× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 241dcac079113e28a1f3aa256542445a4eddf987a22a8ed2caf014f9c1e300d4
File name: bff9e583e1ea997ba5265520f1accd79
Detection ratio: 33 / 52
Analysis date: 2014-06-09 18:10:02 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.389361 20140609
Yandex TrojanSpy.Zbot!o9z14lNxgrc 20140608
AhnLab-V3 Trojan/Win32.Agent 20140609
AntiVir TR/Kazy.387402 20140609
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140609
Avast Win32:Zbot-UAJ [Trj] 20140609
AVG PSW.Generic12.ANVZ 20140609
BitDefender Gen:Variant.Kazy.389361 20140609
Bkav HW32.CDB.5e72 20140606
DrWeb Trojan.Siggen6.18307 20140609
Emsisoft Gen:Variant.Kazy.389361 (B) 20140609
ESET-NOD32 a variant of Win32/Kryptik.CDEU 20140609
F-Secure Gen:Variant.Kazy.389361 20140609
Fortinet W32/Zbot.AAU!tr 20140608
GData Gen:Variant.Kazy.389361 20140609
K7AntiVirus Trojan ( 0049af451 ) 20140609
K7GW Trojan ( 0049af451 ) 20140609
Kaspersky Trojan-Spy.Win32.Zbot.tbtt 20140609
Kingsoft Win32.Troj.Zbot.tb.(kcloud) 20140609
Malwarebytes Spyware.Zbot.VXGen 20140609
McAfee RDN/Generic PWS.y!zv 20140609
McAfee-GW-Edition Artemis!BFF9E583E1EA 20140609
Microsoft PWS:Win32/Zbot 20140609
eScan Gen:Variant.Kazy.389361 20140609
NANO-Antivirus Trojan.Win32.Zbot.czubqj 20140609
Panda Trj/CI.A 20140609
Qihoo-360 Malware.QVM20.Gen 20140609
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140609
Sophos AV Mal/Generic-S 20140609
Symantec Trojan.ADH.SMH 20140609
TrendMicro TROJ_GEN.R0C1C0DF214 20140609
TrendMicro-HouseCall TROJ_GEN.R0C1C0DF214 20140609
VIPRE Trojan.Win32.Generic!BT 20140609
AegisLab 20140609
Baidu-International 20140609
ByteHero 20140609
CAT-QuickHeal 20140609
ClamAV 20140609
CMC 20140609
Commtouch 20140609
Comodo 20140609
F-Prot 20140609
Ikarus 20140609
Jiangmin 20140609
Norman 20140609
nProtect 20140609
SUPERAntiSpyware 20140609
Tencent 20140609
TheHacker 20140609
TotalDefense 20140609
VBA32 20140609
ViRobot 20140609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name Japdo.exe
Internal name Ojyvuja
File version 7, 5, 4
Description Foqa Kikep Izomuko
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-13 13:19:48
Entry Point 0x00022255
Number of sections 4
PE sections
Overlays
MD5 1b3269d2db5973d38f3db623d090aecc
File type data
Offset 202240
Size 512
Entropy 7.59
PE imports
ImageList_BeginDrag
ImageList_Replace
InitCommonControls
GetEffectiveClientRect
ImageList_GetIconSize
ImageList_SetDragCursorImage
ImageList_Read
ShowHideMenuCtl
MakeDragList
ImageList_DragEnter
ImageList_DragMove
CreateMappedBitmap
ImageList_SetFlags
ImageList_GetImageInfo
ImageList_Draw
LBItemFromPt
ImageList_AddIcon
ImageList_Add
ImageList_Duplicate
InitCommonControlsEx
ImageList_LoadImageA
ImageList_SetImageCount
CreateStatusWindowA
ImageList_Remove
ImageList_Copy
ImageList_EndDrag
GetUserDefaultUILanguage
DeviceIoControl
ExitProcess
GetLongPathNameW
GetAtomNameW
CheckBitmapBits
InstallColorProfileA
GetColorProfileElementTag
GetColorProfileHeader
ConvertIndexToColorName
InstallColorProfileW
SetColorProfileElement
InternalGetPS2CSAFromLCS
UninstallColorProfileW
CreateProfileFromLogColorSpaceW
UninstallColorProfileA
SetColorProfileHeader
OpenColorProfileW
RegisterCMMW
GenerateCopyFilePaths
ConvertColorNameToIndex
GetPS2ColorRenderingIntent
SpoolerCopyFileEvent
SelectCMM
IsColorProfileTagPresent
InternalSetDeviceConfig
CreateColorTransformA
CloseColorProfile
EnumColorProfilesW
GetCMMInfo
SamOpenDomain
SamShutdownSamServer
SamGetMembersInAlias
SamRemoveMemberFromForeignDomain
SamConnect
SamCloseHandle
SamEnumerateAliasesInDomain
SamOpenGroup
SamCreateUserInDomain
SamLookupIdsInDomain
SamEnumerateGroupsInDomain
CM_Open_Class_Key_ExW
SetupRemoveFileLogEntryA
SetupDecompressOrCopyFileW
SetupDiRemoveDevice
SetupDuplicateDiskSpaceListA
SetupCreateDiskSpaceListA
SetupDiGetDeviceInterfaceDetailA
SetupDiDeleteDeviceInfo
CM_Get_Device_ID_List_ExW
CM_Request_Device_EjectW
SetupRemoveSectionFromDiskSpaceListW
CM_Get_DevNode_Registry_Property_ExW
SetupDiCreateDeviceInterfaceW
SetupGetSourceInfoA
CM_Request_Eject_PC_Ex
SetupGetTargetPathA
CM_Get_Res_Des_Data_Size_Ex
SetupQueryDrivesInDiskSpaceListW
CM_Get_Device_ID_ExW
SetupDiGetClassImageIndex
SetupDiGetINFClassW
CM_Set_HW_Prof_Flags_ExA
SetupQueryInfVersionInformationW
CM_Get_HW_Prof_Flags_ExW
SetupInstallServicesFromInfSectionW
CM_Get_Class_Registry_PropertyW
SetupFindFirstLineA
SetupIterateCabinetA
SetupRemoveInstallSectionFromDiskSpaceListW
CM_Get_HW_Prof_Flags_ExA
PathRemoveArgsA
StrRChrW
StrNCatW
PathUnExpandEnvStringsW
StrFormatKBSizeW
PathIsRelativeW
PathFindSuffixArrayW
SHGetValueW
PathGetDriveNumberA
SHRegGetUSValueA
SHRegGetBoolUSValueW
SHOpenRegStreamW
StrCmpIW
PathMakeSystemFolderW
SHRegCreateUSKeyW
PathIsDirectoryA
SHDeleteKeyW
PathIsFileSpecW
AssocQueryStringA
PathCreateFromUrlW
UrlIsOpaqueA
StrStrA
StrCmpW
UrlGetPartW
PathAddExtensionA
SHCreateThread
PathIsURLA
StrDupA
PathMatchSpecA
IntlStrEqWorkerW
IMPGetIMEW
Number of PE resources by type
RT_DIALOG 2
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:01:13 14:19:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
151552

LinkerVersion
6.0

EntryPoint
0x22255

InitializedDataSize
311296

SubsystemVersion
5.0

ImageVersion
7.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 bff9e583e1ea997ba5265520f1accd79
SHA1 02c9c9965bcebe3a659a18f1cceb25080756689e
SHA256 241dcac079113e28a1f3aa256542445a4eddf987a22a8ed2caf014f9c1e300d4
ssdeep
3072:RFyLHnO3eN5YMOtB7CNUJXWKAOzXJH9l3Bv5PlTIajE3OUYtUvBsFeuk:SnO8YZB7UUQK/3lxdJIaj5sBn

authentihash 59a8e1d61d417833f0c4a6c270fe643a07fc0a8ead03f5b5b15480a7b22c9758
imphash 1612c4c111510c56df144b3a464e099a
File size 198.0 KB ( 202752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-06-09 18:10:02 UTC ( 4 years, 9 months ago )
Last submission 2014-06-09 18:10:02 UTC ( 4 years, 9 months ago )
File names bff9e583e1ea997ba5265520f1accd79
Japdo.exe
Ojyvuja
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.