× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 16ef38805614d2a591c5829da0a393bd8659d528e986e1f3cb95865a763d121e
File name: vt-upload-hM5G3
Detection ratio: 28 / 53
Analysis date: 2014-07-17 17:11:17 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.416325 20140717
AhnLab-V3 Trojan/Win32.Agent 20140717
AntiVir TR/Crypt.EPACK.22099 20140717
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140717
Avast Win32:Malware-gen 20140717
AVG Crypt3.AEVB 20140717
Baidu-International Trojan.Win32.Kryptik.BCERZ 20140717
BitDefender Gen:Variant.Kazy.416325 20140717
Emsisoft Gen:Variant.Kazy.416325 (B) 20140717
ESET-NOD32 a variant of Win32/Kryptik.CERZ 20140717
F-Secure Gen:Variant.Kazy.416325 20140717
Fortinet W32/Zbot.CERZ!tr 20140717
GData Gen:Variant.Kazy.416325 20140717
Ikarus Trojan-Spy.Win32.Zbot 20140717
K7AntiVirus Trojan ( 0049bdb81 ) 20140717
K7GW Trojan ( 0049bdb81 ) 20140717
Kaspersky Trojan-Spy.Win32.Zbot.tngz 20140717
Malwarebytes Trojan.Banker 20140717
McAfee Artemis!00B653A52ECE 20140717
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J 20140717
Microsoft PWS:Win32/Zbot 20140717
eScan Gen:Variant.Kazy.416325 20140717
Panda Trj/CI.A 20140717
Symantec Trojan.Gen.SMH 20140717
Tencent Win32.Trojan-spy.Zbot.Eeo 20140717
TrendMicro TROJ_GEN.R0CBC0DGG14 20140717
TrendMicro-HouseCall TROJ_GEN.R0CBC0DGG14 20140717
VIPRE Trojan.Win32.Generic!BT 20140717
AegisLab 20140717
Yandex 20140716
Bkav 20140717
ByteHero 20140717
CAT-QuickHeal 20140717
ClamAV 20140717
CMC 20140717
Commtouch 20140717
Comodo 20140717
DrWeb 20140717
F-Prot 20140717
Jiangmin 20140717
Kingsoft 20140717
NANO-Antivirus 20140717
Norman 20140717
nProtect 20140717
Qihoo-360 20140717
Rising 20140717
SUPERAntiSpyware 20140717
TheHacker 20140717
TotalDefense 20140717
VBA32 20140717
ViRobot 20140717
Zillya 20140716
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-03-24 10:09:32
Entry Point 0x00001000
Number of sections 8
PE sections
PE imports
PaintRgn
SetPolyFillMode
ScaleViewportExtEx
GdiGetPageCount
FrameRgn
PatBlt
CopyEnhMetaFileW
GetICMProfileA
GetWorldTransform
GdiGetDC
ResizePalette
AddFontResourceA
CreateRectRgnIndirect
ColorMatchToTarget
SetBkColor
AnimatePalette
GetDCOrgEx
GetCharWidth32A
GetFontAssocStatus
SetSystemPaletteUse
CreateMetaFileW
CallNamedPipeW
GlobalGetAtomNameW
Toolhelp32ReadProcessMemory
GetSystemInfo
lstrcmpiA
GetProfileSectionW
GetDriveTypeA
GetThreadLocale
GetSystemDefaultLCID
VirtualProtect
EndUpdateResourceA
GetLocalTime
CreatePipe
GetCurrentProcessId
EnumSystemLocalesW
ClearCommBreak
SetThreadExecutionState
ReadProcessMemory
GetProcessHeap
AssignProcessToJobObject
CreateDirectoryExW
LocalFlags
GetQueuedCompletionStatus
SetNamedPipeHandleState
GlobalAddAtomA
MulDiv
GetStringTypeExA
GetCommConfig
PrepareTape
GetBinaryTypeA
GetProcessAffinityMask
GetEnvironmentVariableA
AllocConsole
Sleep
LocalShrink
GetCurrentThreadId
FindWindowA
GetWindowTextLengthA
GetDlgCtrlID
GetClipboardFormatNameA
ChangeMenuA
GetKeyboardLayout
GetActiveWindow
PostQuitMessage
HideCaret
IsWindowVisible
GetCapture
mouse_event
GetShellWindow
GetMessagePos
SetMenuItemInfoW
IsChild
RemoveMenu
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:03:24 11:09:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
376832

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
71177

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 00b653a52ece6324ac54ab0929640011
SHA1 89abd1e618b0fd2a696d44c43337fe23f59fbd35
SHA256 16ef38805614d2a591c5829da0a393bd8659d528e986e1f3cb95865a763d121e
ssdeep
3072:knYfBqQAHhyOCdnsxEP0xvHHgm41MVj50ODFbK/o0iCcU7L7Wd5j:jfHABLx9wMVjtDpIiChH

authentihash f725f8ce4f8f9190057db64c77375deedc0186992c82975b66d7a6178568a54c
imphash 4d97a1a6a42d6d2e4c73a383f9392090
File size 438.5 KB ( 449024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-17 17:11:17 UTC ( 4 years, 8 months ago )
Last submission 2018-02-13 17:37:29 UTC ( 1 year, 1 month ago )
File names vt-upload-hM5G3
16ef38805614d2a591c5829da0a393bd8659d528e986e1f3cb95865a763d121e.exe
EIJLADP.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.