× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2635f0238fad2abef8f61292834c634051adfcd63fe64828f46cd6120555ba30
File name: d9b4b28054852c51a82e3217918eafde
Detection ratio: 28 / 52
Analysis date: 2014-06-09 18:09:43 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.390956 20140609
Yandex TrojanSpy.Zbot!UvI4JpDAgkA 20140608
AhnLab-V3 Spyware/Win32.Zbot 20140609
AntiVir TR/Crypt.ZPACK.59092 20140609
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140609
Avast Win32:Zbot-UAJ [Trj] 20140609
AVG Crypt3.UNJ 20140609
BitDefender Gen:Variant.Kazy.390956 20140609
Bkav HW32.CDB.3bc0 20140606
Emsisoft Gen:Variant.Kazy.390956 (B) 20140609
ESET-NOD32 a variant of Win32/Kryptik.CDJH 20140609
F-Secure Gen:Variant.Kazy.390956 20140609
Fortinet W32/Zbot.AAU!tr 20140608
GData Gen:Variant.Kazy.389588 20140609
Kaspersky Trojan-Spy.Win32.Zbot.tdmb 20140609
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140609
Malwarebytes Spyware.Zbot.VXGen 20140609
McAfee RDN/Generic PWS.y!zv 20140609
McAfee-GW-Edition Artemis!D9B4B2805485 20140609
eScan Gen:Variant.Kazy.389588 20140609
Panda Trj/Dtcontx.M 20140609
Qihoo-360 Malware.QVM20.Gen 20140609
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140609
Sophos AV Mal/Generic-S 20140609
Symantec Trojan.Gen.SMH 20140609
TrendMicro TROJ_GEN.R0C1C0EF514 20140609
TrendMicro-HouseCall TROJ_GEN.R0C1C0EF514 20140609
VIPRE Trojan.Win32.Generic!BT 20140609
AegisLab 20140609
Baidu-International 20140609
ByteHero 20140609
CAT-QuickHeal 20140609
ClamAV 20140609
CMC 20140609
Commtouch 20140609
Comodo 20140609
DrWeb 20140609
F-Prot 20140609
Ikarus 20140609
Jiangmin 20140609
K7AntiVirus 20140609
K7GW 20140609
Microsoft 20140609
NANO-Antivirus 20140609
Norman 20140609
nProtect 20140609
SUPERAntiSpyware 20140609
Tencent 20140609
TheHacker 20140609
TotalDefense 20140609
VBA32 20140609
ViRobot 20140609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name Gmhfexst.exe
Internal name Ruc
File version 1, 9, 3
Description Hugino Ilysoz Qera
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-18 05:46:00
Entry Point 0x0001B32B
Number of sections 4
PE sections
PE imports
RegSaveRestoreOnINF
RegisterOCX
IsNTAdmin
GetVersionFromFileEx
RegInstall
OpenINFEngine
UserInstStubWrapper
RunSetupCommand
TranslateInfStringEx
SetPerUserSecValues
RegRestoreAll
UserUnInstStubWrapper
CloseINFEngine
LaunchINFSection
PropertySheetA
ImageList_GetImageCount
FlatSB_SetScrollInfo
GetEffectiveClientRect
FlatSB_GetScrollInfo
ShowHideMenuCtl
ImageList_GetImageRect
ImageList_DragMove
ImageList_SetIconSize
ImageList_SetFlags
ImageList_Write
CreateToolbarEx
DrawStatusTextW
MenuHelp
ImageList_Destroy
ImageList_Draw
DestroyPropertySheetPage
ImageList_GetIcon
FlatSB_SetScrollPos
CreateMappedBitmap
InitCommonControlsEx
CreateUpDownControl
CreateStatusWindowW
CreatePropertySheetPageW
CreateStatusWindowA
FlatSB_EnableScrollBar
ImmSetCompositionStringW
ImmNotifyIME
ImmGetCandidateListCountW
ImmDestroyIMCC
ImmGetIMEFileNameA
ImmSimulateHotKey
ImmGetCandidateListCountA
ImmDisableIME
ImmInstallIMEA
ImmIsIME
ImmGetRegisterWordStyleA
ImmRequestMessageA
ImmGetRegisterWordStyleW
ImmGetGuideLineW
ImmUnlockIMCC
ImmDestroySoftKeyboard
ImmGetConversionListA
ImmIsUIMessageA
ImmSetCompositionWindow
ImmEnumRegisterWordA
ImmSetConversionStatus
ImmCreateSoftKeyboard
ImmAssociateContext
DeleteProxyArpEntry
InternalSetIpForwardEntry
GetBestInterface
NhGetGuidFromInterfaceName
GetIcmpStatistics
AllocateAndGetIpAddrTableFromStack
NhGetInterfaceNameFromGuid
SetIfEntry
GetIpForwardTable
GetUniDirectionalAdapterInfo
SendARP
NotifyRouteChange
GetNetworkParams
GetAdapterIndex
SetTcpEntry
GetIpNetTable
CreateIpForwardEntry
InternalDeleteIpForwardEntry
GetTcpStatistics
GetAdapterOrderMap
CreateProxyArpEntry
NTTimeToNTPTime
DeleteIpNetEntry
NhpAllocateAndGetInterfaceInfoFromStack
InternalCreateIpNetEntry
GetIfTable
IpReleaseAddress
SetIpNetEntry
FreeEnvironmentStringsA
GetFileTime
EnumUILanguagesA
NetGetAnyDCName
RxNetAccessAdd
NlBindingSetAuthInfo
DsGetDcNameA
NetReplExportDirDel
DsGetSiteNameA
NetReplImportDirDel
NetDfsRemoveStdRoot
NetUnjoinDomain
DsDeregisterDnsHostRecordsA
NetLocalGroupSetMembers
DsGetDcSiteCoverageA
NetShareGetInfo
NetDfsSetInfo
NetReplImportDirUnlock
NetReplImportDirGetInfo
NetMessageNameGetInfo
NetDfsRemoveFtRoot
NetUseGetInfo
NetWkstaUserSetInfo
NetDfsEnum
NetAuditRead
NetDfsAddFtRoot
NetServiceEnum
NetGetDCName
NetServerTransportAddEx
DsRoleGetPrimaryDomainInformation
DsUnquoteRdnValueA
DsGetSpnW
DsRemoveDsServerW
DsCrackNamesA
DsAddSidHistoryW
DsCrackNamesW
DsListServersInSiteA
DsMakeSpnW
DsMakePasswordCredentialsW
DsListRolesW
DsMakePasswordCredentialsA
DsReplicaGetInfoW
DsListServersForDomainInSiteW
DsListDomainsInSiteW
DsClientMakeSpnForTargetServerA
DsWriteAccountSpnW
DsQuoteRdnValueW
DsListDomainsInSiteA
DsUnBindA
DsRemoveDsDomainW
DsQuoteRdnValueA
DsFreeDomainControllerInfoA
DsCrackSpnA
DsReplicaDelW
DsReplicaSyncAllW
DsFreeDomainControllerInfoW
DsReplicaSyncA
DsListSitesW
DsReplicaDelA
DsReplicaFreeInfo
CreateStdAccessibleProxyA
AccessibleObjectFromPoint
GetStateTextA
AccessibleObjectFromWindow
CreateStdAccessibleProxyW
GetStateTextW
CreateStdAccessibleObject
GetRoleTextA
OleUIChangeSourceA
OleUIPasteSpecialA
OleUIAddVerbMenuW
OleUIAddVerbMenuA
OleUIPasteSpecialW
OleUIChangeSourceW
OleUIEditLinksA
OleUIUpdateLinksW
OleUIConvertA
PdhBrowseCountersA
PdhFormatFromRawValue
PdhEnumObjectItemsW
PdhEnumObjectItemsA
PdhEnumMachinesA
PdhUpdateLogA
PdhSetDefaultRealTimeDataSource
PdhVbUpdateLog
PdhCloseQuery
PdhValidatePathA
PdhExpandWildCardPathA
PdhAddCounterW
PdhParseCounterPathW
PdhRemoveCounter
PdhMakeCounterPathW
PdhSelectDataSourceA
PdhVbCreateCounterPathList
PdhConnectMachineW
PdhEnumObjectsA
PdhVbGetDoubleCounterValue
PdhLookupPerfNameByIndexA
PdhParseInstanceNameA
PdhOpenLogW
PdhExpandCounterPathA
PdhGetRawCounterArrayW
PdhVbGetLogFileSize
DoneCIISAPIPerformanceData
BindIFilterFromStorage
SetupCacheEx
InitializeFILTERPerformanceData
CIRestrictionToFullTree
LoadTextFilter
CIMakeICommand
BindIFilterFromStream
CICreateCommand
InitializeCIPerformanceData
CITextToSelectTree
LocateCatalogsA
EndCacheTransaction
BeginCacheTransaction
CIGetGlobalPropertyList
DoneCIPerformanceData
CiSvcMain
LoadBinaryFilter
CIBuildQueryTree
LoadIFilter
InitializeCIISAPIPerformanceData
RasQueryRedialOnLinkFailure
RasEnumConnectionsA
RasRenameEntryW
RasGetEapUserIdentityA
RasClearConnectionStatistics
RasGetSubEntryHandleW
RasCreatePhonebookEntryA
RasQuerySharedAutoDial
RasGetEntryHrasconnW
RasGetProjectionInfoA
RasHangUpA
RasCreatePhonebookEntryW
RasGetAutodialAddressA
RasGetConnectStatusA
RasGetHport
RasGetAutodialParamA
RasSetAutodialEnableA
RasDeleteEntryW
RasSetSubEntryPropertiesW
RasAutoDialSharedConnection
RasSetAutodialParamA
RasSetCredentialsW
RasGetCustomAuthDataW
RasFreeEapUserIdentityW
RasEnumAutodialAddressesA
RasSetAutodialParamW
NdrComplexArrayUnmarshall
I_RpcTransIoCancelled
RpcObjectInqType
NdrXmitOrRepAsMemorySize
RpcBindingInqOption
I_RpcBindingInqDynamicEndpointA
NdrInterfacePointerFree
NdrConformantStructFree
NDRSContextMarshall2
NdrUserMarshalMemorySize
RpcServerListen
RpcProtseqVectorFreeA
RpcRaiseException
NdrCStdStubBuffer_Release
NDRCContextUnmarshall
NdrNsGetBuffer
PathIsSystemFolderA
StrNCatW
SHRegDeleteUSValueW
UrlCreateFromPathW
StrRetToBufA
SHCopyKeyA
SHRegDuplicateHKey
StrToIntExW
SHEnumValueW
StrCSpnA
SHOpenRegStreamW
ColorHLSToRGB
SHDeleteValueA
SHGetValueA
SHRegGetPathW
PathFileExistsA
SHEnumKeyExA
SHQueryInfoKeyW
SHSkipJunction
ChrCmpIW
SHEnumKeyExW
AssocQueryStringW
UrlCompareW
SHRegSetPathA
PathQuoteSpacesW
StrFormatByteSizeA
UrlCanonicalizeW
PathIsNetworkPathA
StrRetToStrW
SHRegSetPathW
SHRegWriteUSValueW
phoneSetLamp
lineCompleteTransfer
lineAgentSpecific
lineGetAgentCapsW
lineGetAddressCapsW
MMCAddProvider
lineCreateAgentW
phoneDevSpecific
MMCGetServerConfig
phoneGetDevCapsW
lineGetAppPriorityW
lineGetIconW
lineAddToConference
lineGetConfRelatedCalls
MMCSetServerConfig
lineCreateAgentSessionW
tapiRequestDrop
lineGenerateDigitsA
lineShutdown
lineOpenA
lineSetQueueMeasurementPeriod
lineGetAgentInfo
MMCGetAvailableProviders
lineGetAddressIDA
lineDevSpecificFeature
MMCGetPhoneInfo
phoneConfigDialogW
phoneNegotiateExtVersion
RevokeBindStatusCallback
IsAsyncMoniker
IsLoggingEnabledW
RegisterMediaTypeClass
CoGetClassObjectFromURL
FaultInIEFeature
CoInternetGetSecurityUrl
HlinkGoForward
HlinkNavigateString
CopyBindInfo
FindMediaType
FindMediaTypeClass
RegisterMediaTypes
CoInternetParseUrl
URLDownloadToCacheFileW
MkParseDisplayNameEx
URLOpenBlockingStreamA
URLOpenPullStreamW
URLDownloadToFileA
ObtainUserAgentString
UrlMkBuildVersion
GetClassFileOrMime
UrlMkSetSessionOption
FindMimeFromData
URLDownloadToFileW
SetFocus
SetWindowRgn
GetKeyboardLayoutNameA
VkKeyScanA
DdeCmpStringHandles
HideCaret
GetParent
OpenDesktopW
LoadBitmapA
IMPGetIMEW
RemoveMenu
MessageBoxExA
DdeDisconnect
OpenIcon
DdeAddData
WindowFromPoint
SendDlgItemMessageW
SetThreadDesktop
FindWindowExA
WaitMessage
SetWindowTextA
MessageBoxExW
BeginDeferWindowPos
CharUpperBuffW
EnumPropsA
CreateMenu
ImpersonateDdeClientWindow
OemKeyScan
GetSysColorBrush
LoadIconW
GetUserObjectSecurity
GetKeyboardType
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetHangUp
InternetGetConnectedState
InternetDialW
HttpEndRequestA
GetUrlCacheConfigInfoW
GopherOpenFileA
InternetDialA
SetUrlCacheEntryInfoW
SetUrlCacheEntryGroupW
RetrieveUrlCacheEntryStreamA
InternetAutodialCallback
UnlockUrlCacheEntryFileW
DetectAutoProxyUrl
InternetConfirmZoneCrossingW
DeleteIE3Cache
DeleteUrlCacheContainerA
InternetCombineUrlW
FtpGetFileSize
InternetQueryDataAvailable
InternetSetOptionExA
FindNextUrlCacheContainerW
InternetReadFile
InternetWriteFileExA
IsUrlCacheEntryExpiredW
FindFirstUrlCacheContainerW
InternetOpenUrlA
GetUrlCacheEntryInfoExA
InternetQueryFortezzaStatus
InternetAutodialHangup
DeleteUrlCacheEntryW
CryptCATCDFEnumMembersByCDFTagEx
WVTAsn1SpcLinkDecode
CryptCATOpen
CryptCATCDFEnumAttributesWithCDFTag
MsCatFreeHashTag
mscat32DllRegisterServer
WVTAsn1SpcIndirectDataContentEncode
TrustFreeDecode
CryptSIPGetSignedDataMsg
WTHelperGetProvCertFromChain
CryptCATAdminAddCatalog
WVTAsn1CatNameValueDecode
CryptCATHandleFromStore
WVTAsn1SpcMinimalCriteriaInfoEncode
SoftpubCleanup
WinVerifyTrust
mssip32DllUnregisterServer
WVTAsn1SpcFinancialCriteriaInfoEncode
WintrustSetRegPolicyFlags
CryptCATAdminCalcHashFromFileHandle
CryptCATEnumerateMember
CryptCATCDFEnumAttributes
OpenPersonalTrustDBDialog
WTHelperGetProvPrivateDataFromChain
CryptSIPVerifyIndirectData
TrustOpenStores
CryptCATCDFOpen
WintrustLoadFunctionPointers
WVTAsn1SpcSpAgencyInfoEncode
CryptCATCDFEnumCatAttributes
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:05:18 06:46:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
7.1

EntryPoint
0x1b32b

InitializedDataSize
188416

SubsystemVersion
4.0

ImageVersion
7.1

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d9b4b28054852c51a82e3217918eafde
SHA1 da24bc625299ca5beb82fe652afec7a7858a69d1
SHA256 2635f0238fad2abef8f61292834c634051adfcd63fe64828f46cd6120555ba30
ssdeep
3072:C+vyHDks2m2tfROFRMM2f4lFr3oadkeQzpfJRotmo9uocrNXOHEuklOfEA0u:fvyHQs0RnzfIYad6zfRotmo6xucJA0

authentihash 1fed04903de39f9a5699e836172f8617e70e35ae514da15fd2366aa5966fd195
imphash 206a8c408cfa030a5bc3a91883ada5d8
File size 202.0 KB ( 206848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-09 18:09:43 UTC ( 4 years, 9 months ago )
Last submission 2014-06-09 18:09:43 UTC ( 4 years, 9 months ago )
File names Ruc
d9b4b28054852c51a82e3217918eafde
Gmhfexst.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs