× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10eceacc86e61788ade2be2a683d489825fc59d5f283faa0d5ae2866a1ed9d16
File name: vt-upload-cxYo5
Detection ratio: 29 / 49
Analysis date: 2014-03-17 20:39:07 UTC ( 4 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Dropper.WJE 20140317
AhnLab-V3 Spyware/Win32.Zbot 20140317
AntiVir TR/Crypt.Xpack.60876 20140317
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140317
Avast Win32:Downloader-VAQ [Trj] 20140317
AVG Inject2.VBY 20140316
BitDefender Trojan.Dropper.WJE 20140317
Bkav W32.DownloadZbot.Trojan 20140317
DrWeb Trojan.PWS.Panda.2982 20140317
Emsisoft Trojan.Dropper.WJE (B) 20140317
ESET-NOD32 a variant of Win32/Injector.AZFB 20140317
F-Secure Trojan.Dropper.WJE 20140316
Fortinet W32/Zbot.RRLJ!tr 20140316
GData Trojan.Dropper.WJE 20140317
Jiangmin TrojanSpy.Zbot.hcfb 20140317
Kaspersky Trojan-Spy.Win32.Zbot.rrlj 20140317
Kingsoft Win32.Troj.Undef.(kcloud) 20140317
Malwarebytes Trojan.Inject.ED 20140317
McAfee Downloader-FYH!B8CC13B084EE 20140317
McAfee-GW-Edition Downloader-FYH!B8CC13B084EE 20140317
Microsoft VirTool:Win32/CeeInject.gen!KK 20140317
eScan Trojan.Dropper.WJE 20140317
nProtect Trojan.Dropper.WJE 20140317
Panda Trj/dtcontx.K 20140317
Rising PE:Malware.Obscure/Heur!1.9E03 20140317
Sophos AV Mal/Generic-S 20140317
TrendMicro-HouseCall TROJ_GEN.R021B01CG14 20140317
VBA32 TrojanSpy.Zbot.rqui 20140317
VIPRE Trojan.Win32.Generic!BT 20140317
Yandex 20140317
Baidu-International 20140317
ByteHero 20140317
CAT-QuickHeal 20140317
ClamAV 20140317
CMC 20140313
Commtouch 20140317
Comodo 20140317
F-Prot 20140317
Ikarus 20140317
K7AntiVirus 20140314
K7GW 20140317
NANO-Antivirus 20140317
Norman 20140317
Qihoo-360 20140302
SUPERAntiSpyware 20140315
Symantec 20140317
TheHacker 20140314
TotalDefense 20140317
TrendMicro 20140317
ViRobot 20140317
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-28 16:17:11
Entry Point 0x0000B512
Number of sections 4
PE sections
PE imports
GetLengthSid
RegCreateKeyExA
RegDeleteKeyW
GetDeviceCaps
CreatePen
GetStockObject
StretchBlt
TextOutA
CreateSolidBrush
SetPixelV
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
GetSystemTimeAdjustment
GetStartupInfoA
GlobalMemoryStatus
GetLocaleInfoA
GetModuleHandleA
HeapCreate
GlobalFree
FindFirstFileA
FindClose
WaitForSingleObject
GetSystemTimeAsFileTime
FindNextFileA
GetModuleFileNameA
VirtualAlloc
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(4635)
Ord(1641)
Ord(3136)
Ord(6383)
Ord(665)
Ord(5440)
Ord(6375)
Ord(2515)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(2864)
Ord(2985)
Ord(1979)
Ord(4852)
Ord(815)
Ord(641)
Ord(5788)
Ord(1175)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4750)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(4627)
Ord(1168)
Ord(4716)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(5442)
Ord(5067)
Ord(4375)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(4229)
Ord(1727)
Ord(823)
Ord(5785)
Ord(2107)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(6385)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(1834)
Ord(3262)
Ord(5241)
Ord(1576)
Ord(3573)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(858)
Ord(3693)
Ord(2396)
Ord(4608)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(4297)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(2405)
Ord(4607)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(3571)
Ord(6394)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5261)
Ord(355)
Ord(1640)
Ord(4133)
Ord(5016)
Ord(2841)
Ord(924)
Ord(4486)
Ord(4698)
Ord(613)
Ord(5163)
Ord(3452)
Ord(4834)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
Ord(3318)
__p__fmode
__CxxFrameHandler
_ftol
memset
strcat
__dllonexit
_controlfp
fopen
_except_handler3
sqrt
_onexit
exit
_XcptFilter
__setusermatherr
_adjust_fdiv
_acmdln
__p__commode
__getmainargs
_exit
_setmbcp
exp
_initterm
acos
__set_app_type
DrawDibClose
DrawDibOpen
DrawDibRealize
DrawDibDraw
SendDlgItemMessageA
GetSystemMetrics
IsIconic
LoadCursorA
AppendMenuA
LoadIconA
EnableWindow
DrawIcon
MoveWindow
SendMessageA
GetClientRect
GetSystemMenu
GetDlgItem
CheckMenuItem
SetCursor
SetWindowTextA
DestroyCaret
FrameRect
GetDC
WindowFromDC
Number of PE resources by type
RT_DIALOG 3
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 4
CHINESE *unknown* 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
16384

ImageVersion
0.0

ProductName
FaceDetect

FileVersionNumber
1.0.0.1

LanguageCode
German (Austrian)

FileFlagsMask
0x003f

FileDescription
FaceDetect Microsoft

CharacterSet
Windows, Latin1

LinkerVersion
6.0

OriginalFilename
FaceDetect.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2014:02:28 17:17:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FaceDetect

FileAccessDate
2014:03:17 21:38:24+01:00

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:03:17 21:38:24+01:00

FileOS
Win32

LegalCopyright
(C) 2002

MachineType
Intel 386 or later, and compatibles

CodeSize
45056

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0xb512

ObjectFileType
Executable application

File identification
MD5 b8cc13b084eed0e1023fc8d3bae3e0dc
SHA1 edc7155e15610a29b458efe1bca41d431a49f072
SHA256 10eceacc86e61788ade2be2a683d489825fc59d5f283faa0d5ae2866a1ed9d16
ssdeep
6144:Ka2Cc254ipSXJgFBFgZZtpvxSoaEQJ6KjVtJ8sZmWMt0Ux4QMSPpGT414G:Ka+0ppS5l53xQJFJ1QtdQ4t

imphash 45ed9d1704fe9d55ead3c61bb8ecf9cd
File size 331.9 KB ( 339816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-17 20:39:07 UTC ( 4 years, 11 months ago )
Last submission 2014-03-17 20:39:07 UTC ( 4 years, 11 months ago )
File names vt-upload-cxYo5
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.