× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 4d7d9a80973b61f5fecdfdcd2e050ed9bc9541ad82ff68c864d851632ca16a77
Nom du fichier : 39441d65ddd97f851a40c19ff99748f4
Ratio de détection : 39 / 49
Date d'analyse : 2013-12-13 06:08:04 UTC (il y a 3 ans, 7 mois)
Antivirus Résultat Mise à jour
Ad-Aware Win32.Jadtre.I 20131211
Yandex Win32.Otwycal.Gen.2 20131212
AhnLab-V3 Win32/Wampori 20131212
AntiVir TR/Crypt.EPACK.Gen2 20131213
Avast Win32:Wapomi-B 20131213
AVG Win32/Wapomi 20131213
Baidu-International Virus.Win32.Otwycal.$a 20131213
BitDefender Win32.Jadtre.I 20131211
Bkav W32.excCloud16a.PE 20131212
CAT-QuickHeal W32.Otwyacal.C 20131209
ClamAV W32.Virus.Wapomi-1 20131213
Commtouch W32/Trojan.WQGK-7655 20131213
Comodo Virus.Win32.Wapomi.AA 20131213
DrWeb Win32.HLLP.Protil.1 20131213
ESET-NOD32 Win32/Wapomi.AA 20131213
F-Prot W32/Trojan2.OAHD 20131213
F-Secure Win32.Jadtre.I 20131213
Fortinet W32/Agent.R!tr 20131212
GData Win32.Jadtre.I 20131213
Ikarus Backdoor.Win32.Agent 20131213
K7AntiVirus Virus ( 002401471 ) 20131212
K7GW Virus ( 002401471 ) 20131212
Kaspersky Virus.Win32.Otwycal.a 20131213
Kingsoft Win32.Otwycal.xp.112128 20130829
McAfee W32/Simfect 20131213
McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.J 20131212
Microsoft Virus:Win32/Mikcer.A 20131213
eScan Win32.Jadtre.I 20131212
NANO-Antivirus Virus.Win32.Otwycal.dszex 20131213
Norman NetworkWorm 20131213
nProtect Win32.Jadtre.I 20131212
Sophos AV W32/Patched-AG 20131213
Symantec W32.Wapomi.C!inf 20131213
TotalDefense Win32/Wapomi.CD 20131212
TrendMicro PE_WAPOMI.SM 20131213
TrendMicro-HouseCall PE_WAPOMI.SM 20131213
VBA32 Virus.Otwycal.a 20131211
VIPRE Virus.Win32.Otwycal.ab (v) 20131213
ViRobot Win32.Otwycal.A 20131213
Antiy-AVL 20131210
ByteHero 20130613
CMC 20131212
Emsisoft 20131213
Jiangmin 20131213
Malwarebytes 20131213
Panda 20131212
Rising 20131210
SUPERAntiSpyware 20131213
TheHacker 20131212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2004 Realtek Semiconductor Corp.

Publisher Realtek Semiconductor Corp.
Product Realtek AC97 Audio - Event Monitor
Original name Alcxmntr.exe
Internal name Alcxmntr
File version 1.6.0.2
Description Realtek Azalia Audio - Event Monitor
Packers identified
Command embedded
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-19 08:20:50
Entry Point 0x0000F000
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
CreatePolygonRgn
CreatePen
GetBkMode
CreateFontIndirectA
CombineRgn
Rectangle
LineTo
DeleteDC
SetBkMode
BitBlt
SetTextColor
FrameRgn
MoveToEx
CreateBrushIndirect
ExtTextOutA
SetTextAlign
CreateRoundRectRgn
CreateCompatibleDC
GetTextAlign
SelectObject
GetTextExtentPoint32A
GetTextColor
DeleteObject
DeviceIoControl
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetLastError
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
WinExec
FreeEnvironmentStringsA
GetCurrentProcess
CreateThread
GetEnvironmentStrings
LocalAlloc
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
CreateMutexA
GetCPInfo
GetStringTypeA
GetModuleHandleA
lstrcmpA
WriteFile
GetStartupInfoA
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
WaitForMultipleObjects
SetEvent
LocalFree
TerminateProcess
HeapCreate
lstrcpyA
VirtualFree
CreateEventA
Sleep
GetFileType
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
Shell_NotifyIconA
GetMessageA
SetWindowRgn
ReleaseDC
BeginPaint
DefWindowProcA
KillTimer
DestroyMenu
ShowWindow
PostQuitMessage
FindWindowA
DispatchMessageA
EndPaint
PostMessageA
RegisterWindowMessageA
TranslateMessage
GetWindow
CharUpperA
GetSysColor
GetDC
InsertMenuItemA
GetCursorPos
SystemParametersInfoA
CreatePopupMenu
LoadStringA
SendMessageA
CreateWindowExA
GetMenuCheckMarkDimensions
RegisterClassA
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
GetDesktopWindow
LoadImageA
GetClassNameA
SetForegroundWindow
Number of PE resources by type
RT_ICON 5
RT_BITMAP 3
RT_GROUP_ICON 3
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
CHINESE TRADITIONAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
32768

ImageVersion
0.0

ProductName
Realtek AC97 Audio - Event Monitor

FileVersionNumber
1.6.0.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Alcxmntr.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.6.0.2

TimeStamp
2008:06:19 09:20:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Alcxmntr

FileAccessDate
2013:12:13 07:14:29+01:00

ProductVersion
1.6.0.2

FileDescription
Realtek Azalia Audio - Event Monitor

OSVersion
4.0

FileCreateDate
2013:12:13 07:14:29+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2004 Realtek Semiconductor Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corp.

CodeSize
40960

FileSubtype
0

ProductVersionNumber
1.6.0.3

EntryPoint
0xf000

ObjectFileType
Executable application

File identification
MD5 39441d65ddd97f851a40c19ff99748f4
SHA1 d8c34b9b97572aaa74f60f6ec485631016649948
SHA256 4d7d9a80973b61f5fecdfdcd2e050ed9bc9541ad82ff68c864d851632ca16a77
ssdeep
768:jL8ecH0q9sZoYOV/yaN1awYh6o0mOFLhaU5YOFgzum64WDG9xzbPr:MB0qqZoDq8YwXo0mOFLhaqYN1WDG

File size 72.0 KB ( 73728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-13 06:08:04 UTC (il y a 3 ans, 7 mois)
Last submission 2013-12-13 06:08:04 UTC (il y a 3 ans, 7 mois)
Noms du fichier 39441d65ddd97f851a40c19ff99748f4
Alcxmntr.exe
Alcxmntr
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Set keys
Deleted keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications