× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff586dde9a8c2a0fa4379438c53938aac4b2d1423ace4e508f7124ce4a3e433a
File name: file-7046895_vir
Detection ratio: 24 / 51
Analysis date: 2014-05-29 14:00:06 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1697321 20140529
Avast Win32:Malware-gen 20140529
BitDefender Trojan.GenericKD.1697321 20140529
Commtouch W32/Trojan.WNDV-4515 20140529
Emsisoft Trojan.GenericKD.1697321 (B) 20140529
ESET-NOD32 a variant of Generik.JQIVIEW 20140529
F-Prot W32/Trojan3.IMM 20140529
F-Secure Trojan.GenericKD.1697321 20140529
GData Trojan.GenericKD.1697321 20140529
Ikarus Trojan-Spy.Zbot 20140529
Kaspersky Trojan-Downloader.Win32.Dofoil.anqk 20140529
Malwarebytes Trojan.FakeMS 20140529
McAfee Trojan-FCXT!797F8D6DA6C1 20140529
McAfee-GW-Edition Artemis!797F8D6DA6C1 20140529
Microsoft TrojanDownloader:Win32/Kuluoz.D 20140529
eScan Trojan.GenericKD.1697321 20140529
Norman Dropper.KW 20140529
nProtect Trojan.GenericKD.1697321 20140529
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140529
Sophos Troj/Agent-AHGG 20140529
Symantec Trojan.Asprox.B 20140529
TrendMicro TROJ_MIPC.008575ET14 20140529
TrendMicro-HouseCall TROJ_MIPC.008575ET14 20140529
VIPRE Trojan.Win32.Generic.pak!cobra 20140529
Yandex 20140529
AhnLab-V3 20140529
AntiVir 20140529
Antiy-AVL 20140529
AVG 20140529
Baidu-International 20140529
Bkav 20140529
ByteHero 20140529
CAT-QuickHeal 20140529
ClamAV 20140529
CMC 20140529
Comodo 20140529
DrWeb 20140529
Fortinet 20140529
Jiangmin 20140529
K7AntiVirus 20140528
K7GW 20140528
Kingsoft 20140529
NANO-Antivirus 20140529
Panda 20140529
Qihoo-360 20140529
SUPERAntiSpyware 20140529
Tencent 20140529
TheHacker 20140529
TotalDefense 20140529
VBA32 20140529
ViRobot 20140529
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name SYNCAPP.EXE
Internal name syncapp
File version 5.1.2600.0 (xpclient.010817-1148)
Description Create a Briefcase
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-28 17:15:50
Entry Point 0x000014F0
Number of sections 4
PE sections
PE imports
RegOpenKeyExW
LineTo
MoveToEx
GetStockObject
RoundRect
Ellipse
Rectangle
GetLastError
DosDateTimeToFileTime
FileTimeToDosDateTime
QueryPerformanceCounter
GetTickCount
GetCurrentProcess
FileTimeToLocalFileTime
GetCurrentProcessId
lstrcatA
SetFileTime
GetWindowsDirectoryA
UnhandledExceptionFilter
GetModuleHandleA
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
SetFileAttributesA
TerminateProcess
LocalFileTimeToFileTime
Sleep
GetFileAttributesExA
CreateFileA
GetCurrentThreadId
VirtualAlloc
GetMessageA
CharNextExA
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
EndPaint
BeginPaint
DefWindowProcA
LoadCursorW
TranslateMessage
PostQuitMessage
ShowWindow
GetSysColor
RegisterClassExA
strncmp
__p__fmode
malloc
_ftol
fread
fclose
__doserrno
_stricmp
_tempnam
fprintf
toupper
printf
isdigit
fopen
_cexit
strncpy
_except_handler3
_c_exit
clock
fwrite
_open
__initenv
exit
_XcptFilter
_unlink
__setusermatherr
__p__commode
_strdup
_close
strchr
tolower
_adjust_fdiv
_eof
free
strpbrk
atoi
atol
__getmainargs
_write
_exit
_stat
_vsnprintf
ctime
_read
_errno
remove
_lseek
strspn
_mkdir
time
_strnicmp
_initterm
_controlfp
_iob
_ltoa
setvbuf
__set_app_type
Number of PE resources by type
RT_ICON 13
RT_DIALOG 5
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
ENGLISH UK 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
216064

EntryPoint
0x14f0

OriginalFileName
SYNCAPP.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2014:05:28 18:15:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
syncapp

ProductVersion
5.1.2600.0

FileDescription
Create a Briefcase

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
4096

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2600.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 797f8d6da6c1ca6a6f3f60c257d9f6c5
SHA1 3d75dfd156d7e49e27c433fddd0b6a7c46e516de
SHA256 ff586dde9a8c2a0fa4379438c53938aac4b2d1423ace4e508f7124ce4a3e433a
ssdeep
6144:CTqcRviWgb+digwHk5ZRVqsqWQyF3Zl5BopmkZtcofYw1PgMwS/qDHz8idr4N4G5:CTqAvi31

authentihash 78976e5c73b35a9a493bc0070726dab82c4c572a4964dca425cdac6690834fb8
imphash 93477113deb8d2c75825b7d3f490fca5
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-28 18:36:11 UTC ( 3 years ago )
Last submission 2015-06-12 12:30:10 UTC ( 1 year, 11 months ago )
File names Plaint_Note_May-28_Date_FN-SE-DC_2014.exe
plaint_note_may-28_date_fn-se-dc_2014.exe
lxdrpsxt.exe
eowjujbu.exe
Plaint_Note_May-28_Date_FN-SE-DC_2014.exe
file-7046895_vir
3581607.root_1_0.exe
797f8d6da6c1ca6a6f3f60c257d9f6c5
syncapp
vntpguri.exe
vti-rescan
ff586dde9a8c2a0fa4379438c53938aac4b2d1423ace4e508f7124ce4a3e433a.exe
otcobhpu.exe
008116801
797f8d6da6c1ca6a6f3f60c257d9f6c5.exe
SYNCAPP.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs