× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 3707714825a8829666d3f116eabac73aa965c0e93532fca78d5078b8c5445f0b
ファイル名: tcpview.exe
検出率: 2 / 55
分析日時: 2015-12-17 03:28:51 UTC (1 年, 5 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
F-Secure Trojan:W32/Backdoored.A 20151217
Qihoo-360 QVM19.1.Malware.Gen 20151217
Ad-Aware 20151216
AegisLab 20151216
Yandex 20151214
AhnLab-V3 20151216
Alibaba 20151208
ALYac 20151217
Antiy-AVL 20151217
Arcabit 20151217
Avast 20151217
AVG 20151217
Avira (no cloud) 20151217
AVware 20151217
Baidu-International 20151216
BitDefender 20151217
Bkav 20151215
ByteHero 20151217
CAT-QuickHeal 20151216
ClamAV 20151217
CMC 20151216
Comodo 20151216
Cyren 20151217
DrWeb 20151217
Emsisoft 20151217
ESET-NOD32 20151217
F-Prot 20151217
Fortinet 20151217
GData 20151217
Ikarus 20151217
Jiangmin 20151216
K7AntiVirus 20151216
K7GW 20151217
Kaspersky 20151217
Malwarebytes 20151217
McAfee 20151217
McAfee-GW-Edition 20151217
Microsoft 20151216
eScan 20151216
NANO-Antivirus 20151217
nProtect 20151216
Panda 20151215
Rising 20151216
Sophos 20151217
SUPERAntiSpyware 20151217
Symantec 20151216
Tencent 20151217
TheHacker 20151215
TrendMicro 20151217
TrendMicro-HouseCall 20151217
VBA32 20151216
VIPRE 20151216
ViRobot 20151217
Zillya 20151216
Zoner 20151217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1998-2011 Mark Russinovich and Bryce Cogswell

Product Sysinternals TCPView
Internal name TCPView
File version 3.05
Description TCP/UDP endpoint viewer
Signature verification A certificate was explicitly revoked by its issuer.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-18 11:46:19
Entry Point 0x000149D8
Number of sections 4
PE sections
Overlays
MD5 578566b45e2abc7b6d1ee302c6d9a473
File type data
Offset 293888
Size 3848
Entropy 7.13
PE imports
GetTokenInformation
FlushTraceA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegOpenKeyExA
RegCreateKeyA
ConvertSidToStringSidA
CreateToolbarEx
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
Ord(6)
PrintDlgA
GetSaveFileNameA
ChooseFontA
GetDeviceCaps
GetObjectA
SetMapMode
DeleteDC
CreateFontIndirectA
SetBkMode
StartDocA
GetStockObject
GetBkColor
EndDoc
GetTextMetricsA
CreateSolidBrush
StartPage
SelectObject
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
EndPage
SetTcpEntry
GetUdpTable
GetTcpTable
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
TlsGetValue
FormatMessageA
SetLastError
DeviceIoControl
GetUserDefaultLangID
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
RaiseException
EnumSystemLocalesA
SetConsoleCtrlHandler
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
GetNumberFormatA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
OpenProcess
ReadProcessMemory
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
ResetEvent
IsValidLocale
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
QueryPerformanceFrequency
CompareStringA
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
CreateErrorInfo
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SysStringLen
SysStringByteLen
SysAllocStringLen
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayGetUBound
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
VariantInit
SafeArrayGetElement
GetModuleFileNameExA
SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
CommandLineToArgvW
SetFocus
GetMessageA
GetParent
UpdateWindow
PostMessageA
EndDialog
LoadMenuA
ReleaseCapture
DefWindowProcA
KillTimer
PostQuitMessage
ScreenToClient
ShowWindow
SetWindowPos
GetSystemMetrics
EnableMenuItem
GetMenu
SetTimer
DispatchMessageA
ClientToScreen
SetDlgItemTextA
SetCapture
SetMenuItemInfoA
MessageBoxA
ChildWindowFromPoint
SetWindowLongA
GetWindowLongA
TranslateMessage
DialogBoxParamA
GetFocus
GetSysColor
GetDC
GetCursorPos
LoadAcceleratorsA
SetWindowTextA
CheckMenuItem
DestroyIcon
LoadStringA
SetClipboardData
DrawIconEx
IsZoomed
EmptyClipboard
DrawTextA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
SetCursor
MoveWindow
IsIconic
RegisterClassA
InvalidateRect
InsertMenuA
GetSubMenu
CreateMenu
LoadCursorA
LoadIconA
TrackPopupMenu
SendMessageA
TranslateAcceleratorA
GetWindowRect
GetSysColorBrush
InflateRect
CallWindowProcA
RedrawWindow
ReleaseDC
FillRect
CloseClipboard
InvalidateRgn
DestroyWindow
DialogBoxIndirectParamA
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
gethostname
socket
closesocket
ntohl
send
getservbyport
WSAStartup
gethostbyname
ntohs
connect
htonl
htons
recv
gethostbyaddr
WSAGetLastError
CoCreateInstance
CoInitialize
CoSetProxyBlanket
Number of PE resources by type
RT_ICON 5
RT_DIALOG 4
RT_GROUP_ICON 3
RT_STRING 2
RT_MENU 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.5.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
55296

EntryPoint
0x149d8

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1998-2011 Mark Russinovich and Bryce Cogswell

FileVersion
3.05

TimeStamp
2011:05:18 12:46:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TCPView

ProductVersion
3.05

FileDescription
TCP/UDP endpoint viewer

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
237568

ProductName
Sysinternals TCPView

ProductVersionNumber
3.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 edd9e7e2dd4a4651b0c0df960e04508b
SHA1 3c7e0d4e0a30c9f4e29b4e33770653ba73918157
SHA256 3707714825a8829666d3f116eabac73aa965c0e93532fca78d5078b8c5445f0b
ssdeep
6144:D1o12lUr7EbaK1zw9mdo7DZJ/wDAUZlYmtUhMKlfYA:DC1Zob/w9tDZJwDrPYm8RYA

authentihash 3ed3a70a2480d001382729f03ded55a4b6e7c3109ba5f02f9771ad195b4c778b
imphash 3ce43dcc9f8226b50b65387f4477de91
File size 290.8 KB ( 297736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-17 03:28:51 UTC (1 年, 5 ヶ月前)
Last submission 2015-12-17 13:22:28 UTC (1 年, 5 ヶ月前)
ファイル名 TCPView
tcpview.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs