Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Strongvault Residue
Message
<blockquote data-quote="pebkac1" data-source="post: 107478" data-attributes="member: 6240"><p>TPUserinit.exe</p><p></p><p>SHA256: d025f54cc2fffe5b973c44a2f1ca54734b8cf636fd404bf859455bad399b1d4a</p><p>SHA1: ef52502cfe7ac20b5962ac6ffabb397b6a4e6698</p><p>MD5: f5d867d6f592f8d7adc38eeee34995f6</p><p>File size: 616.8 KB ( 631624 bytes )</p><p>File name: TPUserinit.exe</p><p>File type: Win32 EXE</p><p>Detection ratio: 0 / 45 </p><p></p><p>ssdeep</p><p>12288:maWzgMg7v3qnCiMErQohh0F4CCJ8lny/Qc:haHMv6Corjqny/Qc</p><p>TrID</p><p>Win32 Executable Generic (42.3%)</p><p>Win32 Dynamic Link Library (generic) (37.6%)</p><p>Generic Win/DOS Executable (9.9%)</p><p>DOS Executable Generic (9.9%)</p><p>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)</p><p>ExifTool</p><p></p><p>SubsystemVersion.........: 5.0</p><p>Comments.................: ThinPoint Session Userinit</p><p>InitializedDataSize......: 98304</p><p>ImageVersion.............: 0.0</p><p>ProductName..............: ThinPoint Session Userinit</p><p>FileVersionNumber........: 5.0.0.2</p><p>UninitializedDataSize....: 0</p><p>LanguageCode.............: English (Australian)</p><p>FileFlagsMask............: 0x0000</p><p>CharacterSet.............: Unicode</p><p>LinkerVersion............: 9.0</p><p>MIMEType.................: application/octet-stream</p><p>Subsystem................: Windows GUI</p><p>FileVersion..............: 5.0.0.2</p><p>TimeStamp................: 2010:04:16 08:47:33+01:00</p><p>FileType.................: Win32 EXE</p><p>PEType...................: PE32</p><p>ProductVersion...........: 5,0,0,2</p><p>FileDescription..........: ThinPoint Session Userinit</p><p>OSVersion................: 5.0</p><p>FileOS...................: Win32</p><p>LegalCopyright...........: Copyright (C) 2010 NetLeverage.</p><p>MachineType..............: Intel 386 or later, and compatibles</p><p>CompanyName..............: Net Leverage Pty Ltd.</p><p>CodeSize.................: 524800</p><p>FileSubtype..............: 0</p><p>ProductVersionNumber.....: 3.3.6.1</p><p>EntryPoint...............: 0x16310</p><p>ObjectFileType...........: Unknown</p><p></p><p>Sigcheck</p><p></p><p>publisher................: Net Leverage Pty Ltd.</p><p>product..................: ThinPoint Session Userinit</p><p>copyright................: Copyright (C) 2010 NetLeverage.</p><p>file version.............: 5.0.0.2</p><p>signing date.............: 3:03 AM 11/4/2010</p><p>comments.................: ThinPoint Session Userinit</p><p>signers..................: Net Leverage Pty Ltd.; UTN-USERFirst-Object</p><p>description..............: ThinPoint Session Userinit</p><p></p><p>Portable Executable structural information</p><p></p><p>Compilation timedatestamp.....: 2010-04-16 07:47:33</p><p>Target machine................: 0x14C (Intel 386 or later processors and compatible processors)</p><p>Entry point address...........: 0x00016310</p><p></p><p>PE Sections...................:</p><p></p><p>Name Virtual Address Virtual Size Raw Size Entropy MD5</p><p>.text 4096 524311 524800 6.63 be1208f841dc92012d5f6bbdd832e6d9</p><p>.rdata 532480 55644 55808 4.88 d6ee3d7f33205828a9d70ce744d3d4bb</p><p>.data 589824 107800 26624 2.20 e5d77411f751d28c6eee48a743606795</p><p>.rsrc 700416 15516 15872 4.67 385d33e79b3cc7c0d835eaf6c14020d1</p><p></p><p>PE Imports....................:</p><p></p><p>[[MPR.dll]]</p><p>WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W</p><p></p><p>[[COMDLG32.dll]]</p><p>GetSaveFileNameW, GetOpenFileNameW</p><p></p><p>[[COMCTL32.dll]]</p><p>ImageList_BeginDrag, ImageList_Destroy, ImageList_Create, ImageList_Remove, ImageList_DragEnter, ImageList_DragMove, ImageList_DragLeave, InitCommonControlsEx, ImageList_ReplaceIcon, ImageList_SetDragCursorImage, ImageList_EndDrag</p><p></p><p>[[VERSION.dll]]</p><p>VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW</p><p></p><p>[[WINMM.dll]]</p><p>waveOutSetVolume, timeGetTime, mciSendStringW</p><p></p><p>[[WININET.dll]]</p><p>HttpQueryInfoW, FtpOpenFileW, InternetQueryDataAvailable, InternetQueryOptionW, InternetConnectW, FtpGetFileSize, InternetReadFile, InternetCloseHandle, InternetCrackUrlW, InternetSetOptionW, HttpSendRequestW, InternetOpenUrlW, InternetOpenW, HttpOpenRequestW</p><p></p><p>[[GDI32.dll]]</p><p>CreatePen, EndPath, GetPixel, Rectangle, PolyDraw, LineTo, DeleteDC, SetBkMode, CreateFontW, SetPixel, CreateDCW, GetObjectW, AngleArc, SetTextColor, GetDeviceCaps, GetTextFaceW, GetTextExtentPoint32W, MoveToEx, GetStockObject, SetViewportOrgEx, StrokePath, GetDIBits, RoundRect, CreateCompatibleDC, StrokeAndFillPath, StretchBlt, CloseFigure, SelectObject, CreateCompatibleBitmap, CreateSolidBrush, ExtCreatePen, SetBkColor, BeginPath, DeleteObject, Ellipse</p><p></p><p>[[ADVAPI32.dll]]</p><p>RegCreateKeyExW, RegCloseKey, CopySid, GetAce, AdjustTokenPrivileges, InitializeAcl, LookupPrivilegeValueW, RegDeleteKeyW, UnlockServiceDatabase, RegQueryValueExW, SetSecurityDescriptorDacl, CloseServiceHandle, GetAclInformation, OpenProcessToken, RegConnectRegistryW, RegOpenKeyExW, GetTokenInformation, DuplicateTokenEx, GetUserNameW, GetSecurityDescriptorDacl, RegDeleteValueW, LockServiceDatabase, RegEnumKeyExW, OpenThreadToken, GetLengthSid, CreateProcessAsUserW, InitializeSecurityDescriptor, RegEnumValueW, LogonUserW, RegSetValueExW, OpenSCManagerW, InitiateSystemShutdownExW, CreateProcessWithLogonW, AddAce</p><p></p><p>[[KERNEL32.dll]]</p><p>GetStdHandle, GetDriveTypeW, GetConsoleOutputCP, FileTimeToSystemTime, WaitForSingleObject, GetPrivateProfileSectionNamesW, GetFileAttributesW, GetLocalTime, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, GetLocaleInfoA, UnhandledExceptionFilter, SetErrorMode, FreeEnvironmentStringsW, SetStdHandle, WideCharToMultiByte, GetStringTypeA, GetDiskFreeSpaceW, InterlockedExchange, WriteFile, GetSystemTimeAsFileTime, GlobalMemoryStatusEx, HeapReAlloc, GetStringTypeW, GetExitCodeProcess, FormatMessageW, ResumeThread, GetTimeZoneInformation, LoadResource, FindClose, InterlockedDecrement, MoveFileW, SetFileAttributesW, GetCurrentThread, GetEnvironmentVariableW, SetLastError, DeviceIoControl, TlsGetValue, CopyFileW, WriteProcessMemory, OutputDebugStringW, RemoveDirectoryW, Beep, IsDebuggerPresent, HeapAlloc, GetModuleFileNameA, LoadLibraryA, RaiseException, WritePrivateProfileSectionW, GetVolumeInformationW, LoadLibraryExW, MultiByteToWideChar, SetFilePointerEx, GetPrivateProfileStringW, GetModuleHandleA, GetFullPathNameW, CreateThread, SetEnvironmentVariableW, GetSystemDirectoryW, CreatePipe, SetUnhandledExceptionFilter, MulDiv, GetDateFormatA, ExitThread, SetEnvironmentVariableA, SetPriorityClass, TerminateProcess, WriteConsoleA, SetCurrentDirectoryW, GlobalAlloc, LocalFileTimeToFileTime, GetDiskFreeSpaceExW, SetEndOfFile, GetCurrentThreadId, InterlockedIncrement, WriteConsoleW, CreateToolhelp32Snapshot, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, TerminateThread, LoadLibraryW, GetVersionExW, SetEvent, QueryPerformanceCounter, GetTickCount, TlsAlloc, FlushFileBuffers, lstrcmpiW, RtlUnwind, FreeLibrary, GetStartupInfoA, GetProcessIoCounters, GetWindowsDirectoryW, GetFileSize, OpenProcess, GetStartupInfoW, ReadProcessMemory, CreateDirectoryW, DeleteFileW, GlobalLock, GetProcessHeap, GetTempFileNameW, GetComputerNameW, EnumResourceNamesW, CompareStringW, GetModuleFileNameW, FindNextFileW, CreateHardLinkW, FindFirstFileW, DuplicateHandle, GetProcAddress, SetVolumeLabelW, GetPrivateProfileSectionW, CreateEventW, CreateFileW, GetFileType, TlsSetValue, CreateFileA, ExitProcess, LeaveCriticalSection, GetLastError, SystemTimeToFileTime, LCMapStringW, GetShortPathNameW, VirtualAllocEx, GetSystemInfo, GlobalFree, GetConsoleCP, FindResourceW, LCMapStringA, GetEnvironmentStringsW, GlobalUnlock, Process32NextW, CreateProcessW, FileTimeToLocalFileTime, SizeofResource, GetCurrentDirectoryW, VirtualFreeEx, GetCurrentProcessId, LockResource, SetFileTime, GetCommandLineW, GetCPInfo, HeapSize, SetSystemPowerState, Process32FirstW, WritePrivateProfileStringW, QueryPerformanceFrequency, TlsFree, SetFilePointer, ReadFile, CloseHandle, GetTimeFormatA, GetACP, GetModuleHandleW, IsValidCodePage, HeapCreate, GetTempPathW, VirtualFree, Sleep, VirtualAlloc, GetOEMCP, CompareStringA</p><p></p><p>[[OLEAUT32.dll]]</p><p>Ord(8), Ord(37), Ord(10), Ord(24), Ord(23), Ord(77), Ord(220), Ord(39), Ord(38), Ord(185), Ord(35), Ord(162), Ord(9), Ord(41), Ord(2), Ord(418)</p><p></p><p>[[SHELL32.dll]]</p><p>SHGetFolderPathW, SHEmptyRecycleBinW, SHBrowseForFolderW, DragQueryFileW, SHFileOperationW, ShellExecuteW, SHGetPathFromIDListW, DragQueryPoint, ExtractIconExW, ShellExecuteExW, SHGetDesktopFolder, Shell_NotifyIconW, SHGetMalloc, DragFinish</p><p></p><p>[[PSAPI.DLL]]</p><p>GetProcessMemoryInfo, EnumProcesses, EnumProcessModules, GetModuleBaseNameW</p><p></p><p>[[USERENV.dll]]</p><p>CreateEnvironmentBlock, LoadUserProfileW, UnloadUserProfile, DestroyEnvironmentBlock</p><p></p><p>[[ole32.dll]]</p><p>CreateStreamOnHGlobal, CreateBindCtx, CoUninitialize, CoInitialize, CoTaskMemAlloc, StringFromCLSID, OleSetContainedObject, StringFromIID, CoCreateInstance, OleUninitialize, CoInitializeSecurity, CLSIDFromProgID, CLSIDFromString, OleSetMenuDescriptor, CoCreateInstanceEx, IIDFromString, MkParseDisplayName, CoTaskMemFree, CoSetProxyBlanket, OleInitialize</p><p></p><p>[[USER32.dll]]</p><p>RedrawWindow, GetForegroundWindow, UnregisterHotKey, DrawTextW, SetUserObjectSecurity, DestroyMenu, PostQuitMessage, SetWindowPos, IsWindow, EndPaint, OpenWindowStationW, WindowFromPoint, CharUpperBuffW, VkKeyScanW, SetMenuItemInfoW, SetActiveWindow, GetDC, GetCursorPos, ReleaseDC, GetMenuStringW, GetMenu, IsWindowEnabled, GetClientRect, CreateAcceleratorTableW, SetMenuDefaultItem, IsClipboardFormatAvailable, LoadImageW, CountClipboardFormats, BlockInput, GetActiveWindow, RegisterHotKey, OpenClipboard, GetWindowTextW, LockWindowUpdate, GetWindowTextLengthW, GetKeyState, PtInRect, GetParent, GetCursorInfo, AttachThreadInput, EnumWindows, GetMessageW, ShowWindow, GetCaretPos, DrawFrameControl, GetDesktopWindow, IsCharAlphaW, PeekMessageW, InsertMenuItemW, TranslateMessage, BeginPaint, SetClipboardData, GetMenuItemID, DestroyWindow, OpenDesktopW, IsZoomed, LoadStringW, DrawMenuBar, IsCharLowerW, IsIconic, TrackPopupMenuEx, DrawFocusRect, CreateMenu, IsDialogMessageW, FlashWindow, EnumThreadWindows, MonitorFromPoint, CopyRect, GetSysColorBrush, CreateWindowExW, GetWindowLongW, CharNextW, SetFocus, RegisterWindowMessageW, GetMonitorInfoW, EmptyClipboard, IsCharAlphaNumericW, DefWindowProcW, GetKeyboardLayoutNameW, KillTimer, MapVirtualKeyW, CheckMenuRadioItem, GetClipboardData, GetSystemMetrics, SetWindowLongW, GetWindowRect, InflateRect, SetCapture, ReleaseCapture, EnumChildWindows, SetProcessWindowStation, SendDlgItemMessageW, SetKeyboardState, MonitorFromRect, CreatePopupMenu, GetSubMenu, GetClassLongW, SetWindowTextW, SetTimer, GetDlgItem, SendInput, ClientToScreen, PostMessageW, CloseWindowStation, GetKeyboardState, GetMenuItemCount, IsDlgButtonChecked, DestroyAcceleratorTable, CreateIconFromResourceEx, LoadCursorW, LoadIconW, FindWindowExW, DispatchMessageW, FillRect, SetForegroundWindow, GetProcessWindowStation, ExitWindowsEx, GetMenuItemInfoW, GetAsyncKeyState, EnableWindow, CharLowerBuffW, SetLayeredWindowAttributes, EndDialog, FindWindowW, GetDlgCtrlID, ScreenToClient, MessageBeep, GetWindowThreadProcessId, MessageBoxW, SendMessageW, RegisterClassExW, SetMenu, MoveWindow, DialogBoxParamW, MessageBoxA, IsCharUpperW, GetWindowDC, AdjustWindowRectEx, mouse_event, SendMessageTimeoutW, GetSysColor, keybd_event, CopyImage, DestroyIcon, IsWindowVisible, SystemParametersInfoW, FrameRect, SetRect, DeleteMenu, InvalidateRect, GetUserObjectSecurity, GetClassNameW, CloseDesktop, IsMenu, GetFocus, wsprintfW, CloseClipboard, TranslateAcceleratorW, DefDlgProcW, SetCursor</p><p></p><p>[[WSOCK32.dll]]</p><p>Ord(3), Ord(1), Ord(111), Ord(115), Ord(18), Ord(11), Ord(20), Ord(17), Ord(15), Ord(52), Ord(13), Ord(151), Ord(116), Ord(4), Ord(19), Ord(2), Ord(10), Ord(57), Ord(23), Ord(21), Ord(16), Ord(9)</p><p></p><p>PE Resources..................:</p><p></p><p>Resource type Number of resources</p><p>RT_STRING 7</p><p>RT_ICON 4</p><p>RT_GROUP_ICON 4</p><p>RT_DIALOG 1</p><p>RT_MANIFEST 1</p><p>RT_MENU 1</p><p>RT_VERSION 1</p><p></p><p>Resource language Number of resources</p><p>ENGLISH UK 16</p><p>ENGLISH US 2</p><p>ENGLISH AUS 1</p><hr /><p></p><p>SHA256: a7d335cd1db264bcee139f807ecf8b0e5da34613a5dc85292c77105c0a21a781</p><p>File name: Srv.exe</p><p>Detection ratio: 0 / 46 </p><p>ssdeep</p><p>49152:31Bqb4ZUhQwKDdzr+DlK9jZXWsLcS3b2ZA8jRl99IFmZxqt:lM8ZwY+QJZXJLR3b2ZA8jRlfI8ct</p><p>TrID</p><p>Win64 Executable Generic (95.5%)</p><p>Generic Win/DOS Executable (2.2%)</p><p>DOS Executable Generic (2.2%)</p><p>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)</p><p>ExifTool</p><p></p><p>CodeSize.................: 60416</p><p>SubsystemVersion.........: 5.2</p><p>InitializedDataSize......: 1560576</p><p>ImageVersion.............: 0.0</p><p>ProductName..............: ThinPoint</p><p>FileVersionNumber........: 5.5.0.17</p><p>UninitializedDataSize....: 0</p><p>LanguageCode.............: English (U.S.)