× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b8637fae5a01780c7db6b7150e80a77e90e57613bcf86e1fe555115116c011ec
File name: 153ea4baf44bdf635ffef2b286e25e6da91d6040
Detection ratio: 23 / 47
Analysis date: 2013-11-19 16:00:07 UTC ( 1 year, 5 months ago )
Antivirus Result Update
AVG Win32/Cryptor 20131119
AhnLab-V3 Spyware/Win32.Zbot 20131119
AntiVir TR/Crypt.ZPACK.Gen8 20131119
Avast Win32:Morphex [Cryp] 20131119
Baidu-International Trojan.Win32.Kryptik.BPCU 20131119
BitDefender Gen:Variant.Strictor.35322 20131119
ESET-NOD32 a variant of Win32/Kryptik.BPCU 20131119
Emsisoft Gen:Variant.Strictor.35322 (B) 20131119
F-Secure Gen:Variant.Strictor.35322 20131119
Fortinet W32/ZboCheMan.A!tr 20131119
GData Gen:Variant.Strictor.35322 20131119
Kaspersky Trojan-PSW.Win32.Tepfer.scqg 20131119
Malwarebytes Spyware.Password.pony 20131119
McAfee PWSZbot-FCF!D108DB499081 20131119
McAfee-GW-Edition PWSZbot-FCF!D108DB499081 20131118
MicroWorld-eScan Gen:Variant.Strictor.35322 20131119
Microsoft PWS:Win32/Fareit.gen!J 20131119
Norman Heur.I 20131119
Panda Trj/Genetic.gen 20131119
Sophos Mal/ZboCheMan-A 20131119
TrendMicro TROJ_GEN.R0CBC0DKJ13 20131119
TrendMicro-HouseCall TROJ_GEN.R0CBC0DKJ13 20131119
VIPRE Win32.Malware!Drop 20131119
Agnitum 20131119
Antiy-AVL 20131119
Bkav 20131119
ByteHero 20131118
CAT-QuickHeal 20131119
ClamAV 20131119
Commtouch 20131119
Comodo 20131119
DrWeb 20131119
F-Prot 20131119
Ikarus 20131119
Jiangmin 20131119
K7AntiVirus 20131119
K7GW 20131119
Kingsoft 20130829
NANO-Antivirus 20131119
Rising 20131118
SUPERAntiSpyware 20131119
Symantec 20131119
TheHacker 20131119
TotalDefense 20131118
VBA32 20131119
ViRobot 20131119
nProtect 20131119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
OVNHQ3XE MWyGzPHMU 85hHOz3 tQPk V8efTdU

Publisher tL0YJNNrSP 2geDp bwbQm 4URstN
Product qnJiU
Original name 4q8jxT JHPLvF gAm3b0NHPW
Internal name KW20f4 Calg4 SyFCzt6ISp82
File version 251.14.56104.15555
Description 2UC1uVbH6q 7QcGFSu j7uGPpjd hchO DUzI EOKPr
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-09 01:35:14
Entry Point 0x00009D1C
Number of sections 4
PE sections
PE imports
SelectObject
GetStockObject
GetPaletteEntries
GetObjectW
PatBlt
GetTextExtentPoint32W
GetLastError
GetLocaleInfoW
GlobalFindAtomW
EnterCriticalSection
GetSystemInfo
lstrlenA
LoadLibraryW
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
MulDiv
DeleteCriticalSection
HeapAlloc
IsBadWritePtr
GlobalUnlock
lstrcmpiW
GlobalHandle
GetACP
HeapFree
IsBadCodePtr
GetQueuedCompletionStatus
GetCurrentProcess
SetUnhandledExceptionFilter
SetThreadPriority
GetCurrentProcessId
CreateIoCompletionPort
lstrlenW
CreateThread
MultiByteToWideChar
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileStringW
GetCurrentThread
lstrcpynW
lstrcpyW
IsBadReadPtr
ReleaseSemaphore
WideCharToMultiByte
GetProcAddress
SetFilePointer
GetDiskFreeSpaceW
ReadFile
SetEndOfFile
InterlockedExchange
CreateSemaphoreW
WriteFile
GetStartupInfoA
ResetEvent
GetSystemTimeAsFileTime
lstrcmpW
GlobalLock
GlobalAlloc
FreeLibrary
GlobalMemoryStatus
GetThreadPriority
GetModuleFileNameA
CreateEventW
InitializeCriticalSection
lstrcpyA
CreateFileW
PostQueuedCompletionStatus
VirtualFree
GetFileAttributesW
InterlockedDecrement
GetProfileIntA
GetFullPathNameW
LeaveCriticalSection
CloseHandle
GetTickCount
GetProcessHeap
GetFileSize
SetLastError
InterlockedIncrement
ICClose
ICLocate
ICDecompress
ICSendMessage
ICGetInfo
ICOpen
PerUserInit
DllGetClassObject
DllCanUnloadNow
WmiEventSourceConnect
WmiCreateObjectWithFormat
WmiEventSourceDisconnect
WmiDestroyObject
WmiIsObjectActive
WmiCommitObject
WmiCreateObject
WmiAddObjectProp
WmiSetAndCommitObject
WmiCreateObjectWithProps
NDdeIsValidAppTopicListA
NDdeGetTrustedShareW
NDdeGetShareSecurityA
NDdeIsValidAppTopicListW
NDdeIsValidShareNameA
NDdeGetErrorStringA
NDdeGetShareSecurityW
NDdeGetTrustedShareA
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemFree
StringFromGUID2
GetAsyncKeyState
DefWindowProcW
CheckRadioButton
ShowWindow
SetDlgItemInt
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
MoveWindow
IsRectEmpty
TranslateMessage
GetDlgItemInt
SetDlgItemTextW
GetDC
CreateDialogParamW
ReleaseDC
SendMessageW
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
ClientToScreen
InvalidateRect
CheckDlgButton
GetDesktopWindow
LoadCursorW
DispatchMessageW
GetWindowLongW
SetCursor
DestroyWindow
mixerGetID
mixerGetLineControlsW
mixerGetControlDetailsW
waveInOpen
CloseDriver
mixerOpen
waveInPrepareHeader
SendDriverMessage
waveInAddBuffer
mixerSetControlDetails
mixerClose
waveInClose
waveInUnprepareHeader
waveInStop
waveInStart
mixerGetLineInfoW
OpenDriver
waveInReset
waveInGetDevCapsW
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ROMANIAN NEUTRAL 1
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.8498.35455

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
108544

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
OVNHQ3XE MWyGzPHMU 85hHOz3 tQPk V8efTdU

FileVersion
251.14.56104.15555

TimeStamp
2012:02:09 02:35:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
KW20f4 Calg4 SyFCzt6ISp82

ProductVersion
41.134.53359

FileDescription
2UC1uVbH6q 7QcGFSu j7uGPpjd hchO DUzI EOKPr

OSVersion
5.1

OriginalFilename
4q8jxT JHPLvF gAm3b0NHPW

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
tL0YJNNrSP 2geDp bwbQm 4URstN

CodeSize
51712

ProductName
qnJiU

ProductVersionNumber
3.0.8498.35455

EntryPoint
0x9d1c

ObjectFileType
Executable application

File identification
MD5 d108db4990811803d7caedf4d9b3578d
SHA1 e57f017cc7f71ad9e477106fc9996910b1fff3c5
SHA256 b8637fae5a01780c7db6b7150e80a77e90e57613bcf86e1fe555115116c011ec
ssdeep
1536:bzXaLqY3aI3mDjxSZY1Shi3jyBau1Vt1BoxdReArACLNj++WKeHixhvXdUuuF/:6FaWmDlSZYYhcj49DoxuoL8+ze8tUdR

File size 100.5 KB ( 102912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-19 11:28:17 UTC ( 1 year, 5 months ago )
Last submission 2013-11-19 16:00:07 UTC ( 1 year, 5 months ago )
File names 4q8jxT JHPLvF gAm3b0NHPW
153ea4baf44bdf635ffef2b286e25e6da91d6040
e57f017cc7f71ad9e477106fc9996910b1fff3c5
KW20f4 Calg4 SyFCzt6ISp82
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!