Antivirus scan for 4ad4a5e11b0ba2ebaae1fa2d7185718c8a113ced52a4b5df0a050fcbf0bfdcbb at 2013-08-16 23:47:07 UTC

Antivirus	Résultat	Mise à jour
Kaspersky	Backdoor.Win32.ZAccess.cxxo	20130817
Malwarebytes	Backdoor.0Access	20130816
Panda	Suspicious file	20130816
Sophos AV	Troj/ZAccess-PI	20130816
Yandex		20130816
AhnLab-V3		20130816
AntiVir		20130816
Antiy-AVL		20130816
Avast		20130817
AVG		20130816
BitDefender		20130817
ByteHero		20130814
CAT-QuickHeal		20130816
ClamAV		20130816
Commtouch		20130817
Comodo		20130816
DrWeb		20130817
Emsisoft		20130817
ESET-NOD32		20130816
F-Prot		20130817
F-Secure		20130817
Fortinet		20130817
GData		20130817
Ikarus		20130816
Jiangmin		20130816
K7AntiVirus		20130816
K7GW		20130816
Kingsoft		20130723
McAfee		20130817
McAfee-GW-Edition		20130816
Microsoft		20130816
eScan		20130817
NANO-Antivirus		20130817
Norman		20130816
nProtect		20130816
PCTools		20130816
Rising		20130816
SUPERAntiSpyware		20130816
Symantec		20130816
TheHacker		20130816
TotalDefense		20130816
TrendMicro		20130817
TrendMicro-HouseCall		20130816
VBA32		20130816
VIPRE		20130817
ViRobot		20130816

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Publisher TorchSoft

Product Registry Workshop

Original name RegWorkshop.dll

Internal name Registry Workshop

File version 4, 1, 0, 0

Description Registry Workshop

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2013-08-16 10:59:01

Entry Point 0x00003535

Number of sections 5

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 78624 78848 7.73 9900611a6d6ff4191b6cd6ea22bb22d1

.rdata 86016 27434 27648 6.88 b20bd03c27749bf4d6cd953591066b68

.data 114688 64728 29184 7.67 c7ec45a9963058d60c4996b8eb1a4945

.rsrc 180224 8008 8192 3.86 8b1f05137d632d3d57f2b126113cbcf5

.reloc 188416 2226 2560 3.18 aca6c89063776a7b8c32ff5a064cdb05

PE imports

GetStdHandle

GetConsoleOutputCP

FileTimeToSystemTime

WaitForSingleObject

HeapDestroy

DebugBreak

GetFileAttributesW

SystemTimeToTzSpecificLocalTime

DeleteCriticalSection

GetCurrentProcess

GetConsoleMode

GetLocaleInfoA

LocalAlloc

ExpandEnvironmentStringsA

FreeEnvironmentStringsW

lstrcatW

GetLocaleInfoW

SetStdHandle

GetCPInfo

GetStringTypeA

InterlockedExchange

GetTempPathW

HeapReAlloc

GetStringTypeW

GetOEMCP

LocalFree

FormatMessageW

InitializeCriticalSection

LoadResource

FindClose

TlsGetValue

FindNextChangeNotification

WritePrivateProfileStringW

SetLastError

InterlockedDecrement

CopyFileW

OutputDebugStringW

OpenEventW

GetModuleFileNameW

IsDebuggerPresent

HeapAlloc

VerLanguageNameW

GetModuleFileNameA

LoadLibraryA

EnumSystemLocalesA

SetConsoleCtrlHandler

GetUserDefaultLCID

WritePrivateProfileSectionW

UnhandledExceptionFilter

LoadLibraryExW

MultiByteToWideChar

FatalAppExitA

FlushInstructionCache

GetPrivateProfileStringW

MoveFileW

GetModuleHandleA

CreateThread

GetSystemDirectoryW

SetUnhandledExceptionFilter

MulDiv

IsProcessorFeaturePresent

SetEnvironmentVariableA

TerminateProcess

FindCloseChangeNotification

WriteConsoleA

GlobalAlloc

GetVersion

InterlockedIncrement

WriteConsoleW

InitializeCriticalSectionAndSpinCount

HeapFree

EnterCriticalSection

SetHandleCount

LoadLibraryW

GetVersionExW

FreeLibrary

QueryPerformanceCounter

TlsAlloc

FlushFileBuffers

lstrcmpiW

RtlUnwind

GlobalSize

GetStartupInfoA

GetDateFormatA

GetWindowsDirectoryW

GetFileSize

GetModuleHandleW

GetDateFormatW

GetStartupInfoW

CreateDirectoryW

DeleteFileW

GetProcAddress

GetPrivateProfileIntW

GetProcessHeap

GetTempFileNameW

GetComputerNameW

CompareStringW

lstrcpyW

RemoveDirectoryW

ExpandEnvironmentStringsW

FindNextFileW

GetTimeFormatA

FindFirstFileW

IsValidLocale

lstrcmpW

WaitForMultipleObjects

SetEvent

CreateEventW

CreateFileW

GetFileType

TlsSetValue

CreateFileA

ExitProcess

LeaveCriticalSection

GetLastError

LCMapStringW

lstrlenA

GetConsoleCP

FindResourceW

LCMapStringA

GetEnvironmentStringsW

GlobalUnlock

VirtualQuery

lstrlenW

WinExec

FindFirstChangeNotificationW

SizeofResource

GetCurrentProcessId

LockResource

GetCommandLineW

WideCharToMultiByte

HeapSize

InterlockedCompareExchange

GetCurrentThread

lstrcpynW

GetSystemDefaultLangID

RaiseException

CompareStringA

TlsFree

SetFilePointer

ReadFile

CloseHandle

lstrcpynA

GetACP

GlobalLock

GetCurrentThreadId

GetFileAttributesExW

IsValidCodePage

HeapCreate

WriteFile

VirtualFree

Sleep

VirtualAlloc

ResetEvent

[+] MSACM32.dll

[+] OLEAUT32.dll

[+] USER32.dll

RedrawWindow

GetMessagePos

SetMenuDefaultItem

SetRectEmpty

DestroyMenu

PostQuitMessage

SetWindowPos

IsWindow

EndPaint

ScrollWindowEx

WindowFromPoint

SetMenuItemInfoW

SendMessageW

GetDC

GetCursorPos

ReleaseDC

GetDlgCtrlID

GetMenu

UnregisterClassA

GetMenuStringW

UnregisterClassW

GetClientRect

DefWindowProcW

GetDlgItemTextW

SetScrollPos

CallNextHookEx

IsClipboardFormatAvailable

DestroyCaret

LoadImageW

ClientToScreen

GetActiveWindow

OpenClipboard

GetWindowTextW

RegisterClipboardFormatW

LockWindowUpdate

GetWindowTextLengthW

LoadAcceleratorsW

DrawTextW

GetMenuItemID

DestroyWindow

DrawEdge

GetClassInfoExW

UpdateWindow

EqualRect

ShowScrollBar

CreateCaret

GetMessageW

ShowWindow

DrawFrameControl

SetDlgItemInt

PeekMessageW

TranslateMDISysAccel

EnableWindow

SetWindowPlacement

GetSystemMenu

TranslateMessage

IsWindowEnabled

GetWindow

GetMenuDefaultItem

GetDlgItemInt

SetClipboardData

LoadStringA

SetParent

RegisterClassW

GetWindowPlacement

LoadStringW

DrawMenuBar

EnableMenuItem

TrackPopupMenuEx

GetSubMenu

SetTimer

FillRect

CopyRect

GetSysColorBrush

GetClassInfoW

CreateWindowExW

GetWindowLongW

CharNextW

IsChild

MapWindowPoints

RegisterWindowMessageW

GetMonitorInfoW

BeginPaint

OffsetRect

DefMDIChildProcW

KillTimer

GetClipboardData

GetParent

LoadBitmapW

GetSystemMetrics

SetWindowLongW

GetWindowRect

InflateRect

SetCapture

ReleaseCapture

CharLowerW

PostMessageW

GetScrollInfo

CreatePopupMenu

ShowCaret

DrawFocusRect

GetClassLongW

PtInRect

DrawIconEx

SetWindowTextW

GetDlgItem

BringWindowToTop

ScreenToClient

TrackPopupMenu

GetMenuItemCount

GetDesktopWindow

SetWindowsHookExW

LoadCursorW

LoadIconW

DispatchMessageW

InsertMenuW

SetForegroundWindow

SetFocus

GetMenuItemInfoW

EmptyClipboard

IntersectRect

EndDialog

FindWindowW

GetCapture

SetCaretPos

MessageBeep

LoadMenuW

RemoveMenu

wvsprintfW

DeferWindowPos

BeginDeferWindowPos

MessageBoxW

DefFrameProcW

RegisterClassExW

UnhookWindowsHookEx

MoveWindow

DialogBoxParamW

AppendMenuW

GetWindowDC

AdjustWindowRectEx

SetDlgItemTextW

SetScrollInfo

GetKeyState

EndDeferWindowPos

GetWindowThreadProcessId

GetDoubleClickTime

IsWindowVisible

SubtractRect

SystemParametersInfoW

MonitorFromWindow

FrameRect

InvalidateRect

CallWindowProcW

GetClassNameW

ModifyMenuW

DragDetect

IsMenu

GetFocus

CloseClipboard

SetCursor

SetMenu

TranslateAcceleratorW

[+] ole32.dll

Number of PE resources by type

RT_ICON 2

RT_MANIFEST 1

RT_VERSION 1

RT_GROUP_ICON 1

Number of PE resources by language

ENGLISH US 5

PE resources

1df4705a40a3cca30d9879c16eef0bcbbeaee51c7a1d3113ce30fb8f24ab5358 data

365743600699d40fef274a86084ef5ec4abaf99a83a1adc852eff39efef7d24c data

641e4ad089512b05e0b079d105b8b8ee902d5da6354b764886ee143c9986df9c data

781aa123142f5551abcd8d75e34cb3e24686341235276240580e4f3244616c9d ASCII text

a6d25a809696ca81f168216024ed15e91f5d438f1c650bac6767a670d9b6b554 data

ExifTool file metadata

SubsystemVersion

5.0

LinkerVersion

10.0

ImageVersion

0.0

FileSubtype

FileVersionNumber

4.1.0.0

UninitializedDataSize

LanguageCode

English (U.S.)

FileFlagsMask

0x0000

CharacterSet

Unicode

InitializedDataSize

103424

FileOS

Win32

MIMEType

application/octet-stream

LegalCopyright

FileVersion

4, 1, 0, 0

TimeStamp

2013:08:16 11:59:01+01:00

FileType

Win32 EXE

PEType

PE32

InternalName

Registry Workshop

ProductVersion

4, 1, 0, 0

FileDescription

Registry Workshop

OSVersion

5.0

OriginalFilename

RegWorkshop.dll

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

TorchSoft

CodeSize

78848

ProductName

Registry Workshop

ProductVersionNumber

4.1.0.0

EntryPoint

0x3535

ObjectFileType

Dynamic link library

File identification

MD5 64fca5d4cc118384a1dd4d12d1028914

SHA1 8df942c3587447e32dec8d3a38383b5295937475

SHA256 4ad4a5e11b0ba2ebaae1fa2d7185718c8a113ced52a4b5df0a050fcbf0bfdcbb

ssdeep

3072:5OMJI/CKAQ8FCgWqLCqrzx5bgqMvHuc6JjnHBvwefT/Kc7br65yUdRWVs+RrH:53JGATF8qLCMzxlnJjnP7Kc7OyiMVtr

File size 144.0 KB ( 147456 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

VirusTotal metadata

First submission 2013-08-16 23:47:07 UTC (il y a 5 ans, 8 mois)

Last submission 2013-12-04 07:43:03 UTC (il y a 5 ans, 4 mois)

Noms du fichier

RegWorkshop.dll
4ad4a5e11b0ba2ebaae1fa2d7185718c8a113ced52a4b5df0a050fcbf0bfdcbb
Registry Workshop
qrymao_fromSakura

Advanced heuristic and reputation engines

F-Secure Deepguard Suspicious:W32/Malware!Gemini

Symantec reputation Suspicious.Insight

SHA256:	4ad4a5e11b0ba2ebaae1fa2d7185718c8a113ced52a4b5df0a050fcbf0bfdcbb
Nom du fichier :	qrymao_fromSakura
Ratio de détection :	4 / 46
Date d'analyse :	2013-08-16 23:47:07 UTC (il y a 5 ans, 8 mois) Voir les derniers

Ciphered bundle

FileVersionInfo properties

PE header basic information

PE sections

PE imports

Number of PE resources by type

Number of PE resources by language

PE resources

ExifTool file metadata

File identification

VirusTotal metadata

Advanced heuristic and reputation engines

Laissez votre commentaire...

Récupération de votre mot de passe

Rejoindre la communauté VirusTotal

Se connecter