× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 21f7b24e02622aa2c17a179014ede663e226f2384997e86398c617a99f8211f3
File name: d29535f7136c4c15bf4e1ed088f55a70
Detection ratio: 15 / 53
Analysis date: 2014-07-18 11:30:28 UTC ( 4 years, 8 months ago )
Antivirus Result Update
AntiVir TR/Crypt.Xpack.84513 20140718
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140718
Avast Win32:Malware-gen 20140718
AVG Zbot.LOD 20140718
ESET-NOD32 Win32/Spy.Zbot.YW 20140718
Fortinet W32/Zbot.TNJT!tr 20140718
Kaspersky Trojan-Spy.Win32.Zbot.tnjt 20140718
Malwarebytes Spyware.Zbot.VXGen 20140718
Microsoft PWS:Win32/Zbot 20140718
Panda Trj/CI.A 20140718
Qihoo-360 HEUR/Malware.QVM10.Gen 20140718
Sophos AV Mal/Generic-S 20140718
Tencent Win32.Trojan-spy.Zbot.Wqmn 20140718
TrendMicro-HouseCall TROJ_GEN.F04HH00GG14 20140718
VIPRE Trojan.Win32.Generic!SB.0 20140718
Ad-Aware 20140718
AegisLab 20140718
Yandex 20140718
AhnLab-V3 20140717
Baidu-International 20140718
BitDefender 20140718
Bkav 20140717
ByteHero 20140718
CAT-QuickHeal 20140718
ClamAV 20140717
CMC 20140717
Commtouch 20140718
Comodo 20140718
DrWeb 20140718
Emsisoft 20140717
F-Prot 20140718
F-Secure 20140718
GData 20140718
Ikarus 20140718
Jiangmin 20140718
K7AntiVirus 20140717
K7GW 20140717
Kingsoft 20140718
McAfee 20140718
McAfee-GW-Edition 20140717
eScan 20140718
NANO-Antivirus 20140718
Norman 20140718
nProtect 20140717
Rising 20140718
SUPERAntiSpyware 20140718
Symantec 20140718
TheHacker 20140717
TotalDefense 20140718
TrendMicro 20140718
VBA32 20140717
ViRobot 20140718
Zoner 20140718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Wpowersoft

Publisher Wpowersoft
Product IGS Image Generation Software
Original name ims imagge
Internal name imm manip softw
File version 1.0.8.1
Description IGS Image Generation Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-14 13:52:25
Entry Point 0x00004B7E
Number of sections 5
PE sections
PE imports
ChooseColorW
CreatePatternBrush
GetObjectA
ExtTextOutW
CreateFontIndirectW
GetBoundsRect
SelectObject
GetStockObject
CreateSolidBrush
ChoosePixelFormat
SetBkColor
GetCharWidth32A
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetSystemInfo
LoadLibraryW
GetConsoleCP
GetModuleHandleW
GetOEMCP
QueryPerformanceCounter
GetComputerNameW
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
SetConsoleOutputCP
CreateConsoleScreenBuffer
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
GetTempFileNameA
HeapSize
FreeEnvironmentStringsW
MultiByteToWideChar
GetUserDefaultLCID
EncodePointer
GetLocaleInfoW
SetStdHandle
GetModuleHandleA
RaiseException
InitializeCriticalSection
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
FormatMessageA
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetFileAttributesA
GetExitCodeProcess
LocalFree
WaitForSingleObject
TerminateProcess
RtlUnwind
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
LocalAlloc
WriteConsoleW
InterlockedIncrement
StrStrW
RegisterClassA
GetMenuInfo
SystemParametersInfoA
GetScrollInfo
BeginPaint
HideCaret
EnumWindows
TrackMouseEvent
PostQuitMessage
DefWindowProcA
ShowWindow
SetMenuInfo
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
EndPaint
UpdateWindow
MoveWindow
DialogBoxParamW
MessageBoxA
EnumChildWindows
AdjustWindowRectEx
GetSysColor
SendMessageW
GetDC
GetCursorPos
ReleaseDC
CreatePopupMenu
CheckMenuItem
GetMenu
IsWindowVisible
GetClientRect
GetDlgItem
DrawMenuBar
IsIconic
ScreenToClient
SetRect
DeleteMenu
GetWindowLongA
CreateMenu
LoadImageW
TrackPopupMenu
FillRect
GetMenuState
LoadIconW
SetScrollInfo
SetForegroundWindow
DestroyWindow
SetWindowTheme
RegisterDragDrop
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
148480

ImageVersion
0.0

ProductName
IGS Image Generation Software

FileVersionNumber
1.0.8.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
IGS Image Generation Software

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
ims imagge

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.8.1

TimeStamp
2014:07:14 14:52:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
imm manip softw

FileAccessDate
2014:07:18 12:30:23+01:00

ProductVersion
1.0.8.1

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:07:18 12:30:23+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2013 Wpowersoft

MachineType
Intel 386 or later, and compatibles

CompanyName
Wpowersoft

CodeSize
89600

FileSubtype
0

ProductVersionNumber
1.0.8.1

EntryPoint
0x4b7e

ObjectFileType
Executable application

File identification
MD5 d29535f7136c4c15bf4e1ed088f55a70
SHA1 3db04eb91bc29a51c683bf89b6cf9bfeffd42f5f
SHA256 21f7b24e02622aa2c17a179014ede663e226f2384997e86398c617a99f8211f3
ssdeep
6144:0s4G6efDyPkGZcdBqf6BPBO1AODzOtL/VB3dPrBe/zQJInJ1B:dGZcdBqfRueUJInv

imphash a66ad285ac36776b2ba80d25b50820ae
File size 233.5 KB ( 239104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-18 11:30:28 UTC ( 4 years, 8 months ago )
Last submission 2014-07-18 11:30:28 UTC ( 4 years, 8 months ago )
File names imm manip softw
d29535f7136c4c15bf4e1ed088f55a70
ims imagge
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications