× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: b5e357e834b0712535df2fd472d146bb30ed25a04dd2209ce7580a0f44911c76
檔案名稱: iToolsSetup_3.1.6.9_tw.exe
偵測率: 7 / 57
分析日期: 2015-03-05 00:42:18 UTC ( 2 年, 1 月 前 ) 檢視最新
防毒 結果 更新
Avast Win32:Malware-gen 20150305
Avira (no cloud) TR/Dldr.Agent.16163772 20150305
DrWeb DLOADER.Trojan 20150305
Jiangmin Adware/iBryte.hjyi 20150304
McAfee Artemis!50067322113B 20150304
TrendMicro-HouseCall Suspicious_GEN.F47V0216 20150305
ViRobot Trojan.Win32.A.a.16163772[h] 20150304
Ad-Aware 20150305
AegisLab 20150305
Yandex 20150228
AhnLab-V3 20150304
Alibaba 20150305
ALYac 20150305
Antiy-AVL 20150304
AVG 20150304
AVware 20150305
Baidu-International 20150304
BitDefender 20150305
Bkav 20150304
ByteHero 20150305
CAT-QuickHeal 20150304
ClamAV 20150304
CMC 20150304
Comodo 20150305
Cyren 20150305
Emsisoft 20150305
ESET-NOD32 20150305
F-Prot 20150305
F-Secure 20150305
Fortinet 20150304
GData 20150305
Ikarus 20150304
K7AntiVirus 20150304
K7GW 20150305
Kaspersky 20150305
Kingsoft 20150305
Malwarebytes 20150305
McAfee-GW-Edition 20150305
Microsoft 20150305
eScan 20150305
NANO-Antivirus 20150304
Norman 20150304
nProtect 20150304
Panda 20150304
Qihoo-360 20150305
Rising 20150304
Sophos 20150305
SUPERAntiSpyware 20150303
Symantec 20150305
Tencent 20150305
TheHacker 20150303
TotalDefense 20150305
TrendMicro 20150305
VBA32 20150304
VIPRE 20150305
Zillya 20150303
Zoner 20150303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) ThinkSky 2011-2014 iTools 2.0

