× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a7adf042c11376dfcafa5a1f503bb0dcc793700bf319c7096290e96be37dc14
File name: DFDWiz.exe
Detection ratio: 58 / 62
Analysis date: 2017-04-13 04:13:14 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.63743 20170413
AegisLab Troj.Spy.W32.Zbot.lw7D 20170413
AhnLab-V3 Trojan/Win32.Zbot.R23747 20170413
ALYac Gen:Variant.Kazy.63743 20170413
Antiy-AVL Trojan[Spy]/Win32.Zbot 20170413
Arcabit Trojan.Kazy.DF8FF 20170413
Avast Win32:Karagany 20170413
AVG Generic_s.AL 20170413
Avira (no cloud) TR/Spy.ZBot.ZW.1 20170413
AVware Trojan.Win32.Reveto.Ac (v) 20170410
Baidu Win32.Adware.Kryptik.b 20170411
BitDefender Gen:Variant.Kazy.63743 20170413
Bkav W32.ZuokisL.Trojan 20170412
CAT-QuickHeal TrojanPWS.Zbot.Y 20170412
ClamAV Win.Trojan.Zbot-46396 20170412
CMC Trojan-Spy.Win32.Zbot!O 20170412
Comodo TrojWare.Win32.Kryptik.ASR 20170413
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Zbot.DQ.gen!Eldorado 20170413
DrWeb Trojan.PWS.Panda.2071 20170413
Emsisoft Gen:Variant.Kazy.63743 (B) 20170413
Endgame malicious (high confidence) 20170413
ESET-NOD32 Win32/Spy.Zbot.AAN 20170412
F-Prot W32/Zbot.DQ.gen!Eldorado 20170413
F-Secure Gen:Variant.Kazy.63743 20170413
Fortinet W32/Lockscreen.LOA!tr 20170413
GData Win32.Trojan.Zbot.N 20170413
Ikarus Win32.Zbot 20170412
Sophos ML generic.a 20170203
Jiangmin TrojanSpy.Zbot.bqip 20170412
K7AntiVirus Trojan ( 0040f02a1 ) 20170412
K7GW Trojan ( 0040f02a1 ) 20170412
Kaspersky Trojan-Spy.Win32.Zbot.drbr 20170413
Malwarebytes Trojan.Zbot.DFGen 20170412
McAfee PWS-Zbot.gen.xt 20170412
McAfee-GW-Edition PWS-Zbot.gen.xt 20170413
Microsoft PWS:Win32/Zbot.gen!AF 20170412
eScan Gen:Variant.Kazy.63743 20170413
NANO-Antivirus Trojan.Win32.Zbot.nbrgo 20170413
Palo Alto Networks (Known Signatures) generic.ml 20170413
Panda Generic Malware 20170412
Qihoo-360 Malware.Radar01.Gen 20170413
Rising Trojan.Generic (cloud:SpaS4OloeHK) 20170413
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Troj/Zbot-DHN 20170413
SUPERAntiSpyware Trojan.Agent/Gen-MultiSeg 20170413
Symantec Trojan.ADH.2 20170412
Tencent Win32.Trojan-spy.Zbot.Akoo 20170413
TheHacker Trojan/Spy.Zbot.drbr 20170412
TotalDefense Win32/Zbot.FOV 20170410
TrendMicro TROJ_GEN.F01EZDS 20170413
TrendMicro-HouseCall TROJ_GEN.F01EZDS 20170413
VBA32 BScope.Malware-Cryptor.SB.01798 20170412
VIPRE Trojan.Win32.Reveto.Ac (v) 20170412
ViRobot Trojan.Win32.Zbot.347744[h] 20170413
Webroot W32.Infostealer.Zeus 20170413
Zillya Trojan.Zbot.Win32.77993 20170411
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.drbr 20170413
Alibaba 20170413
Kingsoft 20170413
nProtect 20170413
Symantec Mobile Insight 20170413
Trustlook 20170413
WhiteArmor 20170409
Yandex 20170411
Zoner 20170413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DFDWiz.exe
Internal name DFDWiz.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Disk Diagnostic User Resolver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-19 14:20:21
Entry Point 0x00050090
Number of sections 8
PE sections
Overlays
MD5 fc92cbc95d14939db448f570e145c828
File type data
Offset 346624
Size 1120
Entropy 7.07
PE imports
RegOpenKeyExA
CreateFileA
VirtualAllocEx
lstrcatA
GetWindowsDirectoryA
SetFocus
EnumWindowStationsA
GetMessagePos
DdeAbandonTransaction
DdeAccessData
LoadBitmapW
ChangeDisplaySettingsW
BroadcastSystemMessageA
EnumDesktopsW
EnumWindowStationsW
SetSystemCursor
GetGuiResources
OpenInputDesktop
WINNLSGetIMEHotkey
DdeImpersonateClient
DdeDisconnect
DdeCreateStringHandleA
DlgDirSelectComboBoxExA
SetDeskWallpaper
EndPaint
OpenWindowStationW
DdeGetData
OemToCharBuffW
RegisterShellHookWindow
GetInputDesktop
OpenWindowStationA
CreateDesktopW
GetMenuItemID
GetAsyncKeyState
MapDialogRect
GetClassInfoA
GetAltTabInfoW
SendMessageW
UnregisterClassA
SetMenuItemInfoA
UnregisterClassW
AllowSetForegroundWindow
CharLowerBuffA
PostThreadMessageW
SetThreadDesktop
InSendMessage
EnumDisplaySettingsA
LoadAcceleratorsA
CallMsgFilterA
ChangeDisplaySettingsExA
EnumDisplaySettingsExA
GetForegroundWindow
GetWindowTextW
DdeConnectList
EnumClipboardFormats
ExcludeUpdateRgn
GetWindowTextLengthW
GetTabbedTextExtentW
ScrollWindow
MapVirtualKeyExA
InvalidateRgn
CopyImage
DdeQueryStringA
DestroyWindow
DrawEdge
SendIMEMessageExA
GetUserObjectInformationW
GetCursorInfo
GetWindowModuleFileName
SetClassLongW
WindowFromDC
CheckRadioButton
GetUserObjectInformationA
GetClassInfoExA
SetClassWord
EnumPropsExW
SetWindowsHookA
DlgDirListComboBoxA
IMPGetIMEW
SetDlgItemInt
GetClipboardFormatNameA
PeekMessageW
ChangeDisplaySettingsExW
CharUpperW
GetDlgItemTextA
IsCharAlphaA
SetParent
IsWindowEnabled
GetWindow
DestroyCaret
IMPSetIMEA
EnumDisplayDevicesA
GetMenuBarInfo
InsertMenuItemA
InternalGetWindowText
EditWndProc
GetIconInfo
PaintDesktop
GetMenuItemRect
SetClipboardData
IsCharLowerA
GetSystemMetrics
IsZoomed
GetWindowPlacement
LoadStringW
CloseWindow
EnumPropsExA
SendMessageCallbackW
IsHungAppWindow
EnableMenuItem
InvertRect
GetMenuItemCount
TabbedTextOutA
GetSubMenu
EnumPropsA
GetDCEx
OemToCharA
IsDialogMessageW
FlashWindow
EnumThreadWindows
CreateAcceleratorTableW
WaitForInputIdle
DeferWindowPos
OemToCharW
ToUnicode
GetWindowLongW
GetUpdateRect
GetMenuItemInfoW
IMPQueryIMEW
CharPrevA
MapVirtualKeyA
GetOpenClipboardWindow
SwitchDesktop
BeginPaint
OffsetRect
DefMDIChildProcW
GetScrollPos
keybd_event
ClipCursor
CharPrevW
DefMDIChildProcA
IsCharLowerW
SetClipboardViewer
SetDebugErrorLevel
CharLowerA
SetWindowLongW
SetScrollRange
GetWindowRect
InSendMessageEx
RegisterClassA
UpdateWindow
DdeAddData
WINNLSGetEnableStatus
RegisterDeviceNotificationW
UnpackDDElParam
InvalidateRect
DdeCreateStringHandleW
WINNLSEnableIME
WaitMessage
CheckMenuItem
GetClassLongW
CallMsgFilter
GetLastActivePopup
MenuItemFromPoint
GetDlgItem
RemovePropW
SetDlgItemTextW
FindWindowW
ClientToScreen
CloseWindowStation
IsCharUpperA
LoadIconA
CountClipboardFormats
DestroyMenu
DdeFreeStringHandle
TileChildWindows
GetMenuState
CreateIconFromResource
GetNextDlgTabItem
GetSystemMenu
InsertMenuW
PostThreadMessageA
GetMenuStringW
GetCaretBlinkTime
ChildWindowFromPointEx
GetWindowTextA
DdeQueryConvInfo
SetCapture
VkKeyScanExW
CreateIconIndirect
RemovePropA
GetShellWindow
DdeEnableCallback
DrawTextExA
GetClipCursor
FreeDDElParam
HiliteMenuItem
AppendMenuA
GetKBCodePage
LookupIconIdFromDirectory
DdeSetUserHandle
LoadKeyboardLayoutW
CascadeWindows
CascadeChildWindows
LookupIconIdFromDirectoryEx
SetUserObjectInformationW
LoadKeyboardLayoutA
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
SystemParametersInfoA
UpdateLayeredWindow
GetProcessDefaultLayout
GetWindowModuleFileNameA
DestroyIcon
RealGetWindowClassW
GetKeyNameTextA
WinHelpW
SetDoubleClickTime
DdeNameService
SetCursorPos
IsCharAlphaNumericW
FrameRect
CharNextW
GetKeyNameTextW
GetUserObjectSecurity
CallWindowProcW
ChangeMenuA
ImpersonateDdeClientWindow
AdjustWindowRect
GetClassNameA
wsprintfW
GetTitleBarInfo
GetDlgItemTextW
DefDlgProcW
ReplyMessage
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
15872

EntryPoint
0x50090

OriginalFileName
DFDWiz.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2012:04:19 15:20:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DFDWiz.exe

ProductVersion
6.1.7600.16385

FileDescription
Windows Disk Diagnostic User Resolver

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
330240

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e4a27c8ebf6771d344aad289b7837f00
SHA1 a18a7c4da86b453c21975e9d1618b5988634db4c
SHA256 0a7adf042c11376dfcafa5a1f503bb0dcc793700bf319c7096290e96be37dc14
ssdeep
6144:dMQ7fIodGQLLi3eGFT31wGLzCLPaqN3PeHY7r3jE:dMEfIoEQXi3eGPwm6jeHYY

authentihash 710c65a3dfed7e41877eab92a205c14d15de5b0388b9cec4df7ec82d03fa6eac
imphash 0c7af1ad81c91067b203a7e8a59b8510
File size 339.6 KB ( 347744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-04-22 15:51:12 UTC ( 6 years, 7 months ago )
Last submission 2017-04-13 04:13:14 UTC ( 1 year, 8 months ago )
File names DFDWiz.exe
E4A27C8EBF6771D344AAD289B7837F00.bin
e4a27c8ebf6771d344aad289b78
Im' a virus :)
e4a27c8ebf6771d344aad289b7837f00
Threat.Vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!