</p><p>FileFlagsMask............: 0x0017</p><p>CharacterSet.............: Unicode</p><p>LinkerVersion............: 9.0</p><p>OriginalFilename.........: Srv.exe</p><p>MIMEType.................: application/octet-stream</p><p>Subsystem................: Windows GUI</p><p>FileVersion..............: 5, 5, 0, 17</p><p>TimeStamp................: 2012:07:02 07:56:08+01:00</p><p>FileType.................: Win64 EXE</p><p>PEType...................: PE32+</p><p>InternalName.............: Srv</p><p>ProductVersion...........: 5, 5, 0, 0</p><p>FileDescription..........: ThinPoint Multisession Service</p><p>OSVersion................: 5.2</p><p>FileOS...................: Win32</p><p>LegalCopyright...........: Copyright (C) 2010 Net Leverage Pty Ltd</p><p>MachineType..............: AMD AMD64</p><p>CompanyName..............: Net Leverage Pty Ltd</p><p>LegalTrademarks..........: NetLeverage, ThinPoint</p><p>FileSubtype..............: 0</p><p>ProductVersionNumber.....: 5.5.0.0</p><p>EntryPoint...............: 0x9d9c</p><p>ObjectFileType...........: Executable application</p><p></p><p>Sigcheck</p><p></p><p>publisher................: Net Leverage Pty Ltd</p><p>product..................: ThinPoint</p><p>internal name............: Srv</p><p>copyright................: Copyright (C) 2010 Net Leverage Pty Ltd</p><p>original name............: Srv.exe</p><p>signing date.............: 6:57 AM 7/2/2012</p><p>signers..................: Net Leverage Pty. Ltd.; COMODO Code Signing CA 2; UTN-USERFirst-Object; AddTrust External CA Root</p><p>file version.............: 5, 5, 0, 17</p><p>description..............: ThinPoint Multisession Service</p><p></p><p>Portable Executable structural information</p><p></p><p>Compilation timedatestamp.....: 2012-07-02 06:56:08</p><p>Target machine................: 0x8664 (x64)</p><p>Entry point address...........: 0x00009D9C</p><p></p><p>PE Sections...................:</p><p></p><p>Name Virtual Address Virtual Size Raw Size Entropy MD5</p><p>.text 4096 60158 60416 6.28 53960f249eec764becbd508a61eb7188</p><p>.rdata 65536 22446 22528 5.06 ea639ba9e2d03b9cd7f1a59d85ea35d4</p><p>.data 90112 20896 7680 3.74 48b91fa8cf585402c48ac310dbde84dc</p><p>.pdata 114688 2616 3072 4.34 0954e3daaa75f911c826e1f3f009e837</p><p>.rsrc 118784 1523856 1524224 8.00 32090f3bfea022b7c1eb1cf093be155e</p><p>.reloc 1646592 2628 3072 0.76 cd96e6e9f86dfce4f9514300e5ba470c</p><p></p><p>PE Imports....................:</p><p></p><p>[[KERNEL32.dll]]</p><p>GetStdHandle, WaitForSingleObject, EncodePointer, FlsGetValue, GetFileAttributesW, FreeEnvironmentStringsA, DisconnectNamedPipe, GetCurrentProcess, GetLocaleInfoA, LocalAlloc, FreeEnvironmentStringsW, GetCPInfo, GetStringTypeA, WriteFile, GetSystemTimeAsFileTime, HeapReAlloc, GetStringTypeW, SetEvent, LocalFree, ConnectNamedPipe, LoadResource, MoveFileW, GetEnvironmentVariableW, SetLastError, GetModuleFileNameW, IsDebuggerPresent, ExitProcess, FlushFileBuffers, GetModuleFileNameA, HeapSetInformation, RtlVirtualUnwind, UnhandledExceptionFilter, MultiByteToWideChar, RegisterWaitForSingleObject, CreateThread, DeleteCriticalSection, SetNamedPipeHandleState, SetUnhandledExceptionFilter, DecodePointer, TerminateProcess, GetCurrentThreadId, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, LoadLibraryW, GetVersionExW, FreeLibrary, QueryPerformanceCounter, GetTickCount, FlsSetValue, LoadLibraryA, GetStartupInfoA, GetEnvironmentStrings, GetFileSize, CreateDirectoryW, DeleteFileW, GetProcAddress, WaitNamedPipeW, ExpandEnvironmentStringsW, RtlLookupFunctionEntry, RtlUnwindEx, CreateEventW, CreateFileW, GetFileType, HeapAlloc, LeaveCriticalSection, GetNativeSystemInfo, GetLastError, LCMapStringW, CreateNamedPipeW, FindResourceW, LCMapStringA, GetEnvironmentStringsW, SizeofResource, GetCurrentProcessId, LockResource, WideCharToMultiByte, HeapSize, FlsAlloc, GetCommandLineA, FlsFree, ReadFile, RtlCaptureContext, CloseHandle, GetACP, GetModuleHandleW, GetLongPathNameW, IsValidCodePage, HeapCreate, GetTempPathW, Sleep, GetOEMCP</p><p></p><p>[[WTSAPI32.dll]]</p><p>WTSSendMessageW, WTSFreeMemory, WTSQuerySessionInformationW, WTSLogoffSession, WTSEnumerateSessionsW, WTSDisconnectSession</p><p></p><p>[[ADVAPI32.dll]]</p><p>RegCreateKeyExW, RegCloseKey, RegRestoreKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegDeleteKeyW, RegQueryValueExW, SetSecurityDescriptorDacl, ConvertStringSidToSidW, OpenProcessToken, RegOpenKeyExW, SetServiceStatus, RegEnumKeyExW, SetEntriesInAclW, RegSetValueExW, FreeSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, RegisterServiceCtrlHandlerExW, RegSaveKeyExW, StartServiceCtrlDispatcherW, SetNamedSecurityInfoW</p><p></p><p>[[RPCRT4.dll]]</p><p>RpcMgmtSetServerStackSize</p><p></p><p>[[ole32.dll]]</p><p>CoInitializeEx, CoInitializeSecurity</p><p></p><p>[[WS2_32.dll]]</p><p>Ord(3), Ord(11), Ord(10), Ord(22), Ord(23), Ord(111), Ord(16), Ord(116), Ord(4), Ord(115), Ord(19), Ord(9)</p><p></p><p>[[USER32.dll]]</p><p>wsprintfA, GetSystemMetrics, wvsprintfA, wsprintfW</p><p></p><p>PE Resources..................:</p><p></p><p>Resource type Number of resources</p><p>RT_MANIFEST 1</p><p>TPB 1</p><p>RT_VERSION 1</p><p></p><p>Resource language Number of resources</p><p>ENGLISH US 3</p><p></p><p>----</p><p>I don't know for sure that I use ThinPoint, but I do RDP quite often.</p></blockquote><p></p>
[QUOTE="pebkac1, post: 107478, member: 6240"] TPUserinit.exe SHA256: d025f54cc2fffe5b973c44a2f1ca54734b8cf636fd404bf859455bad399b1d4a SHA1: ef52502cfe7ac20b5962ac6ffabb397b6a4e6698 MD5: f5d867d6f592f8d7adc38eeee34995f6 File size: 616.8 KB ( 631624 bytes ) File name: TPUserinit.exe File type: Win32 EXE Detection ratio: 0 / 45 ssdeep 12288:maWzgMg7v3qnCiMErQohh0F4CCJ8lny/Qc:haHMv6Corjqny/Qc TrID Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ExifTool SubsystemVersion.........: 5.0 Comments.................: ThinPoint Session Userinit InitializedDataSize......: 98304 ImageVersion.............: 0.0 ProductName..............: ThinPoint Session Userinit FileVersionNumber........: 5.0.0.2 UninitializedDataSize....: 0 LanguageCode.............: English (Australian) FileFlagsMask............: 0x0000 CharacterSet.............: Unicode LinkerVersion............: 9.0 MIMEType.................: application/octet-stream Subsystem................: Windows GUI FileVersion..............: 5.0.0.2 TimeStamp................: 2010:04:16 08:47:33+01:00 FileType.................: Win32 EXE PEType...................: PE32 ProductVersion...........: 5,0,0,2 FileDescription..........: ThinPoint Session Userinit OSVersion................: 5.0 FileOS...................: Win32 LegalCopyright...........: Copyright (C) 2010 NetLeverage. MachineType..............: Intel 386 or later, and compatibles CompanyName..............: Net Leverage Pty Ltd. CodeSize.................: 524800 FileSubtype..............: 0 ProductVersionNumber.....: 3.3.6.1 EntryPoint...............: 0x16310 ObjectFileType...........: Unknown Sigcheck publisher................: Net Leverage Pty Ltd. product..................: ThinPoint Session Userinit copyright................: Copyright (C) 2010 NetLeverage. file version.............: 5.0.0.2 signing date.............: 3:03 AM 11/4/2010 comments.................: ThinPoint Session Userinit signers..................: Net Leverage Pty Ltd.; UTN-USERFirst-Object description..............: ThinPoint Session Userinit Portable Executable structural information Compilation timedatestamp.....: 2010-04-16 07:47:33 Target machine................: 0x14C (Intel 386 or later processors and compatible processors) Entry point address...........: 0x00016310 PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 524311 524800 6.63 be1208f841dc92012d5f6bbdd832e6d9 .rdata 532480 55644 55808 4.88 d6ee3d7f33205828a9d70ce744d3d4bb .data 589824 107800 26624 2.20 e5d77411f751d28c6eee48a743606795 .rsrc 700416 15516 15872 4.67 385d33e79b3cc7c0d835eaf6c14020d1 PE Imports....................: [[MPR.dll]] WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W [[COMDLG32.dll]] GetSaveFileNameW, GetOpenFileNameW [[COMCTL32.dll]] ImageList_BeginDrag, ImageList_Destroy, ImageList_Create, ImageList_Remove, ImageList_DragEnter, ImageList_DragMove, ImageList_DragLeave, InitCommonControlsEx, ImageList_ReplaceIcon, ImageList_SetDragCursorImage, ImageList_EndDrag [[VERSION.dll]] VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW [[WINMM.dll]] waveOutSetVolume, timeGetTime, mciSendStringW [[WININET.dll]] HttpQueryInfoW, FtpOpenFileW, InternetQueryDataAvailable, InternetQueryOptionW, InternetConnectW, FtpGetFileSize, InternetReadFile, InternetCloseHandle, InternetCrackUrlW, InternetSetOptionW, HttpSendRequestW, InternetOpenUrlW, InternetOpenW, HttpOpenRequestW [[GDI32.dll]] CreatePen, EndPath, GetPixel, Rectangle, PolyDraw, LineTo, DeleteDC, SetBkMode, CreateFontW, SetPixel, CreateDCW, GetObjectW, AngleArc, SetTextColor, GetDeviceCaps, GetTextFaceW, GetTextExtentPoint32W, MoveToEx, GetStockObject, SetViewportOrgEx, StrokePath, GetDIBits, RoundRect, CreateCompatibleDC, StrokeAndFillPath, StretchBlt, CloseFigure, SelectObject, CreateCompatibleBitmap, CreateSolidBrush, ExtCreatePen, SetBkColor, BeginPath, DeleteObject, Ellipse [[ADVAPI32.dll]] RegCreateKeyExW, RegCloseKey, CopySid, GetAce, AdjustTokenPrivileges, InitializeAcl, LookupPrivilegeValueW, RegDeleteKeyW, UnlockServiceDatabase, RegQueryValueExW, SetSecurityDescriptorDacl, CloseServiceHandle, GetAclInformation, OpenProcessToken, RegConnectRegistryW, RegOpenKeyExW, GetTokenInformation, DuplicateTokenEx, GetUserNameW, GetSecurityDescriptorDacl, RegDeleteValueW, LockServiceDatabase, RegEnumKeyExW, OpenThreadToken, GetLengthSid, CreateProcessAsUserW, InitializeSecurityDescriptor, RegEnumValueW, LogonUserW, RegSetValueExW, OpenSCManagerW, InitiateSystemShutdownExW, CreateProcessWithLogonW, AddAce [[KERNEL32.dll]] GetStdHandle, GetDriveTypeW, GetConsoleOutputCP, FileTimeToSystemTime, WaitForSingleObject, GetPrivateProfileSectionNamesW, GetFileAttributesW, GetLocalTime, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, GetLocaleInfoA, UnhandledExceptionFilter, SetErrorMode, FreeEnvironmentStringsW, SetStdHandle, WideCharToMultiByte, GetStringTypeA, GetDiskFreeSpaceW, InterlockedExchange, WriteFile, GetSystemTimeAsFileTime, GlobalMemoryStatusEx, HeapReAlloc, GetStringTypeW, GetExitCodeProcess, FormatMessageW, ResumeThread, GetTimeZoneInformation, LoadResource, FindClose, InterlockedDecrement, MoveFileW, SetFileAttributesW, GetCurrentThread, GetEnvironmentVariableW, SetLastError, DeviceIoControl, TlsGetValue, CopyFileW, WriteProcessMemory, OutputDebugStringW, RemoveDirectoryW, Beep, IsDebuggerPresent, HeapAlloc, GetModuleFileNameA, LoadLibraryA, RaiseException, WritePrivateProfileSectionW, GetVolumeInformationW, LoadLibraryExW, MultiByteToWideChar, SetFilePointerEx, GetPrivateProfileStringW, GetModuleHandleA, GetFullPathNameW, CreateThread, SetEnvironmentVariableW, GetSystemDirectoryW, CreatePipe, SetUnhandledExceptionFilter, MulDiv, GetDateFormatA, ExitThread, SetEnvironmentVariableA, SetPriorityClass, TerminateProcess, WriteConsoleA, SetCurrentDirectoryW, GlobalAlloc, LocalFileTimeToFileTime, GetDiskFreeSpaceExW, SetEndOfFile, GetCurrentThreadId, InterlockedIncrement, WriteConsoleW, CreateToolhelp32Snapshot, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, TerminateThread, LoadLibraryW, GetVersionExW, SetEvent, QueryPerformanceCounter, GetTickCount, TlsAlloc, FlushFileBuffers, lstrcmpiW, RtlUnwind, FreeLibrary, GetStartupInfoA, GetProcessIoCounters, GetWindowsDirectoryW, GetFileSize, OpenProcess, GetStartupInfoW, ReadProcessMemory, CreateDirectoryW, DeleteFileW, GlobalLock, GetProcessHeap, GetTempFileNameW, GetComputerNameW, EnumResourceNamesW, CompareStringW, GetModuleFileNameW, FindNextFileW, CreateHardLinkW, FindFirstFileW, DuplicateHandle, GetProcAddress, SetVolumeLabelW, GetPrivateProfileSectionW, CreateEventW, CreateFileW, GetFileType, TlsSetValue, CreateFileA, ExitProcess, LeaveCriticalSection, GetLastError, SystemTimeToFileTime, LCMapStringW, GetShortPathNameW, VirtualAllocEx, GetSystemInfo, GlobalFree, GetConsoleCP, FindResourceW, LCMapStringA, GetEnvironmentStringsW, GlobalUnlock, Process32NextW, CreateProcessW, FileTimeToLocalFileTime, SizeofResource, GetCurrentDirectoryW, VirtualFreeEx, GetCurrentProcessId, LockResource, SetFileTime, GetCommandLineW, GetCPInfo, HeapSize, SetSystemPowerState, Process32FirstW, WritePrivateProfileStringW, QueryPerformanceFrequency, TlsFree, SetFilePointer, ReadFile, CloseHandle, GetTimeFormatA, GetACP, GetModuleHandleW, IsValidCodePage, HeapCreate, GetTempPathW, VirtualFree, Sleep, VirtualAlloc, GetOEMCP, CompareStringA [[OLEAUT32.dll]] Ord(8), Ord(37), Ord(10), Ord(24), Ord(23), Ord(77), Ord(220), Ord(39), Ord(38), Ord(185), Ord(35), Ord(162), Ord(9), Ord(41), Ord(2), Ord(418) [[SHELL32.dll]] SHGetFolderPathW, SHEmptyRecycleBinW, SHBrowseForFolderW, DragQueryFileW, SHFileOperationW, ShellExecuteW, SHGetPathFromIDListW, DragQueryPoint, ExtractIconExW, ShellExecuteExW, SHGetDesktopFolder, Shell_NotifyIconW, SHGetMalloc, DragFinish [[PSAPI.DLL]] GetProcessMemoryInfo, EnumProcesses, EnumProcessModules, GetModuleBaseNameW [[USERENV.dll]] CreateEnvironmentBlock, LoadUserProfileW, UnloadUserProfile, DestroyEnvironmentBlock [[ole32.dll]] CreateStreamOnHGlobal, CreateBindCtx, CoUninitialize, CoInitialize, CoTaskMemAlloc, StringFromCLSID, OleSetContainedObject, StringFromIID, CoCreateInstance, OleUninitialize, CoInitializeSecurity, CLSIDFromProgID, CLSIDFromString, OleSetMenuDescriptor, CoCreateInstanceEx, IIDFromString, MkParseDisplayName, CoTaskMemFree, CoSetProxyBlanket, OleInitialize [[USER32.dll]] RedrawWindow, GetForegroundWindow, UnregisterHotKey, DrawTextW, SetUserObjectSecurity, DestroyMenu, PostQuitMessage, SetWindowPos, IsWindow, EndPaint, OpenWindowStationW, WindowFromPoint, CharUpperBuffW, VkKeyScanW, SetMenuItemInfoW, SetActiveWindow, GetDC, GetCursorPos, ReleaseDC, GetMenuStringW, GetMenu, IsWindowEnabled, GetClientRect, CreateAcceleratorTableW, SetMenuDefaultItem, IsClipboardFormatAvailable, LoadImageW, CountClipboardFormats, BlockInput, GetActiveWindow, RegisterHotKey, OpenClipboard, GetWindowTextW, LockWindowUpdate, GetWindowTextLengthW, GetKeyState, PtInRect, GetParent, GetCursorInfo, AttachThreadInput, EnumWindows, GetMessageW, ShowWindow, GetCaretPos, DrawFrameControl, GetDesktopWindow, IsCharAlphaW, PeekMessageW, InsertMenuItemW, TranslateMessage, BeginPaint, SetClipboardData, GetMenuItemID, DestroyWindow, OpenDesktopW, IsZoomed, LoadStringW, DrawMenuBar, IsCharLowerW, IsIconic, TrackPopupMenuEx, DrawFocusRect, CreateMenu, IsDialogMessageW, FlashWindow, EnumThreadWindows, MonitorFromPoint, CopyRect, GetSysColorBrush, CreateWindowExW, GetWindowLongW, CharNextW, SetFocus, RegisterWindowMessageW, GetMonitorInfoW, EmptyClipboard, IsCharAlphaNumericW, DefWindowProcW, GetKeyboardLayoutNameW, KillTimer, MapVirtualKeyW, CheckMenuRadioItem, GetClipboardData, GetSystemMetrics, SetWindowLongW, GetWindowRect, InflateRect, SetCapture, ReleaseCapture, EnumChildWindows, SetProcessWindowStation, SendDlgItemMessageW, SetKeyboardState, MonitorFromRect, CreatePopupMenu, GetSubMenu, GetClassLongW, SetWindowTextW, SetTimer, GetDlgItem, SendInput, ClientToScreen, PostMessageW, CloseWindowStation, GetKeyboardState, GetMenuItemCount, IsDlgButtonChecked, DestroyAcceleratorTable, CreateIconFromResourceEx, LoadCursorW, LoadIconW, FindWindowExW, DispatchMessageW, FillRect, SetForegroundWindow, GetProcessWindowStation, ExitWindowsEx, GetMenuItemInfoW, GetAsyncKeyState, EnableWindow, CharLowerBuffW, SetLayeredWindowAttributes, EndDialog, FindWindowW, GetDlgCtrlID, ScreenToClient, MessageBeep, GetWindowThreadProcessId, MessageBoxW, SendMessageW, RegisterClassExW, SetMenu, MoveWindow, DialogBoxParamW, MessageBoxA, IsCharUpperW, GetWindowDC, AdjustWindowRectEx, mouse_event, SendMessageTimeoutW, GetSysColor, keybd_event, CopyImage, DestroyIcon, IsWindowVisible, SystemParametersInfoW, FrameRect, SetRect, DeleteMenu, InvalidateRect, GetUserObjectSecurity, GetClassNameW, CloseDesktop, IsMenu, GetFocus, wsprintfW, CloseClipboard, TranslateAcceleratorW, DefDlgProcW, SetCursor [[WSOCK32.dll]] Ord(3), Ord(1), Ord(111), Ord(115), Ord(18), Ord(11), Ord(20), Ord(17), Ord(15), Ord(52), Ord(13), Ord(151), Ord(116), Ord(4), Ord(19), Ord(2), Ord(10), Ord(57), Ord(23), Ord(21), Ord(16), Ord(9) PE Resources..................: Resource type Number of resources RT_STRING 7 RT_ICON 4 RT_GROUP_ICON 4 RT_DIALOG 1 RT_MANIFEST 1 RT_MENU 1 RT_VERSION 1 Resource language Number of resources ENGLISH UK 16 ENGLISH US 2 ENGLISH AUS 1 [hr] SHA256: a7d335cd1db264bcee139f807ecf8b0e5da34613a5dc85292c77105c0a21a781 File name: Srv.exe Detection ratio: 0 / 46 ssdeep 49152:31Bqb4ZUhQwKDdzr+DlK9jZXWsLcS3b2ZA8jRl99IFmZxqt:lM8ZwY+QJZXJLR3b2ZA8jRlfI8ct TrID Win64 Executable Generic (95.5%) Generic Win/DOS Executable (2.2%) DOS Executable Generic (2.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ExifTool CodeSize.................: 60416 SubsystemVersion.........: 5.2 InitializedDataSize......: 1560576 ImageVersion.............: 0.0 ProductName..............: ThinPoint FileVersionNumber........: 5.5.0.17 UninitializedDataSize....: 0 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x0017 CharacterSet.............: Unicode LinkerVersion............: 9.0 OriginalFilename.........: Srv.exe MIMEType.................: application/octet-stream Subsystem................: Windows GUI FileVersion..............: 5, 5, 0, 17 TimeStamp................: 2012:07:02 07:56:08+01:00 FileType.................: Win64 EXE PEType...................: PE32+ InternalName.............: Srv ProductVersion...........: 5, 5, 0, 0 FileDescription..........: ThinPoint Multisession Service OSVersion................: 5.2 FileOS...................: Win32 LegalCopyright...........: Copyright (C) 2010 Net Leverage Pty Ltd MachineType..............: AMD AMD64 CompanyName..............: Net Leverage Pty Ltd LegalTrademarks..........: NetLeverage, ThinPoint FileSubtype..............: 0 ProductVersionNumber.....: 5.5.0.0 EntryPoint...............: 0x9d9c ObjectFileType...........: Executable application Sigcheck publisher................: Net Leverage Pty Ltd product..................: ThinPoint internal name............: Srv copyright................: Copyright (C) 2010 Net Leverage Pty Ltd original name............: Srv.exe signing date.............: 6:57 AM 7/2/2012 signers..................: Net Leverage Pty. Ltd.; COMODO Code Signing CA 2; UTN-USERFirst-Object; AddTrust External CA Root file version.............: 5, 5, 0, 17 description..............: ThinPoint Multisession Service Portable Executable structural information Compilation timedatestamp.....: 2012-07-02 06:56:08 Target machine................: 0x8664 (x64) Entry point address...........: 0x00009D9C PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 60158 60416 6.28 53960f249eec764becbd508a61eb7188 .rdata 65536 22446 22528 5.06 ea639ba9e2d03b9cd7f1a59d85ea35d4 .data 90112 20896 7680 3.74 48b91fa8cf585402c48ac310dbde84dc .pdata 114688 2616 3072 4.34 0954e3daaa75f911c826e1f3f009e837 .rsrc 118784 1523856 1524224 8.00 32090f3bfea022b7c1eb1cf093be155e .reloc 1646592 2628 3072 0.76 cd96e6e9f86dfce4f9514300e5ba470c PE Imports....................: [[KERNEL32.dll]] GetStdHandle, WaitForSingleObject, EncodePointer, FlsGetValue, GetFileAttributesW, FreeEnvironmentStringsA, DisconnectNamedPipe, GetCurrentProcess, GetLocaleInfoA, LocalAlloc, FreeEnvironmentStringsW, GetCPInfo, GetStringTypeA, WriteFile, GetSystemTimeAsFileTime, HeapReAlloc, GetStringTypeW, SetEvent, LocalFree, ConnectNamedPipe, LoadResource, MoveFileW, GetEnvironmentVariableW, SetLastError, GetModuleFileNameW, IsDebuggerPresent, ExitProcess, FlushFileBuffers, GetModuleFileNameA, HeapSetInformation, RtlVirtualUnwind, UnhandledExceptionFilter, MultiByteToWideChar, RegisterWaitForSingleObject, CreateThread, DeleteCriticalSection, SetNamedPipeHandleState, SetUnhandledExceptionFilter, DecodePointer, TerminateProcess, GetCurrentThreadId, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, LoadLibraryW, GetVersionExW, FreeLibrary, QueryPerformanceCounter, GetTickCount, FlsSetValue, LoadLibraryA, GetStartupInfoA, GetEnvironmentStrings, GetFileSize, CreateDirectoryW, DeleteFileW, GetProcAddress, WaitNamedPipeW, ExpandEnvironmentStringsW, RtlLookupFunctionEntry, RtlUnwindEx, CreateEventW, CreateFileW, GetFileType, HeapAlloc, LeaveCriticalSection, GetNativeSystemInfo, GetLastError, LCMapStringW, CreateNamedPipeW, FindResourceW, LCMapStringA, GetEnvironmentStringsW, SizeofResource, GetCurrentProcessId, LockResource, WideCharToMultiByte, HeapSize, FlsAlloc, GetCommandLineA, FlsFree, ReadFile, RtlCaptureContext, CloseHandle, GetACP, GetModuleHandleW, GetLongPathNameW, IsValidCodePage, HeapCreate, GetTempPathW, Sleep, GetOEMCP [[WTSAPI32.dll]] WTSSendMessageW, WTSFreeMemory, WTSQuerySessionInformationW, WTSLogoffSession, WTSEnumerateSessionsW, WTSDisconnectSession [[ADVAPI32.dll]] RegCreateKeyExW, RegCloseKey, RegRestoreKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegDeleteKeyW, RegQueryValueExW, SetSecurityDescriptorDacl, ConvertStringSidToSidW, OpenProcessToken, RegOpenKeyExW, SetServiceStatus, RegEnumKeyExW, SetEntriesInAclW, RegSetValueExW, FreeSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, RegisterServiceCtrlHandlerExW, RegSaveKeyExW, StartServiceCtrlDispatcherW, SetNamedSecurityInfoW [[RPCRT4.dll]] RpcMgmtSetServerStackSize [[ole32.dll]] CoInitializeEx, CoInitializeSecurity [[WS2_32.dll]] Ord(3), Ord(11), Ord(10), Ord(22), Ord(23), Ord(111), Ord(16), Ord(116), Ord(4), Ord(115), Ord(19), Ord(9) [[USER32.dll]] wsprintfA, GetSystemMetrics, wvsprintfA, wsprintfW PE Resources..................: Resource type Number of resources RT_MANIFEST 1 TPB 1 RT_VERSION 1 Resource language Number of resources ENGLISH US 3 ---- I don't know for sure that I use ThinPoint, but I do RDP quite often.[/hr] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
