× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 073ff83ad436ef98c26a4205d2b0214c22105f466eebf34218d8cecd5117f773
File name: 5A.exe
Detection ratio: 44 / 51
Analysis date: 2016-02-22 15:01:39 UTC ( 2 years, 12 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.305955 20160222
AegisLab Troj.W32.Generic!c 20160222
Yandex Worm.Ngrbot!BwmOnaojIRA 20160221
AhnLab-V3 Trojan/Win32.Agent 20160222
Antiy-AVL Worm/Win32.Ngrbot 20160222
Arcabit Trojan.Kazy.D4AB23 20160222
Avast Win32:Crypt-QHD [Trj] 20160222
AVG Crypt2.CBKJ 20160222
Avira (no cloud) TR/Crypt.XPACK.Gen7 20160222
Baidu-International Adware.Win32.iBryte.BQPB 20160221
BitDefender Gen:Variant.Kazy.305955 20160222
ByteHero Trojan.Malware.Obscu.Gen.002 20160222
CAT-QuickHeal Worm.Dorkbot.A 20160222
Comodo UnclassifiedMalware 20160222
Cyren W32/Trojan.AZBZ-9387 20160222
DrWeb BackDoor.IRC.NgrBot.42 20160222
Emsisoft Gen:Variant.Kazy.305955 (B) 20160222
ESET-NOD32 a variant of Win32/Kryptik.BQMO 20160222
F-Secure Gen:Variant.Kazy.305955 20160222
Fortinet W32/Kryptik.EXA!tr 20160222
GData Gen:Variant.Kazy.305955 20160222
Ikarus Virus.Win32.VB.CKVB 20160222
Jiangmin Worm/Ngrbot.auu 20160222
K7AntiVirus Trojan ( 0001140e1 ) 20160222
K7GW Trojan ( 0001140e1 ) 20160222
Kaspersky HEUR:Trojan.Win32.Generic 20160222
Malwarebytes Trojan.FakeAlert 20160222
McAfee Generic.tb 20160222
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20160222
Microsoft Worm:Win32/Dorkbot.I 20160222
eScan Gen:Variant.Kazy.305955 20160222
NANO-Antivirus Trojan.Win32.Ngrbot.cqsiwa 20160222
Panda Trj/Genetic.gen 20160222
Qihoo-360 HEUR/Malware.QVM20.Gen 20160222
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160222
Sophos AV Mal/Generic-S 20160222
SUPERAntiSpyware Trojan.Agent/Gen-Dorkbot 20160222
Symantec W32.IRCBot.NG 20160221
Tencent Win32.Trojan.Generic.Dygj 20160222
TheHacker Trojan/Kryptik.bqpb 20160217
TrendMicro-HouseCall TROJ_SPNR.11LB13 20160222
VBA32 Trojan.TDSS.01414 20160222
VIPRE Trojan.Win32.Sirefef.nb (v) 20160222
ViRobot Trojan.Win32.S.Agent.113152.LM[h] 20160222
Alibaba 20160222
Bkav 20160222
ClamAV 20160222
CMC 20160222
nProtect 20160222
TotalDefense 20160222
Zoner 20160222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jolevettr Corp © © 2012

Product Jolevettr INC
Original name temzypfkihx.exe
Internal name temzypfkihx
File version a 8 RC45.41013013.89c
Description Jolevettr INC
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-24 01:50:52
Entry Point 0x000038B7
Number of sections 5
PE sections
PE imports
RegCloseKey
CreatePolyPolygonRgn
GetPrivateProfileSectionNamesA
EnumUILanguagesA
GetStdHandle
VerifyVersionInfoA
GetComputerNameA
PurgeComm
HeapDestroy
LZInit
SetConsoleCursorPosition
GetLocalTime
GetTapeParameters
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
OpenFileMappingA
GetThreadContext
GetFileTime
GetTempPathA
GetThreadIOPendingFlag
WriteConsoleOutputA
lstrcpy
WriteFile
GetSystemTimeAsFileTime
GetCommandLineA
GetThreadTimes
GetDiskFreeSpaceA
GetOEMCP
TransmitCommChar
ConnectNamedPipe
GetEnvironmentVariableA
LoadResource
SetConsoleWindowInfo
FindClose
FindNextChangeNotification
GetSystemTime
OpenThread
ReadConsoleInputA
GetNamedPipeInfo
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UpdateResourceA
SetProcessWorkingSetSize
GetPriorityClass
OpenWaitableTimerA
GetSystemDefaultLCID
SetFilePointerEx
GetCalendarInfoA
FlushInstructionCache
ReadConsoleOutputCharacterA
Module32Next
ConvertDefaultLocale
GetProcessPriorityBoost
IsProcessorFeaturePresent
GetSystemTimes
MoveFileExA
GetThreadSelectorEntry
GetDiskFreeSpaceExA
WriteConsoleA
GetNumberFormatA
GetCurrentConsoleFont
Heap32Next
VirtualQueryEx
SetEndOfFile
GetVersion
SleepEx
SetThreadAffinityMask
HeapFree
GetExitCodeProcess
GetWriteWatch
GetTickCount
SetFileApisToANSI
GetCommMask
MoveFileWithProgressA
GetVersionExA
WriteConsoleOutputAttribute
GetConsoleKeyboardLayoutNameA
Process32Next
GlobalSize
SetLocalPrimaryComputerNameA
OpenProcess
GetNamedPipeHandleStateA
CreateDirectoryA
SetProcessPriorityBoost
GetWindowsDirectoryA
GetCommProperties
WriteFileGather
GetProcAddress
GetConsoleAliasesA
GetProcessHeap
GetComputerNameExA
SetConsoleCursorInfo
FindFirstFileA
GlobalFix
WaitNamedPipeA
HeapValidate
GetTimeFormatA
GetProcessWorkingSetSize
TerminateProcess
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetBinaryTypeA
LocalSize
GlobalFindAtomA
DeleteTimerQueueEx
lstrcpyn
ReadConsoleOutputAttribute
GetSystemWindowsDirectoryA
FlushConsoleInputBuffer
VirtualAllocEx
lstrlenA
GetCommModemStatus
GetConsoleCP
GetTapeStatus
GetProcessTimes
HeapCompact
GetCommTimeouts
AddConsoleAliasA
BuildCommDCBAndTimeoutsA
VirtualFreeEx
GetCurrentProcessId
ChangeTimerQueueTimer
GetProcessHeaps
HeapQueryInformation
GetCurrentDirectoryA
ClearCommBreak
EnumTimeFormatsA
GetConsoleTitleA
GetCompressedFileSizeA
CopyFileExW
SuspendThread
RegisterWaitForSingleObjectEx
SetUserGeoID
MapViewOfFile
GetFileAttributesExA
GetConsoleCursorMode
GetQueuedCompletionStatus
IsBadCodePtr
SetConsoleTitleA
CloseHandle
EnumSystemCodePagesA
UnlockFileEx
OpenEventA
HeapCreate
OpenSemaphoreA
PostQueuedCompletionStatus
WriteConsoleOutputCharacterA
GetVolumeInformationA
IsBadReadPtr
IsBadStringPtrA
ReadFileEx
GetProcessVersion
SetMailslotInfo
GetDefaultCommConfigA
CompareStringA
PdhExpandWildCardPathHW
SendNotifyMessageA
EnumWindowStationsA
SetWindowPlacement
MapDialogRect
CreateWindowStationA
SetPropA
DlgDirListComboBoxW
HideCaret
EnumWindows
GetAppCompatFlags
MoveWindow
GetMouseMovePointsEx
MessageBoxA
DestroyMenu
EnumChildWindows
DefWindowProcA
SetWindowsHookA
UnionRect
GetClipboardData
MessageBoxExA
CharToOemBuffA
GetClipboardFormatNameA
AppendMenuA
GetWindowRect
PaintMenuBar
EndPaint
GetCursorInfo
GetMonitorInfoA
CharUpperBuffA
ModifyMenuA
GetRawInputDeviceList
SetCaretBlinkTime
ScrollChildren
PeekMessageA
SetWindowLongA
SetProcessWindowStation
GetLayeredWindowAttributes
SetThreadDesktop
DestroyCaret
SetDlgItemTextA
CopyImage
GetAppCompatFlags2
DrawTextA
RemovePropA
GetWindowModuleFileNameA
ShowCaret
TranslateMessage
DlgDirSelectExA
CallMsgFilterA
GetLastActivePopup
OemKeyScan
DrawIconEx
CharLowerA
SendMessageA
GetWindowRgn
BlockInput
CharLowerBuffA
BringWindowToTop
OemToCharBuffA
IsHungAppWindow
OpenDesktopA
CharPrevExA
TrackPopupMenuEx
SendMessageTimeoutA
GetDCEx
EnumDisplaySettingsA
GetKeyboardState
ImpersonateDdeClientWindow
RealGetWindowClassA
GetMenuItemInfoA
AdjustWindowRect
AttachThreadInput
DestroyAcceleratorTable
IsCharAlphaNumericW
GetDesktopWindow
EnumClipboardFormats
GetWinStationInfo
EmptyClipboard
EnumPropsExA
RegisterClassExA
LockWindowStation
ExitWindowsEx
PtInRect
Number of PE resources by type
RT_ICON 4
Jolevettr 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
87040

ImageVersion
1.0

ProductName
Jolevettr INC

FileVersionNumber
1.0.3.69

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Jolevettr INC

CharacterSet
Unicode

LinkerVersion
7.22

FileTypeExtension
exe

OriginalFileName
temzypfkihx.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
a 8 RC45.41013013.89c

TimeStamp
2013:11:24 02:50:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
temzypfkihx

ProductVersion
1243.2867 RelC

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Jolevettr Corp 2012

MachineType
Intel 386 or later, and compatibles

CompanyName
Jolevettr Corp

CodeSize
25088

FileSubtype
0

ProductVersionNumber
3.0.101.3

EntryPoint
0x38b7

ObjectFileType
Executable application

File identification
MD5 870d08786b01951428c8a531631cff34
SHA1 53759f2f481b58ef0e256ceb89d2912fe52a638d
SHA256 073ff83ad436ef98c26a4205d2b0214c22105f466eebf34218d8cecd5117f773
ssdeep
3072:KmNKlt1yGPGykt71Gm7+M0A+nFxGG/LMfck1W1pje3uL:KyKj1ykVfGGTV1pje3Y

authentihash 822780e9d0eabca459f752c68e03a11e61762aec4e0a72ae0f3ca50f880e6958
imphash 3c3c9a0486ca4082eb54a391c1770479
File size 110.5 KB ( 113152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-06 05:39:08 UTC ( 5 years, 2 months ago )
Last submission 2014-09-22 16:01:16 UTC ( 4 years, 4 months ago )
File names file-6304135_
temzypfkihx
c731200
temzypfkihx.exe
XlyiTWdBTcCGklP.exe
6542.exe
fcc5.exe
5A.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests