× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a3e494e1704e48fc7da68e195cc028623eebdec311e62351bc530f3072ea4638
File name: TempMax.exe
Detection ratio: 15 / 57
Analysis date: 2015-06-08 04:43:07 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20150608
AVG Win32/DH{gROBDwBhATY1gRI} 20150608
AVware Trojan.Win32.Generic!BT 20150608
Bkav W32.SalideD.Trojan 20150606
ClamAV Win.Trojan.Agent-730108 20150605
Cyren W32/Trojan.FUCK-5560 20150608
ESET-NOD32 a variant of Win32/CMDOW.A potentially unsafe 20150608
F-Prot W32/Trojan2.OIOK 20150607
K7AntiVirus Trojan ( 0040f6f11 ) 20150605
K7GW Trojan ( 0040f6f11 ) 20150608
NANO-Antivirus Trojan.Win32.FUCK5560.dpgbde 20150608
Panda Trj/Dtcontx.I 20150607
Tencent Trojan.Win32.Qudamah.Gen.24 20150608
VBA32 Trojan.BAT.BitCoinMiner 20150605
VIPRE Trojan.Win32.Generic!BT 20150608
Ad-Aware 20150608
AegisLab 20150608
Yandex 20150607
AhnLab-V3 20150607
Alibaba 20150607
ALYac 20150608
Arcabit 20150608
Avast 20150608
Avira (no cloud) 20150607
Baidu-International 20150607
BitDefender 20150608
ByteHero 20150608
CAT-QuickHeal 20150606
CMC 20150604
Comodo 20150608
DrWeb 20150608
Emsisoft 20150608
F-Secure 20150608
Fortinet 20150608
GData 20150608
Ikarus 20150608
Jiangmin 20150607
Kaspersky 20150608
Kingsoft 20150608
Malwarebytes 20150607
McAfee 20150608
McAfee-GW-Edition 20150607
Microsoft 20150608
eScan 20150608
nProtect 20150605
Qihoo-360 20150608
Rising 20150607
Sophos AV 20150608
SUPERAntiSpyware 20150605
Symantec 20150608
TheHacker 20150607
TotalDefense 20150607
TrendMicro 20150608
TrendMicro-HouseCall 20150608
ViRobot 20150608
Zillya 20150607
Zoner 20150605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
April 2015

Publisher Spexx
Product Spexx XMG Magi TempMax
File version 1.0.0.0
Description CPU temperature control module
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-26 19:39:54
Entry Point 0x00005FE4
Number of sections 4
PE sections
Overlays
MD5 609567fcc2ad345fdc0663a1381df56e
File type data
Offset 163840
Size 109863
Entropy 7.39
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
GetModuleHandleA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
SetFilePointer
ReadFile
WriteFile
GetStartupInfoA
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
GetVersion
VirtualAlloc
ShellExecuteExA
timeGetTime
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
114688

ImageVersion
0.0

ProductName
Spexx XMG Magi TempMax

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2013:02:26 19:39:54+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

FileDescription
CPU temperature control module

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
April 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Spexx

CodeSize
45056

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x5fe4

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 49d69b23cc219b2d6d53d4fc2df1f3b1
SHA1 fcafb560210c972c7363af2dee90c88092ae9402
SHA256 a3e494e1704e48fc7da68e195cc028623eebdec311e62351bc530f3072ea4638
ssdeep
3072:i8L48YRd43J/v5foWpnS9QoWY1+zwEYE0RTaUgASEEU6kWhS5qUQ26b94dW:H4YJHJBG1+YaU5SEXPf5qUiJ4E

authentihash a65da0cbb5b408c2d82bedfbd4c06089cb56bf5123530108c08f043287b54d45
imphash a04f32913d3ef18e07d2c1e3f373c264
File size 267.3 KB ( 273703 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-08 04:43:07 UTC ( 2 years, 4 months ago )
Last submission 2015-06-08 04:43:07 UTC ( 2 years, 4 months ago )
File names TempMax.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.