Product iToolsSetup
Original name iToolsSetup
Internal name iToolsSetup
File version 2, 0, 3, 4
Description iToolsSetup
Packers identified
F-PROT appended, UTF-8, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-21 06:03:26
Entry Point 0x000337F6
Number of sections 4
PE sections
Overlays
MD5 03bfce1d979599a51fa0d2a3593a11fe
File type data
Offset 598016
Size 15565756
Entropy 8.00
PE imports
GetTokenInformation
RegCreateKeyExW
RegCloseKey
CreateWellKnownSid
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
CheckTokenMembership
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
_TrackMouseEvent
CreateFontIndirectW
PatBlt
OffsetRgn
SaveDC
CombineRgn
GetObjectA
DeleteDC
RestoreDC
SetBkMode
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
RectVisible
GetStockObject
ExtCreateRegion
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
GetTextExtentPoint32W
CreateCompatibleBitmap
GetAdaptersInfo
CreateToolhelp32Snapshot
HeapSize
OpenThread
HeapFree
EnterCriticalSection
GetNativeSystemInfo
TerminateThread
GetModuleFileNameW
GlobalFree
GetVersionExW
HeapDestroy
QueryPerformanceCounter
MulDiv
IsDebuggerPresent
GetTickCount
GetThreadLocale
GlobalUnlock
GetVersionExA
lstrlenW
Process32NextW
DeleteCriticalSection
GetCurrentProcess
Module32FirstW
SizeofResource
GetLocaleInfoA
GetFileSize
OpenProcess
LockResource
GetCommandLineW
WideCharToMultiByte
GetVolumeInformationW
MultiByteToWideChar
GetStartupInfoW
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetSystemInfo
Process32FirstW
GetProcessHeap
RaiseException
UnhandledExceptionFilter
GlobalReAlloc
RemoveDirectoryW
SetFilePointer
Module32NextW
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
ReadFile
GetSystemTimeAsFileTime
FindResourceW
GetACP
HeapReAlloc
GetModuleHandleW
FreeResource
LocalFree
TerminateProcess
InitializeCriticalSection
LoadResource
FindResourceExW
CreateFileW
GlobalAlloc
CreateProcessW
InterlockedDecrement
Sleep
MoveFileW
CloseHandle
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
GlobalLock
GetCurrentProcessId
GetLastError
InterlockedIncrement
TransparentBlt
AlphaBlend
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
_purecall
__wgetmainargs
malloc
_crt_debugger_hook
?what@exception@std@@UBEPBDXZ
__p__fmode
ferror
_configthreadlocale
fread
fclose
_time64
__dllonexit
_stricmp
__RTDynamicCast
wcsncpy_s
swprintf_s
memset
_cexit
_invalid_parameter_noinfo
_invoke_watson
fopen
_endthreadex
_amsg_exit
sscanf_s
wcsnlen
_CxxThrowException
??2@YAPAXI@Z
fwrite
_vscprintf
_lock
_mbscmp
_onexit
vsprintf_s
isalpha
_encode_pointer
??_V@YAXPAX@Z
_wfopen_s
exit
__setusermatherr
_decode_pointer
_atoi64
_XcptFilter
printf
strcat_s
_wcsicmp
tolower
memmove_s
_unlock
?terminate@@YAXXZ
_adjust_fdiv
__p__commode
??3@YAXPAX@Z
free
wcscpy_s
memcpy_s
_except_handler4_common
atoi
_mbsstr
_wfopen
atof
memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??0exception@std@@QAE@ABV01@@Z
vswprintf_s
sprintf_s
_initterm
_ftelli64
__set_app_type
??1exception@std@@UAE@XZ
strpbrk
_initterm_e
__CxxFrameHandler3
_controlfp_s
??0exception@std@@QAE@ABQBD@Z
_vscwprintf
_fseeki64
iswspace
wcsstr
??0exception@std@@QAE@XZ
_exit
_wcmdln
_beginthread
_wtoi
DrawDibClose
DrawDibOpen
DrawDibDraw
SHCreateDirectoryExW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetMalloc
CommandLineToArgvW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryEmptyW
PathFindExtensionW
PathStripToRootW
PathIsDirectoryW
SetFocus
IsRectEmpty
GetParent
UpdateWindow
IntersectRect
GetPropW
PostQuitMessage
OffsetRect
DefWindowProcW
MoveWindow
GetCapture
KillTimer
GetMessageW
ShowWindow
SetWindowPos
EndPaint
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
InflateRect
RegisterClassExW
SetCapture
ReleaseCapture
EnumChildWindows
SetPropW
TranslateMessage
BeginPaint
SendMessageTimeoutW
PostMessageW
EndDialog
DispatchMessageW
CreateWindowExW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
EqualRect
SendMessageW
UnregisterClassA
IsWindowVisible
IsZoomed
DestroyWindow
SetWindowTextW
RemovePropW
SystemParametersInfoW
DrawTextW
IsWindow
ScreenToClient
SetRect
InvalidateRect
SetTimer
SetRectEmpty
EnableWindow
EnumThreadWindows
GetClientRect
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetCursor
GetWindowTextLengthW
GetDC
MsgWaitForMultipleObjects
GetWindowLongW
SetCursor
SetWindowRgn
PtInRect
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
__WSAFDIsSet
socket
closesocket
ntohl
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
connect
WSACleanup
inet_ntoa
htons
recv
select
GdipCreateFontFromDC
GdipSetClipRectI
GdipCreateStringFormat
GdipCreateSolidFill
GdipMeasureString
GdiplusShutdown
GdipSetStringFormatTrimming
GdiplusStartup
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFromHDC
GdipCreatePen1
GdipSetStringFormatAlign
GdipGetImageWidth
GdipAlloc
GdipDrawImageRectI
GdipDeletePen
GdipFillRectangleI
GdipCloneBrush
GdipDrawLineI
GdipFree
GdipDrawString
GdipSetStringFormatFlags
GdipGetImageHeight
GdipDeleteStringFormat
GdipDisposeImage
GdipCloneImage
GdipDeleteBrush
GdipSetStringFormatLineAlign
GdipGetImagePixelFormat
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid
Number of PE resources by type
RT_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
UIR 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 11
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.3.4

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x001f

FileDescription
iToolsSetup

CharacterSet
Unicode

InitializedDataSize
352256

PrivateBuild
2034

EntryPoint
0x337f6

OriginalFileName
iToolsSetup

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) ThinkSky 2011-2014 iTools 2.0

FileVersion
2, 0, 3, 4

TimeStamp
2014:11:21 07:03:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iToolsSetup

ProductVersion
2, 0, 3, 4

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
241664

ProductName
iToolsSetup

ProductVersionNumber
2.0.3.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 50067322113bdd55b8e7da5d05a000c0
SHA1 87ffa2b0bc219d87356e841bebf87b7f071605d7
SHA256 b5e357e834b0712535df2fd472d146bb30ed25a04dd2209ce7580a0f44911c76
ssdeep
393216:O+BsMaEDr/c0nVhtNK687yDFY/jOMM6XwlEz9:n/cAXK687yhY/86aEB

authentihash 5f4afd2044bb770d00f220bb04b3246ec96b522b41e40b03365cd47a4bc33b93
imphash 82de8804dd5863b020c0a93fec3afc93
File size 15.4 MB ( 16163772 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (38.7%)
Win64 Executable (generic) (34.3%)
Windows screen saver (16.2%)
Win32 Executable (generic) (5.6%)
Generic Win/DOS Executable (2.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-02-16 05:50:50 UTC ( 2 年, 2 月 前 )
Last submission 2016-06-28 15:01:11 UTC ( 10 月 前 )
檔案名稱 iToolsSetup_3.1.6.9_tw.exe
iToolsSetup_3.1.69_tw.exe
itool.exe
b5e357e834b0712535df2fd472d146bb30ed25a04dd2209ce7580a0f44911c76
iToolsSetup_3.0_tw.exe
iToolsSetup
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.