× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1023d7535ab2859c6529fe269855011bf9d4e7511ca6a95914e4cc4463044851
File name: vt-upload-Xsdkp
Detection ratio: 12 / 55
Analysis date: 2014-10-06 08:51:06 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.108022 20141006
AhnLab-V3 Trojan/Win32.Necurs 20141006
Avira (no cloud) TR/Crypt.ZPACK.105089 20141006
BitDefender Gen:Variant.Zusy.108022 20141006
Emsisoft Gen:Variant.Zusy.108022 (B) 20141006
ESET-NOD32 a variant of Win32/Kryptik.CLPA 20141006
F-Secure Gen:Variant.Zusy.108022 20141005
GData Gen:Variant.Zusy.108022 20141006
Malwarebytes Spyware.Zbot.ED 20141006
McAfee Artemis!D2F345C2841C 20141006
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20141006
eScan Gen:Variant.Zusy.108022 20141006
AegisLab 20141006
Yandex 20141005
Antiy-AVL 20141006
Avast 20141006
AVG 20141006
AVware 20141004
Baidu-International 20141006
Bkav 20141003
ByteHero 20141006
CAT-QuickHeal 20141004
ClamAV 20141004
CMC 20141004
Comodo 20141006
Cyren 20141006
DrWeb 20141004
F-Prot 20141005
Fortinet 20141006
Ikarus 20141006
Jiangmin 20141005
K7AntiVirus 20141004
K7GW 20141004
Kaspersky 20141006
Kingsoft 20141006
Microsoft 20141006
NANO-Antivirus 20141006
Norman 20141005
nProtect 20141005
Panda 20141005
Qihoo-360 20141006
Rising 20141005
Sophos AV 20141006
SUPERAntiSpyware 20141005
Symantec 20141006
Tencent 20141006
TheHacker 20141001
TotalDefense 20141005
TrendMicro 20141006
TrendMicro-HouseCall 20141006
VBA32 20141004
VIPRE 20141006
ViRobot 20141006
Zillya 20141005
Zoner 20140929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
© FreeSmartSoft Ltd., 2012-2014. All rights reserved.

Publisher FreeSmartSoft Ltd.
Product FSS Feed Creator
Original name second.exe
Internal name FSS Feed Creator
File version 2.0.2.4
Description FSS Feed Creator 2.0.2.4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-18 14:24:05
Entry Point 0x00002E84
Number of sections 4
PE sections
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
File identification
MD5 d2f345c2841cbe00cc9b5fa93d929741
SHA1 f2ef9149253d60ae2f46f85252195c5a8813e6dc
SHA256 1023d7535ab2859c6529fe269855011bf9d4e7511ca6a95914e4cc4463044851
ssdeep
6144:UqoU5YSHwAj2k+9shb5XKQe9t1V45IvZV:3oU5pHwSZ+2loJb

authentihash 348fa7a7cdf9dc61bd4924235b4dfe2cf7f2583ab4399c230501135408215a29
imphash dd727e2b7ba086ef21c71f5f295d885e
File size 241.5 KB ( 247296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-06 08:51:06 UTC ( 4 years, 5 months ago )
Last submission 2014-10-06 08:51:06 UTC ( 4 years, 5 months ago )
File names vt-upload-Xsdkp
second.exe
FSS Feed Creator
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.