWindowTextW
CreateMenu
GetDlgItem
RemovePropW
FindWindowW
ClientToScreen
SetKeyboardState
LoadCursorA
GetKeyboardState
GetMenuItemCount
GetMenuState
IsDialogMessageW
LoadCursorW
GetSystemMenu
FindWindowExW
DispatchMessageW
InsertMenuW
SetForegroundWindow
SetFocus
GetMenuItemInfoW
EmptyClipboard
CharLowerBuffW
DrawTextExW
GetScrollInfo
HideCaret
CreateIconIndirect
GetCapture
BeginPaint
ScreenToClient
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
GetMenu
SetMenu
LoadKeyboardLayoutW
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
CreateIcon
RegisterClipboardFormatW
SetScrollInfo
CopyImage
GetDoubleClickTime
DestroyIcon
IsWindowVisible
GetDesktopWindow
SetCursorPos
IsCharAlphaNumericW
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
CharNextW
CallWindowProcW
GetClassNameW
UnregisterClassW
TranslateMDISysAccel
GetClientRect
IsRectEmpty
GetCursor
GetFocus
InsertMenuItemW
CloseClipboard
ShowCaret
UnhookWindowsHookEx
SetCursor
Number of PE resources by type
RT_STRING 21
RT_ICON 12
RT_BITMAP 10
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 39
NEUTRAL 25
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
101376

ImageVersion
0.0

ProductName
Password Depot

FileVersionNumber
8.1.8.0

LanguageCode
Unknown (1407)

FileFlagsMask
0x003f

FileDescription
Password Depot Virtual Keyboard

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
pdVirtKbd.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.1.8.0

TimeStamp
2016:10:22 07:27:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pdVirtKbd

ProductVersion
8.1.8

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
1998-2014 by AceBIT GmbH

MachineType
Intel 386 or later, and compatibles

CompanyName
AceBIT GmbH

CodeSize
38400

FileSubtype
0

ProductVersionNumber
8.1.8.0

EntryPoint
0x9f10

ObjectFileType
Executable application

File identification
MD5 67d7df129325c7c836ab752a08d08a80
SHA1 0c2a6d6fcd1d7c2865fb70a8dc3fc25ed1770900
SHA256 fd724d5f1497648535ab59c7e6c4fcb13cbdb6375b7817526499a9d69ee1ca1c
ssdeep
1536:lzIE6Uj1+dQW8dnqMf2k58TxLqoW8V9y63F65XZDuxBf7U:iU+dQWAGJTx2oW8K63IXZD4f7

authentihash 43cf1aeb02a82efd7a8445cb9abd88570268480cab99311ff522bc3ce5467674
imphash f9c9e151eb0b37e456c36379be5474d4
File size 137.0 KB ( 140288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe suspicious-dns

VirusTotal metadata
First submission 2016-10-25 16:28:19 UTC ( 2 years, 3 months ago )
Last submission 2016-10-25 16:28:19 UTC ( 2 years, 3 months ago )
File names pdVirtKbd
lanml.exe
pdVirtKbd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications