× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a2ace0a889a701c15e4e3b56f625f5466c473324a892bd4108e3baa49a7c0c4
File name: vt-upload-1HYUV
Detection ratio: 32 / 50
Analysis date: 2014-04-13 20:01:42 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.24961 20140413
Yandex TrojanSpy.Zbot!sqRwucnUtrg 20140413
AntiVir TR/Spy.ZBot.ryisd 20140413
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140413
Avast Win32:Crypt-QTG [Trj] 20140413
AVG PSW.Generic12.AHHP 20140413
BitDefender Trojan.GenericKDZ.24961 20140413
Bkav W32.VariantNyamaimI.Trojan 20140412
DrWeb Trojan.Winlock.11064 20140413
Emsisoft Trojan.GenericKDZ.24961 (B) 20140413
ESET-NOD32 a variant of Win32/Injector.BAQK 20140413
F-Secure Trojan.GenericKDZ.24961 20140413
Fortinet W32/Zbot.BAQK!tr 20140413
GData Trojan.GenericKDZ.24961 20140413
Jiangmin TrojanSpy.Zbot.haff 20140413
K7AntiVirus Trojan ( 0049797a1 ) 20140411
K7GW Trojan ( 0049797a1 ) 20140411
Kaspersky Trojan-Spy.Win32.Zbot.rxgz 20140413
Malwarebytes Spyware.Zbot.ED 20140413
McAfee BackDoor-DKI!B58DCCDE1F7B 20140413
McAfee-GW-Edition BackDoor-DKI!B58DCCDE1F7B 20140413
Microsoft VirTool:Win32/CeeInject.gen!KK 20140413
eScan Trojan.GenericKDZ.24961 20140413
NANO-Antivirus Trojan.Win32.Zbot.cvyfmv 20140413
nProtect Trojan.Zbot.IEY 20140413
Panda Trj/CI.A 20140413
Sophos AV Troj/HkMain-U 20140413
Symantec Trojan.Gen 20140413
TrendMicro TROJ_GEN.R021C0EDC14 20140413
TrendMicro-HouseCall TROJ_GEN.R021C0EDC14 20140413
VBA32 TrojanSpy.Zbot 20140411
VIPRE Trojan.Win32.Generic!BT 20140413
AegisLab 20140413
AhnLab-V3 20140413
Baidu-International 20140413
ByteHero 20140413
CAT-QuickHeal 20140413
ClamAV 20140413
CMC 20140411
Commtouch 20140413
Comodo 20140413
F-Prot 20140413
Ikarus 20140413
Kingsoft 20130829
Norman 20140412
Qihoo-360 20140413
Rising 20140413
SUPERAntiSpyware 20140413
TheHacker 20140413
TotalDefense 20140413
ViRobot 20140413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-25 15:29:07
Entry Point 0x00003A6A
Number of sections 4
PE sections
PE imports
ImageList_SetOverlayImage
GetTextExtentPoint32W
GetModuleFileNameW
GetStartupInfoW
GetModuleHandleW
Ord(3820)
Ord(4609)
Ord(4525)
Ord(2112)
Ord(2438)
Ord(4621)
Ord(537)
Ord(6212)
Ord(5298)
Ord(4880)
Ord(527)
Ord(2980)
Ord(6371)
Ord(4334)
Ord(2486)
Ord(3394)
Ord(788)
Ord(5237)
Ord(4934)
Ord(4891)
Ord(2619)
Ord(1995)
Ord(989)
Ord(1089)
Ord(5996)
Ord(5278)
Ord(5006)
Ord(4381)
Ord(5736)
Ord(2244)
Ord(5236)
Ord(5436)
Ord(5208)
Ord(5727)
Ord(4362)
Ord(1915)
Ord(3440)
Ord(3744)
Ord(1822)
Ord(4298)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(6211)
Ord(4933)
Ord(517)
Ord(4717)
Ord(2392)
Ord(4852)
Ord(4894)
Ord(4539)
Ord(3995)
Ord(6370)
Ord(1131)
Ord(815)
Ord(366)
Ord(3257)
Ord(2717)
Ord(3449)
Ord(3917)
Ord(4583)
Ord(3948)
Ord(2388)
Ord(4073)
Ord(5256)
Ord(6379)
Ord(338)
Ord(6898)
Ord(3636)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(5726)
Ord(823)
Ord(5056)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(2506)
Ord(6377)
Ord(5285)
Ord(4617)
Ord(5945)
Ord(6195)
Ord(2400)
Ord(4256)
Ord(4932)
Ord(1767)
Ord(4716)
Ord(6330)
Ord(794)
Ord(617)
Ord(5813)
Ord(2959)
Ord(5337)
Ord(4526)
Ord(4234)
Ord(825)
Ord(2099)
Ord(4604)
Ord(5710)
Ord(641)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(2874)
Ord(540)
Ord(6050)
Ord(4606)
Ord(1716)
Ord(4335)
Ord(4692)
Ord(4078)
Ord(674)
Ord(654)
Ord(2836)
Ord(4233)
Ord(1910)
Ord(384)
Ord(4831)
Ord(3729)
Ord(4480)
Ord(4229)
Ord(4363)
Ord(2990)
Ord(344)
Ord(2089)
Ord(6048)
Ord(2047)
Ord(1937)
Ord(4537)
Ord(2176)
Ord(4958)
Ord(813)
Ord(3366)
Ord(2504)
Ord(3189)
Ord(5867)
Ord(5257)
Ord(3911)
Ord(1912)
Ord(800)
Ord(5157)
Ord(5468)
Ord(4884)
Ord(6051)
Ord(4156)
Ord(4689)
Ord(3074)
Ord(6127)
Ord(6449)
Ord(2613)
Ord(5936)
Ord(364)
Ord(3943)
Ord(4435)
Ord(861)
Ord(554)
Ord(4269)
Ord(5249)
Ord(2575)
Ord(4892)
Ord(1841)
Ord(4523)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(4885)
Ord(1718)
Ord(4714)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(5247)
Ord(796)
Ord(4957)
Ord(5296)
Ord(2382)
Ord(975)
Ord(5613)
Ord(5070)
Ord(4886)
Ord(4954)
Ord(6390)
Ord(4072)
Ord(4882)
Ord(657)
Ord(5573)
Ord(515)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(3476)
Ord(5848)
Ord(5055)
Ord(3277)
Ord(6130)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(5832)
Ord(520)
Ord(4876)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3054)
Ord(3825)
Ord(5192)
Ord(2857)
Ord(3348)
Ord(4624)
Ord(4074)
Ord(1719)
Ord(4397)
Ord(2640)
Ord(303)
Ord(2109)
Ord(4527)
Ord(5446)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(1165)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(1569)
Ord(4257)
Ord(4451)
Ord(5273)
Ord(4581)
Ord(4582)
Ord(3396)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(4623)
Ord(324)
Ord(560)
Ord(2391)
Ord(2177)
Ord(4158)
Ord(5277)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(5824)
Ord(4341)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5239)
Ord(1720)
Ord(4075)
Ord(4102)
Ord(652)
Ord(5255)
Ord(5094)
Ord(4420)
Ord(2627)
Ord(5097)
Ord(4459)
Ord(2250)
Ord(4364)
Ord(5499)
Ord(2550)
Ord(1760)
Ord(5303)
Ord(4128)
Ord(4518)
Ord(6171)
Ord(5253)
Ord(2546)
Ord(3345)
Ord(686)
Ord(3102)
Ord(561)
Ord(4292)
Ord(4239)
Ord(1938)
Ord(1143)
Ord(5261)
Ord(3658)
Ord(6113)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(1833)
Ord(5059)
Ord(2879)
Ord(4935)
Ord(3442)
Ord(2618)
Ord(640)
Ord(2396)
Ord(4103)
Ord(529)
Ord(4370)
Ord(2083)
Ord(4607)
Ord(1934)
Ord(2362)
Ord(296)
Ord(4209)
Ord(5649)
Ord(4418)
Ord(784)
Ord(4419)
Ord(4236)
Ord(3592)
Ord(3191)
Ord(5286)
Ord(4690)
Ord(4267)
Ord(860)
Ord(4580)
__wgetmainargs
malloc
__p__fmode
fread
fclose
__dllonexit
_except_handler3
?terminate@@YAXXZ
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
_wcmdln
__CxxFrameHandler
memset
_adjust_fdiv
_wfopen
_controlfp
_initterm
_exit
__set_app_type
GetMenu
SendMessageW
UpdateWindow
InflateRect
EnableWindow
SetMenu
GetClientRect
DestroyMenu
LoadAcceleratorsW
LoadMenuW
Number of PE resources by type
RT_STRING 15
RT_BITMAP 5
RT_MENU 2
RT_ACCELERATOR 1
Struct(241) 1
Number of PE resources by language
ENGLISH US 22
NEUTRAL 1
CHINESE *unknown* 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:25 16:29:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileAccessDate
2014:04:13 21:02:53+01:00

EntryPoint
0x3a6a

InitializedDataSize
36864

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:13 21:02:53+01:00

UninitializedDataSize
0

File identification
MD5 b58dccde1f7becb71973b7c9575c2404
SHA1 911f3e74a38fdd07bf253c797f826995ef45ae72
SHA256 2a2ace0a889a701c15e4e3b56f625f5466c473324a892bd4108e3baa49a7c0c4
ssdeep
6144:1GlaNV7enaUU5Jlqd26INvNvSWgSHo87OX9NT2CTmpfupqMpe:tNVia15J8EBdgSPWlofuRe

imphash 66e0fd781726c3773d1526c6d7341d63
File size 300.9 KB ( 308072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-13 20:01:42 UTC ( 4 years, 7 months ago )
Last submission 2014-04-13 20:01:42 UTC ( 4 years, 7 months ago )
File names vt-upload-1HYUV
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!