× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1072b72debbbd5ace951c5a86dcb82f56e9124f6f445b9348126a299cb123289
File name: UtilMan
Detection ratio: 46 / 56
Analysis date: 2014-11-26 13:30:34 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.16321 20141126
Yandex TrojanSpy.Zbot!SwFGvPiEq58 20141126
AhnLab-V3 Trojan/Win32.Ransom 20141126
ALYac Trojan.GenericKDZ.16321 20141126
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141126
Avast Win32:Zbot-QOY [Trj] 20141126
AVG Win32/Karagany 20141126
Avira (no cloud) TR/Spy.ZBot.ajnmea 20141126
AVware Trojan-PWS.Win32.Zbot.aql (v) 20141121
Baidu-International Trojan.Win32.Generic.AvAp 20141126
BitDefender Trojan.GenericKDZ.16321 20141126
Bkav HW32.Packed.6C95 20141120
CMC Packed.Win32.Obfuscated.10!O 20141126
Comodo UnclassifiedMalware 20141126
Cyren W32/Trojan.YOVK-7366 20141126
DrWeb Trojan.PWS.Panda.2977 20141126
Emsisoft Trojan.GenericKDZ.16321 (B) 20141126
ESET-NOD32 Win32/Spy.Zbot.AAO 20141126
F-Secure Trojan.GenericKDZ.16321 20141126
Fortinet W32/Zbot.AAU!tr 20141126
GData Trojan.GenericKDZ.16321 20141126
Ikarus Trojan-PWS.Win32.Zbot 20141126
K7AntiVirus Riskware ( 0040eff71 ) 20141125
K7GW Riskware ( 0040eff71 ) 20141126
Kaspersky HEUR:Trojan.Win32.Generic 20141126
Kingsoft Win32.Troj.Zbot.jk.(kcloud) 20141126
Malwarebytes Trojan.FakeMS.ED 20141126
McAfee PWS-Zbot-FAKU!44C9B3D5E43C 20141126
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20141126
Microsoft PWS:Win32/Zbot.gen!CI 20141126
eScan Trojan.GenericKDZ.16321 20141126
NANO-Antivirus Trojan.Win32.Zbot.bkrbjt 20141126
Norman Kryptik.CBXG 20141126
nProtect Trojan-Spy/W32.ZBot.324608.AO 20141126
Panda Generic Malware 20141126
Qihoo-360 HEUR/Malware.QVM20.Gen 20141126
Rising PE:Trojan.Win32.Generic.144F98D4!340760788 20141126
Sophos Mal/Zbot-FG 20141126
SUPERAntiSpyware Trojan.Agent/Gen-Kryptic 20141126
Symantec Packed.Generic.459 20141126
Tencent Win32.Trojan-spy.Zbot.Pdwj 20141126
TrendMicro TROJ_SPNR.0AC513 20141126
TrendMicro-HouseCall TROJ_SPNR.0AC513 20141126
VBA32 SScope.Trojan.FakeAV.01110 20141126
VIPRE Trojan-PWS.Win32.Zbot.aql (v) 20141126
Zillya Trojan.Zbot.Win32.106960 20141124
AegisLab 20141126
ByteHero 20141126
CAT-QuickHeal 20141126
ClamAV 20141126
F-Prot 20141126
Jiangmin 20141125
TheHacker 20141124
TotalDefense 20141125
ViRobot 20141126
Zoner 20141125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name UtilMan.exe
Internal name UtilMan
File version 5.1.2600.5512 (xpsp.080413-2105)
Description UtilMan EXE
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-28 10:22:03
Entry Point 0x000019E0
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOverridePredefKey
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyW
AdjustTokenPrivileges
RegSetValueExA
LookupPrivilegeValueW
RegOpenKeyW
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExW
RegQueryValueW
DeleteObject
GetStockObject
GetObjectW
CreateFontIndirectW
HeapFree
GetStdHandle
LCMapStringW
VirtualAllocEx
GetSystemInfo
lstrcpynA
VirtualProtect
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCurrentProcessId
SetHandleCount
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
IsDBCSLeadByteEx
WideCharToMultiByte
MapViewOfFile
GetStringTypeA
GetModuleHandleA
UnmapViewOfFile
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
GetSystemTimeAsFileTime
CreateFileMappingA
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualQuery
VirtualFree
GetFileType
HeapAlloc
GetCurrentThreadId
VirtualAlloc
ShellExecuteW
SetFocus
EndDialog
MessageBoxW
SendMessageW
LoadStringW
GetActiveWindow
UnhookWindowsHookEx
wsprintfW
CharUpperW
WinHelpW
SetDlgItemTextW
SetWindowsHookExW
LoadIconW
GetDlgItem
DialogBoxParamW
EnableWindow
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
ExitWindowsEx
CallNextHookEx
_except_handler3
malloc
memmove
_wmakepath
free
setlocale
_wsplitpath
swscanf
_vsnwprintf
_wtoi
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
82944

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-2105)

TimeStamp
2013:02:28 11:22:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UtilMan

FileAccessDate
2014:11:26 14:33:59+01:00

ProductVersion
5.1.2600.5512

FileDescription
UtilMan EXE

OSVersion
4.0

FileCreateDate
2014:11:26 14:33:59+01:00

OriginalFilename
UtilMan.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
240640

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x19e0

ObjectFileType
Executable application

File identification
MD5 44c9b3d5e43c0bfa5516393f7be0dae4
SHA1 4cd6ddcb875e17762154fac24f97d16f39fbffb8
SHA256 1072b72debbbd5ace951c5a86dcb82f56e9124f6f445b9348126a299cb123289
ssdeep
6144:xRklPF8wM5lBhICKiHOGdtdYlcR7/LtRUhtBfNxKy:Lkl98HhtKavdYCRjRR

authentihash 18c639d9012942e2c7a8cb153abc8d724fe60a54dba77dba07f9f52542bb809d
imphash 16cea6c54ee7c43f590b8aa44e1eecea
File size 317.0 KB ( 324608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (73.5%)
Win32 Executable MS Visual C++ (generic) (17.0%)
Win32 Dynamic Link Library (generic) (3.5%)
Win32 Executable (generic) (2.4%)
Win16/32 Executable Delphi generic (1.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-19 08:42:42 UTC ( 4 years, 3 months ago )
Last submission 2013-03-19 08:42:42 UTC ( 4 years, 3 months ago )
File names UtilMan.exe
44c9b3d5e43c0bfa5516393f7be0dae4.4cd6ddcb875e17762154fac24f97d16f39fbffb8
UtilMan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications