× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 13c32c710d2bd9dd5a4c3fd53bfa7c670debf9b9327fbe18d7717f9c28fe9eff
File name: vt-upload-S0Uso
Detection ratio: 35 / 55
Analysis date: 2014-11-17 05:53:55 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.26215 20141117
Yandex Trojan.Injector!h1XGpSU+HNw 20141116
AhnLab-V3 Trojan/Win32.Necurs 20141116
Avast Win32:GenMalicious-ANP [Trj] 20141117
AVG Inject2.BBAM 20141117
Avira (no cloud) TR/Spy.ZBot.xbbeicr 20141117
AVware Trojan.Win32.Generic!BT 20141117
Baidu-International Trojan.Win32.Zbot.aWJ 20141107
BitDefender Trojan.GenericKDZ.26215 20141117
DrWeb Trojan.DownLoader11.37237 20141117
Emsisoft Trojan.GenericKDZ.26215 (B) 20141117
ESET-NOD32 a variant of Win32/Injector.BNNU 20141117
F-Prot W32/A-ad99632f!Eldorado 20141117
F-Secure Trojan.GenericKDZ.26215 20141116
Fortinet W32/BNNU!tr 20141117
GData Trojan.GenericKDZ.26215 20141117
Ikarus Trojan-Ransom.CryptoWall 20141117
Kaspersky Trojan-Spy.Win32.Zbot.ukwj 20141117
McAfee RDN/Generic PWS.y!bbn 20141117
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20141117
eScan Trojan.GenericKDZ.26215 20141117
NANO-Antivirus Trojan.Win32.Zbot.dhoizb 20141117
Norman Suspicious_Gen4.HDTKL 20141116
nProtect Trojan.GenericKDZ.26215 20141114
Panda Trj/CI.A 20141116
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20141117
Rising PE:Trojan.Win32.Generic.1798D4D3!395891923 20141116
Sophos Mal/Agent-APO 20141117
SUPERAntiSpyware Trojan.Agent/Gen-Zusy 20141116
Symantec WS.Reputation.1 20141117
TrendMicro TSPY_ZEMOT.SMN0 20141117
TrendMicro-HouseCall TROJ_GEN.F0C2H00JO14 20141117
VBA32 Trojan.Bublik 20141114
VIPRE Trojan.Win32.Generic!BT 20141117
ViRobot Trojan.Win32.Agent.84992.JC 20141117
AegisLab 20141117
Antiy-AVL 20141117
Bkav 20141115
ByteHero 20141117
CAT-QuickHeal 20141117
ClamAV 20141117
CMC 20141114
Comodo 20141117
Cyren 20141117
Jiangmin 20141116
K7AntiVirus 20141114
K7GW 20141115
Kingsoft 20141117
Malwarebytes 20141117
Microsoft 20141117
Tencent 20141117
TheHacker 20141115
TotalDefense 20141116
Zillya 20141115
Zoner 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-01 17:21:07
Entry Point 0x00001E20
Number of sections 4
PE sections
PE imports
GetUserNameA
RegOpenKeyExW
GetUserNameW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetWindowsDirectoryW
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetCommandLineW
GetCPInfo
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetProcAddress
EncodePointer
GetProcessHeap
GetComputerNameW
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemDirectoryW
DeleteCriticalSection
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
GetDesktopWindow
IsIconic
GetForegroundWindow
LoadBitmapA
GetWindowLongW
Number of PE resources by type
RT_ICON 3
RT_MESSAGETABLE 1
RT_VXD 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:01 18:21:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
21504

LinkerVersion
1.1

FileAccessDate
2014:11:17 06:55:16+01:00

EntryPoint
0x1e20

InitializedDataSize
283648

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
1.1

FileCreateDate
2014:11:17 06:55:16+01:00

UninitializedDataSize
0

File identification
MD5 5b0d52823db30d6278eae731076ba2ea
SHA1 da1fa8b91114c08624f05de999e0ba7dfe1f8299
SHA256 13c32c710d2bd9dd5a4c3fd53bfa7c670debf9b9327fbe18d7717f9c28fe9eff
ssdeep
6144:pI52Bj6v88w/qgVXe5Gn+o9Jh9SWe5YgS/Zj26eMs2mV5b2PUqZm+m:G8BjA88w/9le5y0zShj/s2m+Ndm

authentihash 66b946ef4e98dad33a9bc6bcfe2f1aa3b145f721349a6321f4c65caeb42977a9
imphash 9011d81d05ea2bf404eb5e96503122c3
File size 299.0 KB ( 306176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-20 15:05:17 UTC ( 2 years, 8 months ago )
Last submission 2014-10-20 15:05:17 UTC ( 2 years, 8 months ago )
File names vt-upload-S0Uso
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.