× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07144379dc115b23c262800e6f470117ed011138830d585bd63f87ae0a9d3a6f
File name: uiwrapperres.dll
Detection ratio: 38 / 55
Analysis date: 2014-12-05 04:35:04 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.11606998 20141205
Yandex TrojanSpy.Zbot!D6sCRz3uNDo 20141203
AhnLab-V3 Trojan/Win32.ZBot 20141204
ALYac Trojan.Generic.11606998 20141205
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141205
Avast Win32:Malware-gen 20141205
AVG Zbot.MIZ 20141204
Avira (no cloud) TR/Spy.ZBot.aao.478 20141205
AVware Trojan.Win32.Generic!BT 20141205
BitDefender Trojan.Generic.11606998 20141205
Bkav HW32.Packed.8F79 20141204
CAT-QuickHeal TrojanSpy.Zbot.r5 20141204
Comodo UnclassifiedMalware 20141204
Cyren W32/Trojan.IFVO-5103 20141205
ESET-NOD32 Win32/Spy.Zbot.AAO 20141205
F-Secure Trojan.Generic.11606998 20141205
Fortinet W32/Zbot.AAO!tr.spy 20141205
GData Trojan.Generic.11606998 20141205
Ikarus Trojan-Spy.Win32.Zbot 20141205
K7AntiVirus Spyware ( 0029a43a1 ) 20141204
K7GW Spyware ( 0029a43a1 ) 20141204
Kaspersky Trojan-Spy.Win32.Zbot.tsne 20141205
Kingsoft Win32.Troj.Zbot.ts.(kcloud) 20141205
Malwarebytes Trojan.FakeMS 20141205
McAfee Downloader-FAGM!5A483B85D94E 20141205
McAfee-GW-Edition BehavesLike.Win32.Worm.dc 20141205
Microsoft PWS:Win32/Zbot.gen!CI 20141205
eScan Trojan.Generic.11606998 20141205
Norman ZBot.UTYL 20141204
nProtect Trojan.Generic.11606998 20141204
Qihoo-360 HEUR/Malware.QVM20.Gen 20141205
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20141204
Sophos AV Mal/Generic-S 20141205
Symantec Trojan.Zbot 20141205
Tencent Win32.Trojan.Bp-generic.Ixrn 20141205
TrendMicro TSPY_ZBOT.YYDDB 20141205
TrendMicro-HouseCall TSPY_ZBOT.YYDDB 20141205
VIPRE Trojan.Win32.Generic!BT 20141205
AegisLab 20141205
Baidu-International 20141204
ByteHero 20141205
ClamAV 20141205
CMC 20141204
DrWeb 20141205
F-Prot 20141205
Jiangmin 20141204
NANO-Antivirus 20141205
Panda 20141204
SUPERAntiSpyware 20141205
TheHacker 20141205
TotalDefense 20141204
VBA32 20141204
ViRobot 20141204
Zillya 20141204
Zoner 20141204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Visual Studio® 2010
Original name uiwrapperres.dll
Internal name uiwrapperres.dll
File version 10.0.30319.1 built by: RTMRel
Description UI Wrapper Resource DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-06 03:33:54
Entry Point 0x00005B00
Number of sections 5
PE sections
PE imports
BuildCommDCBA
GetLastError
ReplaceFileA
PeekNamedPipe
GetPrivateProfileSectionNamesA
GetExitCodeProcess
GetVolumePathNameW
GetTickCount
GetVolumePathNameA
CreateMailslotA
LocalAlloc
WriteProcessMemory
OpenProcess
GetCompressedFileSizeW
MapUserPhysicalPages
CancelIo
GlobalDeleteAtom
SetCriticalSectionSpinCount
GetNumberOfConsoleMouseButtons
LocalFree
MoveFileA
IsBadHugeWritePtr
InitializeCriticalSection
GetDefaultCommConfigA
GetNumberFormatW
RegisterWindowMessageW
PeekMessageW
DrawAnimatedRects
GetUserObjectInformationW
EmptyClipboard
SetPropA
SetUserObjectSecurity
EnumWindowStationsW
GetPropA
GetClipboardData
GetClassNameA
wvsprintfW
GetSysColorBrush
SendMessageW
InflateRect
InsertMenuItemW
ReleaseCapture
EnumChildWindows
OemToCharBuffW
OemToCharW
RegisterShellHookWindow
mouse_event
SetThreadDesktop
GetMenuDefaultItem
DrawCaption
DefFrameProcA
GetMenu
GetAltTabInfoA
GetLastActivePopup
IsCharLowerA
SendMessageA
IsIconic
SetRect
CharPrevExA
GetClassNameW
SetDoubleClickTime
ChangeMenuA
GetSystemMenu
SetWindowsHookExA
ValidateRect
DispatchMessageA
EnumDisplaySettingsW
EnumPropsW
LoadAcceleratorsW
ScrollWindow
GetUpdateRect
PtInRect
PdhBrowseCountersA
PdhReadRawLogRecord
PdhUpdateLogA
PdhEnumMachinesW
PdhValidatePathA
PdhLookupPerfIndexByNameA
PdhAddCounterW
PdhParseCounterPathW
PdhGetDataSourceTimeRangeA
PdhComputeCounterStatistics
PdhCollectQueryData
PdhMakeCounterPathW
PdhGetDefaultPerfObjectW
PdhGetDataSourceTimeRangeW
PdhGetCounterTimeBase
PdhGetDefaultPerfObjectA
PdhConnectMachineW
PdhMakeCounterPathA
PdhEnumObjectItemsA
PdhGetCounterInfoW
PdhLookupPerfNameByIndexA
PdhParseInstanceNameA
PdhOpenLogW
PdhExpandCounterPathA
PdhEnumObjectsW
Number of PE resources by type
RT_DIALOG 12
RT_ICON 10
RT_GROUP_ICON 6
RT_GROUP_CURSOR 1
RT_MESSAGETABLE 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
CHINESE TRADITIONAL 32
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.30319.1

UninitializedDataSize
0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
77824

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
(C) Microsoft Corporation. All rights reserved.

FileVersion
10.0.30319.1 built by: RTMRel

TimeStamp
2014:08:06 04:33:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
uiwrapperres.dll

FileAccessDate
2014:12:05 05:35:10+01:00

ProductVersion
10.0.30319.1

FileDescription
UI Wrapper Resource DLL

OSVersion
4.0

FileCreateDate
2014:12:05 05:35:10+01:00

OriginalFilename
uiwrapperres.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
143360

ProductName
Microsoft Visual Studio 2010

ProductVersionNumber
10.0.30319.1

EntryPoint
0x5b00

ObjectFileType
Dynamic link library

File identification
MD5 5a483b85d94e6f31946ec7fca918d726
SHA1 026815f50f6aa1a715aeea97160338790fd057bf
SHA256 07144379dc115b23c262800e6f470117ed011138830d585bd63f87ae0a9d3a6f
ssdeep
6144:2CZDAryM0BIMby1J8OX5bCDMFKC4Xb9pfy6m:RsB0B9+JpJ+MWL9xy9

authentihash 251288215cc9e03fb56994f17f4f9a7af58bf616bbffb9a56e9de8bd1d9feddb
imphash fc489ef1a2d25b76c6b9c8da6c389cb3
File size 245.0 KB ( 250880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-10 08:03:50 UTC ( 4 years, 3 months ago )
Last submission 2014-08-10 08:03:50 UTC ( 4 years, 3 months ago )
File names vt-upload-90Vd7
uiwrapperres.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests