× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11d8458442a13a14d888736eafc7f1567fa053c24c304a2e78607bf667dd4add
File name: ae29b84c78d64566c5d9424276e53b13
Detection ratio: 15 / 47
Analysis date: 2014-05-17 22:13:46 UTC ( 4 years, 10 months ago )
Antivirus Result Update
AntiVir TR/PSW.Zbot.Y.2239 20140517
AVG Zbot.IUB 20140517
Bkav HW32.CDB.Cb52 20140517
ESET-NOD32 a variant of Win32/Injector.BDOE 20140517
Fortinet W32/Simda.NEX!tr 20140517
Kaspersky HEUR:Trojan.Win32.Generic 20140517
Malwarebytes Spyware.Zbot.VXGen 20140517
McAfee PWSZbot-FXW!AE29B84C78D6 20140517
McAfee-GW-Edition PWSZbot-FXW!AE29B84C78D6 20140517
Microsoft PWS:Win32/Zbot.gen!Y 20140517
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140507
Sophos AV Mal/Ransom-CO 20140517
Tencent Win32.Trojan.Generic.Lnob 20140517
TrendMicro TROJ_GEN.R08NC0DEH14 20140517
TrendMicro-HouseCall TROJ_GEN.R08NC0DEH14 20140517
Ad-Aware 20140517
AegisLab 20140517
Yandex 20140517
AhnLab-V3 20140517
Antiy-AVL 20140517
Avast 20140517
Baidu-International 20140517
BitDefender 20140517
ByteHero 20140517
CAT-QuickHeal 20140517
ClamAV 20140517
CMC 20140516
Commtouch 20140517
Comodo 20140516
DrWeb 20140517
Emsisoft 20140517
F-Prot 20140516
F-Secure 20140517
GData 20140517
Ikarus 20140517
Jiangmin 20140517
K7AntiVirus 20140516
K7GW 20140516
Kingsoft 20130829
eScan 20140517
NANO-Antivirus 20140517
Norman 20140517
nProtect 20140516
Panda 20140517
Qihoo-360 20140508
SUPERAntiSpyware 20140517
Symantec 20140517
TheHacker 20140515
TotalDefense 20140517
VBA32 20140516
VIPRE 20140517
ViRobot 20140517
Zillya 20140517
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
% 1996

Publisher XueBrothers
Product Fyfef
Original name Uiudcmjjx.exe
Internal name Ceputy
File version 2, 6, 10
Description Taqakuq Nehe Gyxy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-18 01:11:32
Entry Point 0x000081DF
Number of sections 4
PE sections
PE imports
PrintDlgA
PrintDlgExW
WantArrows
FindTextA
CommDlgExtendedError
ChooseFontW
GetFileTitleA
Ssync_ANSI_UNICODE_Struct_For_WOW
GetOpenFileNameA
FindTextW
PrintDlgW
PrintDlgExA
PageSetupDlgW
GetSaveFileNameA
dwOKSubclass
CryptMsgVerifyCountersignatureEncoded
CryptSignAndEncodeCertificate
PolyPolyline
GetCharABCWidthsFloatW
Polygon
FloodFill
GetTextMetricsA
GdiStartDocEMF
GetClipBox
GetTextExtentPointI
GetMetaFileW
PaintRgn
EnumMetaFile
SetPaletteEntries
GetTextFaceW
RealizePalette
GetTextExtentPointW
GdiGetPageCount
SetMiterLimit
EnumFontFamiliesExW
GetEnhMetaFileBits
StretchBlt
CloseEnhMetaFile
GetCharWidthFloatA
GetClipRgn
PolyTextOutA
EudcUnloadLinkW
Pie
GdiGetSpoolFileHandle
RemoveFontResourceW
GetTextColor
EnumICMProfilesW
StartDocA
GetAdapterOrderMap
DefineDosDeviceW
CallNamedPipeA
SignalObjectAndWait
TlsAlloc
CreateNamedPipeA
SetDefaultCommConfigW
OpenFile
SetSystemTimeAdjustment
GetWindowsDirectoryW
FreeEnvironmentStringsW
GetFileSize
OpenProcess
DeleteFileA
GetLogicalDrives
GetFileInformationByHandle
WaitForMultipleObjects
_lread
GetPrivateProfileStringW
ReadFileScatter
MapViewOfFile
EnumDateFormatsExA
GetModuleHandleA
CreateHardLinkW
GetThreadTimes
SetThreadIdealProcessor
SetThreadExecutionState
GetThreadPriority
SetFileAttributesA
GetLongPathNameW
GetEnvironmentVariableA
CreateFileW
FindNextChangeNotification
LocalShrink
WNetGetNetworkInformationW
WNetAddConnection2A
MultinetGetConnectionPerformanceW
WNetEnumResourceA
WNetOpenEnumW
WNetDisconnectDialog1W
WNetConnectionDialog1A
WNetOpenEnumA
WNetSetLastErrorW
WNetDisconnectDialog
WNetEnumResourceW
WNetCancelConnectionW
WNetGetConnectionA
WNetGetLastErrorW
WNetConnectionDialog
WNetGetUserA
WNetCancelConnection2A
WNetGetResourceInformationA
WNetGetUniversalNameA
WNetCloseEnum
isupper
GetAcceptExSockaddrs
EnumProtocolsW
s_perror
SetServiceA
NPLoadNameSpaces
GetNameByTypeA
GetTypeByNameW
rexec
GetAddressByNameW
MigrateWinsockConfiguration
WSARecvEx
NetAuditWrite
NetSessionDel
NetReplImportDirAdd
RxNetAccessAdd
NetServerTransportAdd
NetRenameMachineInDomain
NetGetJoinInformation
RxNetAccessGetInfo
NetReplExportDirDel
DsEnumerateDomainTrustsA
NetReplExportDirEnum
NetGroupDel
NetApiBufferAllocate
RxNetAccessDel
NetScheduleJobGetInfo
NetDfsSetInfo
DsGetDcSiteCoverageW
NetErrorLogClear
DsDeregisterDnsHostRecordsW
NetMessageBufferSend
NetReplExportDirSetInfo
NetShareAdd
NetSessionEnum
NetRegisterDomainNameChangeNotification
NetServiceInstall
I_NetLogonControl
NetLocalGroupGetInfo
NetFileGetInfo
NetServerTransportAddEx
I_BrowserServerEnum
NetFileEnum
NtReplaceKey
ZwWriteVirtualMemory
RtlSetThreadPoolStartFunc
ZwFreeUserPhysicalPages
NtOpenJobObject
NtTerminateProcess
NtOpenThread
ZwContinue
NtSecureConnectPort
RtlTimeToSecondsSince1970
ZwListenPort
RtlDestroyEnvironment
ZwCreateMutant
NtQuerySystemInformation
ZwFreeVirtualMemory
RtlStringFromGUID
NtPrivilegeCheck
ZwDeleteAtom
NtSetDefaultLocale
RtlMapGenericMask
RtlCreateQueryDebugBuffer
RtlLargeIntegerShiftLeft
RtlLookupAtomInAtomTable
RtlApplyRXactNoFlush
CsrSetPriorityClass
NtFlushInstructionCache
NtOpenProcessToken
NtSetTimer
NtVdmControl
RtlSetControlSecurityDescriptor
ZwRequestPort
RtlResetRtlTranslations
OleCreateMenuDescriptor
STGMEDIUM_UserSize
StgConvertPropertyToVariant
OleTranslateAccelerator
IsValidIid
CoEnableCallCancellation
CoGetStdMarshalEx
CoGetCallerTID
IsValidPtrOut
CLIPFORMAT_UserUnmarshal
OleCreateEx
HACCEL_UserUnmarshal
OleCreateLink
OleCreateFromFile
HPALETTE_UserSize
OleDoAutoConvert
OleSave
HMETAFILEPICT_UserFree
HBRUSH_UserFree
HGLOBAL_UserUnmarshal
CoAllowSetForegroundWindow
STGMEDIUM_UserMarshal
OleConvertIStorageToOLESTREAMEx
WriteStringStream
HACCEL_UserFree
StgIsStorageFile
HENHMETAFILE_UserSize
CLSIDFromProgID
CoDosDateTimeToFileTime
CoIsHandlerConnected
OleCreateFromDataEx
WindowFromAccessibleObject
PdhUpdateLogW
PdhFormatFromRawValue
PdhUpdateLogFileCatalog
PdhGetDefaultPerfCounterA
PdhSetDefaultRealTimeDataSource
PdhGetRawCounterValue
PdhCloseQuery
PdhIsRealTimeQuery
PdhValidatePathA
PdhRemoveCounter
PdhCloseLog
PdhCalculateCounterFromRawValue
PdhSelectDataSourceA
PdhOpenQueryW
PdhVbCreateCounterPathList
PdhGetCounterTimeBase
PdhGetFormattedCounterArrayA
PdhVbGetCounterPathElements
PdhConnectMachineW
PdhVbIsGoodStatus
PdhOpenLogA
PdhVbOpenQuery
PdhGetCounterInfoA
PdhGetDefaultPerfCounterW
PdhLookupPerfNameByIndexW
PdhUpdateLogA
GetMappedFileNameW
GetModuleBaseNameA
EnumProcesses
GetModuleInformation
GetDeviceDriverFileNameW
EnumProcessModules
GetProcessMemoryInfo
EmptyWorkingSet
GetModuleFileNameExW
InitializeProcessForWsWatch
GetModuleBaseNameW
DwEnumEntryDetails
RasSetEapUserDataA
RasEnumConnectionsA
RasGetConnectStatusW
DwCloneEntry
RasValidateEntryNameA
RasEnumAutodialAddressesW
RasGetEapUserIdentityA
RasClearConnectionStatistics
RasSetEntryDialParamsA
RasSetAutodialAddressA
RasGetCredentialsW
RasEnumDevicesA
RasInvokeEapUI
RasFreeEapUserIdentityW
RasGetAutodialEnableW
RasSetEntryDialParamsW
RasEnumAutodialAddressesA
UuidFromStringW
IUnknown_Release_Proxy
I_RpcTransDatagramFree
NdrStubCall2
NdrConformantStringMarshall
I_RpcBindingIsClientLocal
RpcProtseqVectorFreeA
NdrCStdStubBuffer_Release
NdrConformantVaryingStructBufferSize
TowerExplode
NdrConformantArrayMarshall
NdrContextHandleInitialize
NdrCorrelationInitialize
RpcBindingReset
RpcServerUseProtseqA
NdrByteCountPointerUnmarshall
RpcServerInqIf
RpcMgmtInqDefaultProtectLevel
RpcAsyncInitializeHandle
NdrConformantArrayFree
NdrRpcSsDefaultAllocate
I_RpcServerUseProtseqEp2A
RpcStringBindingParseW
RpcEpUnregister
RpcServerUseAllProtseqsEx
RpcServerUseAllProtseqs
NdrConformantStructFree
RpcServerRegisterIf2
UuidCreateSequential
NdrComplexStructFree
SamCreateUserInDomain
SamAddMultipleMembersToAlias
SamQueryInformationDomain
SamTestPrivateFunctionsUser
SamAddMemberToAlias
SamDeleteAlias
SamShutdownSamServer
SamQueryInformationUser
SamGetMembersInAlias
SamQueryInformationAlias
SamQueryDisplayInformation
SamGetGroupsForUser
SamiEncryptPasswords
SamEnumerateAliasesInDomain
SamLookupDomainInSamServer
SamiSetBootKeyInformation
SamSetInformationAlias
SamOpenDomain
SamAddMemberToGroup
ScesrvTerminateServer
AddCredentialsA
StrNCatW
PathIsRootA
PathParseIconLocationW
StrCmpNIA
GetMenuPosFromID
StrFormatKBSizeW
PathCanonicalizeW
PathRemoveBackslashW
SHRegDuplicateHKey
UrlUnescapeW
ColorRGBToHLS
StrChrIW
PathMakePrettyA
PathRelativePathToW
SHCreateShellPalette
AssocQueryKeyW
SHSkipJunction
StrToIntA
StrCatBuffA
SHRegCloseUSKey
UrlCanonicalizeA
SHRegQueryInfoUSKeyW
PathUnquoteSpacesW
SHCreateThread
PathGetArgsA
PathFindFileNameA
PathMatchSpecA
StrStrW
StrRetToStrW
lineNegotiateExtVersion
lineGetRequestW
phoneGetStatusMessages
lineSetupTransferW
lineSetTerminal
lineGetAgentGroupListW
lineCreateAgentA
lineSetLineDevStatus
TAPIWndProc
phoneSetHookSwitch
phoneSetButtonInfoW
lineForwardW
phoneGetGain
MMCGetServerConfig
lineGetAppPriorityA
lineGetAgentStatusA
phoneGetMessage
phoneGetDevCapsW
lineRegisterRequestRecipient
lineGetIDA
lineReleaseUserUserInfo
lineBlindTransferW
tapiRequestMakeCallW
lineConfigProvider
phoneGetLamp
lineGetAddressStatusW
lineGetGroupListW
lineSetDevConfigW
lineRemoveFromConference
phoneOpen
lineGetDevConfigA
URLOpenStreamA
GetCursorPos
CheckMenuItem
GetAppliedGPOListW
GetAppliedGPOListA
RefreshPolicy
ExpandEnvironmentStringsForUserW
GetGPOListA
UnloadUserProfile
RegisterGPNotification
GetDefaultUserProfileDirectoryW
EnterCriticalPolicySection
GetGPOListW
GetProfilesDirectoryA
ExpandEnvironmentStringsForUserA
UnregisterGPNotification
GetAllUsersProfileDirectoryA
FreeGPOListW
GetProfileType
SetUrlCacheEntryInfoW
InternetQueryDataAvailable
mciFreeCommandResource
mciGetDriverData
midiOutGetID
tid32Message
midiOutGetErrorTextW
mmioWrite
mixerGetDevCapsW
mciLoadCommandResource
midiInGetErrorTextW
waveOutGetPosition
timeBeginPeriod
mciGetYieldProc
mmDrvInstall
mixerOpen
WOW32DriverCallback
joyGetDevCapsW
midiOutMessage
midiInReset
midiOutUnprepareHeader
waveInGetID
mixerMessage
DriverCallback
timeGetDevCaps
mmTaskSignal
mciGetDeviceIDW
joySetCapture
joyReleaseCapture
waveOutGetVolume
waveOutGetErrorTextA
mmioRenameW
AddPortW
WinStationGetProcessSid
CryptSIPVerifyIndirectData
WSALookupServiceBeginA
WSAInstallServiceClassW
WTSShutdownSystem
WTSVirtualChannelPurgeInput
WTSCloseServer
WTSSendMessageW
WTSVirtualChannelPurgeOutput
WTSQuerySessionInformationW
Number of PE resources by type
RT_BITMAP 513
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 514
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:18 01:11:32+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
9.0

FileAccessDate
2014:05:17 22:22:55+00:00

EntryPoint
0x81df

InitializedDataSize
466944

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:05:17 22:22:55+00:00

UninitializedDataSize
0

File identification
MD5 ae29b84c78d64566c5d9424276e53b13
SHA1 c86d2a1b64e20605b34a841980d7fda83e3edafd
SHA256 11d8458442a13a14d888736eafc7f1567fa053c24c304a2e78607bf667dd4add
ssdeep
6144:i+605sDUYE8euL8K1RQKulc2o1ym2cAbysDm8utbHOHa:i905shL80lulc2iym2cnD8mjOHa

imphash 7634edcd35308deaedc7a4d12fbbfadf
File size 272.5 KB ( 279040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-17 22:13:46 UTC ( 4 years, 10 months ago )
Last submission 2014-05-17 22:13:46 UTC ( 4 years, 10 months ago )
File names 11d8458442a13a14d888736eafc7f1567fa053c24c304a2e78607bf667dd4add.exe
Ceputy
Uiudcmjjx.exe
ae29b84c78d64566c5d9424276e53b13
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.