× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 20d1c518af1a183dd66b0e51dde43c1f53cb3621b1ba24e53b57aa3491048d1a
File name: 20D1C518AF1A183DD66B0E51DDE43C1F53CB3621B1BA24E53B57AA3491048D1A
Detection ratio: 25 / 57
Analysis date: 2016-06-08 11:31:05 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.ZBot 20160608
Antiy-AVL Trojan/Win32.SGeneric 20160608
Avast Win32:Malware-gen 20160608
AVG Generic_r.JTO 20160608
Avira (no cloud) TR/Crypt.Xpack.pqhs 20160608
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160608
ClamAV Win.Malware.Locky-23925 20160608
DrWeb Trojan.Encoder.4752 20160608
Emsisoft Trojan.Win32.FileCoder (A) 20160608
ESET-NOD32 Win32/Filecoder.TorrentLocker.A 20160608
Fortinet W32/Locky.FGA!tr 20160608
GData Win32.Trojan-Ransom.Torrentlocker.TLNLSP 20160608
Ikarus Trojan.Win32.Filecoder 20160608
Jiangmin Backdoor.Androm.iod 20160608
K7AntiVirus Trojan ( 004e24c81 ) 20160608
K7GW Trojan ( 004e24c81 ) 20160608
Kaspersky Backdoor.Win32.Androm.jwnp 20160608
Malwarebytes Ransom.Locky 20160608
McAfee Artemis!EBBFEA2D6B9A 20160608
McAfee-GW-Edition BehavesLike.Win32.BadFile.jh 20160608
Panda Trj/RansomCrypt.E 20160607
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160608
Sophos AV Mal/Generic-S 20160608
Symantec Trojan.Gen.2 20160608
ViRobot Trojan.Win32.TorrentLocker.680448[h] 20160608
Ad-Aware 20160608
AegisLab 20160608
Alibaba 20160608
ALYac 20160608
Arcabit 20160608
AVware 20160608
Baidu-International 20160606
BitDefender 20160608
Bkav 20160608
CAT-QuickHeal 20160608
CMC 20160607
Comodo 20160608
Cyren 20160608
F-Prot 20160608
F-Secure 20160608
Kingsoft 20160608
Microsoft 20160608
eScan 20160608
NANO-Antivirus 20160608
nProtect 20160608
Rising 20160608
SUPERAntiSpyware 20160608
Tencent 20160608
TheHacker 20160607
TotalDefense 20160607
TrendMicro 20160608
TrendMicro-HouseCall 20160608
VBA32 20160608
VIPRE 20160608
Yandex 20160607
Zillya 20160607
Zoner 20160608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© 2005-2015

File version 1.0.0.1
Description IObit Un1nstall Plugin Notice
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-08 14:09:25
Entry Point 0x00075580
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteKeyA
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
AccessCheck
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExA
RegQueryValueExW
GetSecurityDescriptorLength
GetFileSecurityW
OpenProcessToken
DuplicateToken
RegOpenKeyExW
SetFileSecurityW
RegOpenKeyW
RegOpenKeyExA
RegEnumValueA
CryptReleaseContext
CryptGenRandom
RegEnumKeyExW
CryptAcquireContextW
IsTextUnicode
RegQueryInfoKeyA
MapGenericMask
RegDeleteValueW
RegSetValueExW
FreeSid
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
InitCommonControlsEx
ImageList_Destroy
CreateStatusWindowW
ImageList_AddMasked
ImageList_Create
ImageList_Remove
PropertySheetW
ImageList_ReplaceIcon
ImageList_Add
GetTextMetricsW
Polygon
TextOutW
GetWindowOrgEx
GetTextFaceAliasW
GdiArtificialDecrementDriver
CreatePen
RemoveFontResourceTracking
TextOutA
GdiGradientFill
CombineRgn
GdiPlayScript
Rectangle
GetDeviceGammaRamp
GetDeviceCaps
GetTextExtentPointI
LineTo
DeleteDC
XLATEOBJ_cGetPalette
GetMapMode
GdiStartPageEMF
StretchBlt
SetPixel
GetPixel
FONTOBJ_pifi
GetObjectW
GetTextFaceW
XFORMOBJ_iGetXform
CreateDIBSection
EnumFontFamiliesA
SetTextColor
CreatePatternBrush
ExtTextOutW
SetBkColor
CreateBitmap
MoveToEx
SetMapMode
BitBlt
UpdateICMRegKeyW
GetPolyFillMode
ScaleWindowExtEx
GdiGetLocalDC
ExtTextOutA
OffsetViewportOrgEx
GetLogColorSpaceW
CreateCompatibleDC
CreateFontW
FlattenPath
DeviceCapabilitiesExW
AnyLinkedFonts
EngLineTo
GetTextExtentPoint32W
GetCharABCWidthsFloatA
CreateSolidBrush
Polyline
DPtoLP
SelectObject
GdiDescribePixelFormat
CopyMetaFileA
PolyPolygon
DeleteObject
CreateCompatibleBitmap
GetSystemTime
GetLastError
InitializeCriticalSection
HeapFree
ExitProcess
EnterCriticalSection
LCMapStringW
ReleaseMutex
UnmapViewOfFile
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
LoadLibraryA
FreeLibrary
LCMapStringA
GetTimeFormatW
DebugBreak
SystemTimeToFileTime
GlobalUnlock
GetVersionExA
GetModuleFileNameA
lstrlenW
SystemTimeToTzSpecificLocalTime
GlobalSize
DeleteCriticalSection
GetStartupInfoA
FileTimeToLocalFileTime
SizeofResource
WriteConsoleOutputCharacterA
TzSpecificLocalTimeToSystemTime
lstrcatA
IsDBCSLeadByte
GetModuleHandleW
CreateThread
GetDateFormatW
InterlockedDecrement
MultiByteToWideChar
MapViewOfFile
SetPriorityClass
GetCommandLineA
GetProcAddress
LoadResource
GetCurrentThread
CreateFileMappingW
CompareStringW
ReleaseSemaphore
GetCPInfo
lstrcmpiA
GetStringTypeA
GetModuleHandleA
GetDiskFreeSpaceW
CreateSemaphoreW
GetTempPathW
InterlockedIncrement
CreateMutexW
ResetEvent
lstrcpynA
OpenFileMappingW
HeapReAlloc
GetStringTypeW
GlobalLock
SetThreadExecutionState
LoadLibraryExA
GetFullPathNameA
SetEvent
GetProcessAffinityMask
CreateEventW
WideCharToMultiByte
SetCurrentDirectoryW
HeapCreate
lstrcpyA
GlobalAlloc
CreateEventA
HeapDestroy
Sleep
SetThreadPriority
CloseHandle
HeapAlloc
GetCurrentThreadId
FindResourceA
VirtualAlloc
LeaveCriticalSection
ExtractAssociatedIconExW
SHChangeNotify
Shell_NotifyIconW
SHBrowseForFolderA
SHQueryRecycleBinA
Shell_NotifyIcon
DragQueryFileA
SHLoadNonloadedIconOverlayIdentifiers
ShellAboutA
SHGetIconOverlayIndexA
SHCreateDirectoryExA
ShellExecuteExW
SHEmptyRecycleBinA
SHAppBarMessage
SHLoadInProc
SHFormatDrive
SHIsFileAvailableOffline
SHGetSpecialFolderPathA
ExtractAssociatedIconW
SHGetDiskFreeSpaceExW
SHGetFolderLocation
SHAddToRecentDocs
SHGetFileInfo
ShellExecuteW
ShellExecuteA
ExtractIconExW
SHGetInstanceExplorer
SHGetDataFromIDListA
SHGetPathFromIDList
CommandLineToArgvW
StrChrW
StrRChrIW
StrCmpNW
StrRChrIA
StrStrIW
StrCmpNA
StrStrW
StrChrA
StrCmpNIA
SetFocus
GetForegroundWindow
RedrawWindow
LoadBitmapW
EnumDesktopsW
DestroyMenu
PostQuitMessage
GetWindowContextHelpId
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
ScrollWindowEx
WindowFromPoint
GetMessageTime
VkKeyScanW
SetMenuItemInfoW
GetDC
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
GetMenu
AnyPopup
GetClientRect
GetDlgItemTextW
SetScrollPos
GetThreadDesktop
LoadAcceleratorsA
LoadImageW
GetTopWindow
GetWindowTextW
RegisterClipboardFormatW
EnumClipboardFormats
GetWindowTextLengthW
GetMenuContextHelpId
DestroyWindow
GetMessageA
GetParent
UpdateWindow
GetPropW
EnumWindows
ShowWindow
GetPropA
SetPropW
GetListBoxInfo
CharToOemBuffA
IsCharAlphaW
PeekMessageW
InsertMenuItemW
SetWindowPlacement
CharUpperW
DdeKeepStringHandle
GetSystemMenu
CharToOemBuffW
TranslateMessage
IsWindowEnabled
GetWindow
GetDlgItemInt
SetClipboardData
SystemParametersInfoA
GetIconInfo
GetQueueStatus
EnumDisplayDevicesA
CharLowerA
GetWindowPlacement
LoadStringW
SetWindowLongW
DrawMenuBar
OemToCharBuffA
IsIconic
GetSubMenu
SetTimer
OemToCharA
IsDialogMessageW
FlashWindow
CharNextA
WaitForInputIdle
GetSysColorBrush
OemToCharW
CreateWindowExW
GetWindowLongW
OpenClipboard
IsChild
MapWindowPoints
RegisterWindowMessageW
EmptyClipboard
BeginPaint
DefWindowProcW
KillTimer
GetComboBoxInfo
GetClipboardData
GetSystemMetrics
EnableMenuItem
SetScrollRange
CreateDialogIndirectParamW
GetWindowRect
EnumChildWindows
CharLowerW
SendDlgItemMessageW
PostMessageW
CheckDlgButton
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
GetLastActivePopup
PtInRect
DrawIconEx
SetWindowTextW
GetDlgItem
RemovePropW
BringWindowToTop
CreateIconIndirect
ClientToScreen
TrackPopupMenu
SetWindowsHookExA
PostThreadMessageW
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
GetKeyboardLayout
LoadCursorW
LoadIconW
FindWindowExW
GetMenuItemID
SetForegroundWindow
ExitWindowsEx
PostThreadMessageA
GetMenuItemInfoW
GetCursorPos
EnableWindow
IntersectRect
EndDialog
FindWindowW
EndTask
ScreenToClient
MessageBeep
GetWindowThreadProcessId
MessageBoxW
SendMessageW
MoveWindow
DialogBoxParamW
AppendMenuW
GetWindowDC
MessageBoxIndirectW
GetSysColor
SetDlgItemTextW
GetKeyState
IsCharAlphaNumericA
DestroyIcon
IsWindowVisible
CharToOemA
SystemParametersInfoW
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
CreateIcon
IsCharUpperW
GetFocus
wsprintfW
CloseClipboard
SetCursor
GetKeyboardType
SetDlgItemInt
TranslateAcceleratorW
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
CoTaskMemFree
Number of PE resources by type
RT_BITMAP 11
RT_ICON 9
RT_RCDATA 7
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 19
CHINESE SIMPLIFIED 12
PE resources
ExifTool file metadata
CodeSize
491520

SubsystemVersion
5.0

InitializedDataSize
187904

ImageVersion
0.0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2016:06:08 15:09:25+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
IObit Un1nstall Plugin Notice

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2005-2015

MachineType
Intel 386 or later, and compatibles

CompanyName
IObit

LegalTrademarks
IObit

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x75580

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ebbfea2d6b9a807f55b0e27eb61f18fc
SHA1 8ad30ed4539332a9d5b7111ac8777f877e2be032
SHA256 20d1c518af1a183dd66b0e51dde43c1f53cb3621b1ba24e53b57aa3491048d1a
ssdeep
12288:HOe45tx6NfrwgL5USQuBPDPQ7Ui7klaHB:HOe+L6Nf8IUSQuPDI7fHB

authentihash 83ed16d49edcf90d087f8839209d27e80cba028180b4e0377de44e6ce8dc35a8
imphash eb197cd451e9b2659997fcda2fe83bc6
File size 664.5 KB ( 680448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-07 15:33:18 UTC ( 2 years, 9 months ago )
Last submission 2017-08-05 23:23:59 UTC ( 1 year, 7 months ago )
File names file.exe
file2.exe
ibizodom.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications