× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05a9906645f4d7bb0e123a2354dd256aa55059e0598dc5d208280951f0a7bec5
File name: isheriff_edf60dbab865c70ad149f09c190a0f71.bin
Detection ratio: 43 / 57
Analysis date: 2016-06-12 19:21:54 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.376503 20160612
AegisLab Troj.Spy.W32.Zbot.rvba!c 20160612
AhnLab-V3 Malware/Win32.Generic 20160612
ALYac Gen:Variant.Kazy.376503 20160610
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160612
Arcabit Trojan.Kazy.D5BEB7 20160612
Avast Sf:Crypt-EJ [Trj] 20160612
AVG Win32/Cryptor 20160612
Avira (no cloud) TR/Crypt.ZPACK.Gen8 20160612
AVware Trojan.Win32.Generic!BT 20160612
Baidu-International Trojan.Win32.Zbot.vbno 20160606
BitDefender Gen:Variant.Kazy.376503 20160612
Bkav HW32.Packed.1EFA 20160611
CAT-QuickHeal Trojan.Generic.B4 20160611
Comodo TrojWare.Win32.Kryptik.BWLS 20160612
Cyren W32/Trojan.HLNL-0989 20160612
DrWeb Trojan.PWS.Panda.2977 20160612
Emsisoft Gen:Variant.Kazy.376503 (B) 20160612
ESET-NOD32 Win32/Spy.Zbot.AAO 20160612
F-Secure Gen:Variant.Kazy.376503 20160612
Fortinet W32/Zbot.BYFZ!tr 20160612
GData Gen:Variant.Kazy.376503 20160612
Ikarus Trojan-PWS.Win32.Zbot 20160612
Jiangmin TrojanSpy.Zbot.edrp 20160612
K7AntiVirus Spyware ( 0029a43a1 ) 20160612
K7GW Spyware ( 0029a43a1 ) 20160612
Kaspersky HEUR:Trojan.Win32.Generic 20160612
Malwarebytes Spyware.ZeuS 20160612
McAfee Generic-FAWS!EDF60DBAB865 20160612
McAfee-GW-Edition BehavesLike.Win32.Shared.dc 20160612
Microsoft VirTool:Win32/Injector.GE 20160612
eScan Gen:Variant.Kazy.376503 20160612
NANO-Antivirus Trojan.Win32.Zbot.cvrsjx 20160612
nProtect Trojan-Spy/W32.ZBot.244736.AG 20160610
Panda Trj/Genetic.gen 20160612
Qihoo-360 Win32/Trojan.BO.880 20160612
Sophos Mal/Generic-S 20160612
Symantec Suspicious.Cloud.7.L 20160612
Tencent Win32.Trojan-spy.Zbot.Apwo 20160612
TrendMicro TROJ_GEN.R026C0CCI16 20160612
VBA32 TrojanSpy.Zbot 20160611
VIPRE Trojan.Win32.Generic!BT 20160612
Yandex TrojanSpy.Zbot!CvKo2ddj8Xc 20160612
Alibaba 20160612
Baidu 20160612
ClamAV 20160612
CMC 20160607
F-Prot 20160612
Kingsoft 20160612
Rising 20160612
SUPERAntiSpyware 20160611
TheHacker 20160612
TotalDefense 20160612
TrendMicro-HouseCall 20160612
ViRobot 20160612
Zillya 20160612
Zoner 20160612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 ABHSoft Group

Product XSLT Framework Schema Tool
Original name xsltframesctool
Internal name XSLT frametool
File version 3.6.0.3
Description XSLT Framework Schema Tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-16 12:48:37
Entry Point 0x000042B4
Number of sections 5
PE sections
PE imports
RegEnumKeyExA
CryptAcquireContextA
InitCommonControlsEx
ImageList_LoadImageA
ImageList_DragLeave
ImageList_Create
ImageList_EndDrag
ImageList_ReplaceIcon
ImageList_Add
FindTextW
GetSaveFileNameW
GetFileTitleW
CreateEllipticRgn
SetBkMode
BitBlt
GetStockObject
CreateSolidBrush
SelectObject
CreateCompatibleDC
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
DecodePointer
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
GetFileSize
SetLastError
LeaveCriticalSection
WNetGetConnectionA
SysAllocString
SHGetFileInfoA
SHGetFolderLocation
ExtractIconExA
Ord(155)
RegisterWindowMessageW
GetParent
UpdateWindow
EndDialog
LoadBitmapW
EnumWindows
ShowWindow
SetClassLongA
FillRect
LoadBitmapA
GetClipboardData
GetSystemMetrics
IsWindow
DrawEdge
EndPaint
LoadCursorFromFileA
AppendMenuW
SendDlgItemMessageW
GetWindow
MapDialogRect
BeginPaint
SendMessageA
GetClientRect
EnableMenuItem
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
GetMenuItemInfoA
LoadImageA
CreateWindowExW
ReleaseDC
GetMenuStringA
CloseClipboard
PtInRect
OpenClipboard
GdiplusShutdown
GdiplusStartup
Number of PE resources by type
RT_STRING 2
RT_BITMAP 2
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.6.0.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
210944

EntryPoint
0x42b4

OriginalFileName
xsltframesctool

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 ABHSoft Group

FileVersion
3.6.0.3

TimeStamp
2014:03:16 13:48:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XSLT frametool

ProductVersion
2.6.0.4

FileDescription
XSLT Framework Schema Tool

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ABHSoft Group

CodeSize
32768

ProductName
XSLT Framework Schema Tool

ProductVersionNumber
2.6.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 edf60dbab865c70ad149f09c190a0f71
SHA1 6b0a1b4bd535dca6aebe7b63415b523d521de6ca
SHA256 05a9906645f4d7bb0e123a2354dd256aa55059e0598dc5d208280951f0a7bec5
ssdeep
6144:yuNKKJC9wXtqKLw64s5LNKjOVmiomXHE:tTCuR/4sFNKvi

authentihash 3d00210f110154fa6d4ffc8902216b3cbdc1d4a2cda9572c7d3a414d3b972f52
imphash 94aaf7bfc445a3db6048f1fd50420865
File size 239.0 KB ( 244736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-20 12:33:17 UTC ( 3 years, 3 months ago )
Last submission 2016-06-12 19:21:54 UTC ( 1 year ago )
File names isheriff_edf60dbab865c70ad149f09c190a0f71.bin
XSLT frametool
6b0a1b4bd535dca6aebe7b63415b523d521de6ca
xsltframesctool
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests