× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c385126128425f11e99700ae00b5e9abd12254ad35789e88d6a7485c333efd9
File name: Ocabigy
Detection ratio: 33 / 55
Analysis date: 2015-10-26 07:42:23 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.18891 20151026
Yandex Worm.Luder!0df/YmLicRM 20151025
AhnLab-V3 Spyware/Win32.Zbot 20151026
ALYac Gen:Variant.Symmi.18891 20151026
Antiy-AVL Worm/Win32.Luder 20151026
Arcabit Trojan.Symmi.D49CB 20151026
Avast Win32:Kryptik-LSA [Cryp] 20151026
AVG Crypt2.RG 20151026
AVware Trojan.Win32.Zbot.dx (v) 20151026
Baidu-International Worm.Win32.Luder.bsud 20151026
BitDefender Gen:Variant.Symmi.18891 20151026
CAT-QuickHeal TrojanPWS.Zbot.Gen 20151026
Comodo UnclassifiedMalware 20151026
Emsisoft Gen:Variant.Symmi.18891 (B) 20151026
ESET-NOD32 a variant of Win32/Kryptik.AXSS 20151026
F-Secure Gen:Variant.Symmi.18891 20151026
GData Gen:Variant.Symmi.18891 20151026
Ikarus Trojan-PWS.Win32.Zbot 20151026
K7AntiVirus Trojan ( 0040f3931 ) 20151026
K7GW Trojan ( 0040f3931 ) 20151026
Kaspersky Worm.Win32.Luder.bsud 20151026
McAfee Artemis!858E493C35E4 20151026
McAfee-GW-Edition BehavesLike.Win32.Rootkit.dc 20151026
Microsoft Trojan:Win32/Toga!rfn 20151026
eScan Gen:Variant.Symmi.18891 20151026
NANO-Antivirus Trojan.Win32.Luder.bvdxwn 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 HEUR/Malware.QVM18.Gen 20151026
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos AV Mal/Zbot-KV 20151026
Symantec W32.IRCBot.NG 20151026
VBA32 BScope.Trojan.MTA.0661 20151026
VIPRE Trojan.Win32.Zbot.dx (v) 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
ByteHero 20151026
ClamAV 20151026
CMC 20151026
Cyren 20151026
DrWeb 20151026
F-Prot 20151026
Fortinet 20151026
Jiangmin 20151025
Malwarebytes 20151026
nProtect 20151026
SUPERAntiSpyware 20151026
Tencent 20151026
TheHacker 20151026
TotalDefense 20151026
TrendMicro 20151026
TrendMicro-HouseCall 20151026
ViRobot 20151026
Zillya 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 1995 Ory Xete. Fud Bada Mukery.

Original name Tnfbg.exe
Internal name Ocabigy
File version 4, 5, 4
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-06 01:02:27
Entry Point 0x00196C70
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
LdrAccessResource
SHGetFolderPathA
SHSetValueW
SetRect
Number of PE resources by type
RT_DIALOG 7
RT_ACCELERATOR 4
RT_BITMAP 4
RT_FONT 3
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
KOREAN 21
PE resources
ExifTool file metadata
LegalTrademarks
Ysez Agot Meba Uniwo Racome Afybij

UninitializedDataSize
1462272

LinkerVersion
8.0

ImageVersion
8.3

FileVersionNumber
4.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x196c70

OriginalFileName
Tnfbg.exe

MIMEType
application/octet-stream

LegalCopyright
1995 Ory Xete. Fud Bada Mukery.

FileVersion
4, 5, 4

TimeStamp
2011:07:06 02:02:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ocabigy

SubsystemVersion
4.0

OSVersion
7.3

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
204800

FileSubtype
0

ProductVersionNumber
4.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 858e493c35e42d823992e03b1e755138
SHA1 c27620cdbb21c81209ceaf6728f670467cba12d1
SHA256 2c385126128425f11e99700ae00b5e9abd12254ad35789e88d6a7485c333efd9
ssdeep
6144:Zw1LYdgPoE2l+9oe0/weRoo8kiqjT6Kw63:Y+kFeokiqj5w6

authentihash 7ed14faee07fffcf2b264a298f5f1323f7a382e1a257e8ea8b3db8a0ff41db27
imphash c8f11e586c721046a5b876f3c7a3432b
File size 206.5 KB ( 211456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-06-18 02:01:52 UTC ( 5 years, 5 months ago )
Last submission 2013-07-08 09:00:16 UTC ( 5 years, 5 months ago )
File names Wupos access data.exe
Ocabigy
Wuposaccessdata.exe
Tnfbg.exe
readme.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections