× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 039171a09d7bc4b8ee9ce77f8d011cfbab1e6a691e24fb388939ff9febe83472
File name: b2da7492f97e9147296c7248aaca7335
Detection ratio: 12 / 55
Analysis date: 2014-09-18 16:40:53 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.156017 20140918
Avira (no cloud) TR/Zbot.A.1174 20140918
BitDefender Gen:Variant.Graftor.156017 20140918
Emsisoft Gen:Variant.Graftor.156017 (B) 20140918
F-Secure Gen:Variant.Graftor.156017 20140918
Fortinet W32/Kryptik.FTOC!tr 20140918
GData Gen:Variant.Graftor.156017 20140918
McAfee PWSZbot-FABY!B2DA7492F97E 20140918
McAfee-GW-Edition BehavesLike.Win32.BadFile.gm 20140917
Microsoft PWS:Win32/Zbot 20140918
eScan Gen:Variant.Graftor.156017 20140918
Symantec Trojan.Gen.SMH 20140918
AegisLab 20140918
Yandex 20140918
AhnLab-V3 20140918
Antiy-AVL 20140918
Avast 20140918
AVG 20140918
AVware 20140918
Baidu-International 20140918
Bkav 20140918
ByteHero 20140918
CAT-QuickHeal 20140918
ClamAV 20140918
CMC 20140918
Comodo 20140918
Cyren 20140918
DrWeb 20140918
ESET-NOD32 20140918
F-Prot 20140918
Ikarus 20140918
Jiangmin 20140917
K7AntiVirus 20140918
K7GW 20140918
Kaspersky 20140918
Kingsoft 20140918
Malwarebytes 20140918
NANO-Antivirus 20140918
Norman 20140918
nProtect 20140918
Panda 20140918
Qihoo-360 20140918
Rising 20140918
Sophos AV 20140918
SUPERAntiSpyware 20140918
Tencent 20140918
TheHacker 20140917
TotalDefense 20140918
TrendMicro 20140918
TrendMicro-HouseCall 20140918
VBA32 20140918
VIPRE 20140918
ViRobot 20140918
Zillya 20140917
Zoner 20140916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2012

Publisher Oracle Corporation
Product Java(TM) Platform SE 7 U4
Original name ktab.exe
Internal name ktab
File version 7.0.40.20
Description Java(TM) Platform SE binary
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-17 13:16:55
Entry Point 0x00001240
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
DeleteColorSpace
CancelDC
GetTextColor
CreateSolidBrush
GdiFlush
CreateMetaFileW
GetLastError
GetVersion
GetModuleHandleA
LoadLibraryW
ExitProcess
LoadLibraryA
VirtualAlloc
GetProcAddress
wsprintfA
IsIconic
LoadIconA
EndMenu
MessageBoxA
GetSysColor
GetKeyboardType
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

FileDescription
Java(TM) Platform SE binary

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.40.20

LanguageCode
Neutral

FileFlagsMask
0x003f

FullVersion
1.7.0_04-b20

CharacterSet
Unicode

InitializedDataSize
406528

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012

FileVersion
7.0.40.20

TimeStamp
2014:09:17 14:16:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ktab

ProductVersion
7.0.40.20

SubsystemVersion
5.0

OSVersion
5.0

OriginalFilename
ktab.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Corporation

CodeSize
2560

ProductName
Java(TM) Platform SE 7 U4

ProductVersionNumber
7.0.40.20

EntryPoint
0x1240

ObjectFileType
Executable application

File identification
MD5 b2da7492f97e9147296c7248aaca7335
SHA1 265d5488b91b813a722ddc0db36a294bb60ebe8d
SHA256 039171a09d7bc4b8ee9ce77f8d011cfbab1e6a691e24fb388939ff9febe83472
ssdeep
6144:05mrK51yaxidiu2MWImFuSmEuGNfw7TwWe6cxNsS:TK5U5dilC7SmEpNf2teV

authentihash f720575e09b231111db0b49ba9dee48c05a191cd1fe513c241fa7607d9f9871b
imphash b38848c73c4591afb76e2d66c0926280
File size 400.0 KB ( 409600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-18 16:40:53 UTC ( 4 years, 6 months ago )
Last submission 2014-09-18 16:40:53 UTC ( 4 years, 6 months ago )
File names 039171a09d7bc4b8ee9ce77f8d011cfbab1e6a691e24fb388939ff9febe83472.exe
ktab.exe
ktab
039171a09d7bc4b8ee9ce77f8d011cfbab1e6a691e24fb388939ff9febe83472.exe
b2da7492f97e9147296c7248aaca7335
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.