× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a5ccb9bdf4bc667aae9c07d5ca01c7fe8dfb761956d5e037b2e4f9efe8b18e7
File name: vt-upload-yhKJH
Detection ratio: 24 / 54
Analysis date: 2014-06-15 00:24:44 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.94364 20140615
AhnLab-V3 Dropper/Win32.Necurs 20140614
Avast Win32:Zbot-TYF [Trj] 20140615
BitDefender Gen:Variant.Zusy.94364 20140615
Bkav HW32.CDB.1056 20140614
DrWeb Trojan.Siggen6.19141 20140615
Emsisoft Gen:Variant.Zusy.94364 (B) 20140615
ESET-NOD32 a variant of Win32/Kryptik.CDYQ 20140614
F-Prot W32/Zbot.PM.gen!Eldorado 20140614
F-Secure Gen:Variant.Zusy.94364 20140614
Fortinet W32/Zbot.TCMT!tr 20140614
GData Gen:Variant.Zusy.94364 20140615
Kaspersky Trojan-Spy.Win32.Zbot.tcmt 20140615
Malwarebytes Trojan.Agent.ED 20140615
McAfee Artemis!ACD39C96F571 20140615
McAfee-GW-Edition Artemis!ACD39C96F571 20140614
Microsoft PWS:Win32/Zbot 20140615
eScan Gen:Variant.Zusy.94364 20140615
Panda Trj/CI.A 20140614
Rising PE:Malware.Obscure!1.9C59 20140614
Sophos AV Mal/Agent-AON 20140614
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140615
TrendMicro-HouseCall TROJ_GEN.R0C1H01F514 20140614
VIPRE Trojan.Win32.Generic!BT 20140615
AegisLab 20140615
Yandex 20140614
AntiVir 20140614
Antiy-AVL 20140611
AVG 20140614
Baidu-International 20140614
ByteHero 20140615
CAT-QuickHeal 20140614
ClamAV 20140614
CMC 20140613
Commtouch 20140615
Comodo 20140614
Ikarus 20140614
Jiangmin 20140614
K7AntiVirus 20140613
K7GW 20140613
Kingsoft 20140615
NANO-Antivirus 20140615
Norman 20140614
nProtect 20140613
Qihoo-360 20140615
SUPERAntiSpyware 20140614
Symantec 20140615
TheHacker 20140612
TotalDefense 20140614
TrendMicro 20140615
VBA32 20140613
ViRobot 20140614
Zillya 20140614
Zoner 20140613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1991 - 2003

Product scwOhVjX
Original name MmbSSrDBL.exe
File version 10,23,20,18
Description RKEvBlyNhiHcl
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-30 20:35:01
Entry Point 0x00003E17
Number of sections 4
PE sections
PE imports
IsTextUnicode
RegQueryValueExW
RegSetValueExW
FindTextW
ReplaceTextW
GetFileTitleW
ExtFloodFill
TextOutW
SetMapMode
GetTextFaceW
CreateMetaFileA
FloodFill
EndDoc
GetObjectW
SelectObject
DeleteObject
StartDocW
EndPage
LoadResource
DeviceIoControl
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetLastError
GetOEMCP
QueryPerformanceCounter
MulDiv
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
GetCommandLineW
RtlUnwind
GetModuleFileNameA
GetLocalTime
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
SizeofResource
FreeEnvironmentStringsW
LocalAlloc
LockResource
lstrlenW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetFileInformationByHandle
DeleteFileW
GetProcAddress
GetLocaleInfoW
lstrcpynW
MapViewOfFile
GetTimeFormatW
lstrcpyW
GetCPInfo
GetModuleFileNameW
TlsFree
GetModuleHandleA
HeapSetInformation
FormatMessageA
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
lstrcmpW
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
GetACP
FormatMessageW
TerminateProcess
IsValidCodePage
HeapCreate
FindResourceA
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
InterlockedIncrement
DragAcceptFiles
DragFinish
ShellAboutW
RegisterWindowMessageW
GetParent
DrawTextExW
GetInputState
GetMessageW
DefWindowProcW
PostQuitMessage
ShowWindow
SetWindowWord
GetSystemMetrics
MessageBoxW
RegisterClassExW
SetWindowPlacement
SetCapture
DialogBoxParamW
PeekMessageA
ChildWindowFromPoint
DestroyCursor
TranslateMessage
GetDlgItemTextW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
CheckMenuItem
SendMessageW
DestroyWindow
SendDlgItemMessageW
IsCharLowerA
GetWindowPlacement
GetDesktopWindow
SetScrollPos
ScreenToClient
GetSubMenu
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
IsDialogMessageW
GetWindowTextW
GetMenuState
GetKeyboardLayout
LoadCursorW
CloseClipboard
CharNextW
SetCursor
ClosePrinter
OpenPrinterW
Number of PE resources by type
RT_STRING 63
RT_RCDATA 32
RT_ACCELERATOR 6
RT_MENU 6
RT_VERSION 1
Number of PE resources by language
ENGLISH US 108
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.23.20.18

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Hebrew

InitializedDataSize
348672

EntryPoint
0x3e17

OriginalFileName
MmbSSrDBL.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1991 - 2003

FileVersion
10,23,20,18

TimeStamp
2014:05:30 21:35:01+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
10,23,20,18

FileDescription
MmbSSrDBL.exe

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SynapticosSoft, Corporation.

CodeSize
29184

ProductName
scwOhVjX

ProductVersionNumber
10.23.20.18

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 acd39c96f5712212d0ed0c2cc2e12d4a
SHA1 a797e8c21abf6c025ac8c78fff727534539b3dea
SHA256 0a5ccb9bdf4bc667aae9c07d5ca01c7fe8dfb761956d5e037b2e4f9efe8b18e7
ssdeep
3072:NQvPLx2enHfoBBahYwYJmNO6vOhbM0N7fGMsAM1d6x2SHYMm3Y3DKK:NSl26foBBahYH96vuQ0N7fGMsAMnUt3O

authentihash fa3b872d5b66f1419a3af246992be5189738036841024024dc6f1c33159ff92b
imphash 78c895cf6f9cd18abe442d23acbda6de
File size 186.5 KB ( 190976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-15 00:24:44 UTC ( 4 years, 9 months ago )
Last submission 2014-06-15 00:24:44 UTC ( 4 years, 9 months ago )
File names MmbSSrDBL.exe
vt-upload-yhKJH
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications