× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e104cb78d53c95259a45d67312b962de16cabf5f3ddf388cbab4d4e8995d863
File name: 90a05d3fb2372d2b615130bd2871e511
Detection ratio: 11 / 54
Analysis date: 2014-06-28 22:50:57 UTC ( 2 years, 10 months ago )
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.89459 20140628
Avast Win32:Malware-gen 20140628
AVG Zbot.KYX 20140628
Bkav HW32.CDB.E1a4 20140625
ESET-NOD32 Win32/Spy.Zbot.AAO 20140628
Kaspersky Trojan-Spy.Win32.Zbot.tjeb 20140628
Malwarebytes Spyware.Zbot.VXGen 20140628
Qihoo-360 HEUR/Malware.QVM20.Gen 20140628
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140623
Sophos Mal/Generic-S 20140628
Tencent Win32.Trojan-spy.Zbot.Hsia 20140628
Ad-Aware 20140628
AegisLab 20140628
Yandex 20140628
AhnLab-V3 20140628
Antiy-AVL 20140628
Baidu-International 20140628
BitDefender 20140628
ByteHero 20140628
CAT-QuickHeal 20140628
ClamAV 20140628
CMC 20140627
Commtouch 20140628
Comodo 20140628
DrWeb 20140628
Emsisoft 20140628
F-Prot 20140628
F-Secure 20140628
Fortinet 20140628
GData 20140628
Ikarus 20140628
Jiangmin 20140628
K7AntiVirus 20140627
K7GW 20140627
Kingsoft 20140628
McAfee 20140628
McAfee-GW-Edition 20140628
Microsoft 20140628
eScan 20140628
NANO-Antivirus 20140628
Norman 20140628
nProtect 20140627
Panda 20140628
SUPERAntiSpyware 20140628
Symantec 20140628
TheHacker 20140624
TotalDefense 20140628
TrendMicro 20140628
TrendMicro-HouseCall 20140628
VBA32 20140627
VIPRE 20140628
ViRobot 20140628
Zillya 20140627
Zoner 20140626
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
 2003

Publisher Netopia, Inc.
Product Modisu
Original name Spkbpjiac.exe
Internal name Ipakel
File version 9, 7, 10
Description Ihopej Ybo Gowocoq
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-22 18:32:21
Entry Point 0x00027146
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCreateKeyW
ControlTraceW
IsTextUnicode
RegisterEventSourceW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
BuildImpersonateTrusteeA
CloseEncryptedFileRaw
EnumServicesStatusW
CryptDuplicateKey
SetEntriesInAclA
SetSecurityDescriptorSacl
CryptReleaseContext
ImpersonateSelf
ElfDeregisterEventSource
GetTraceEnableLevel
RegLoadKeyW
SetEntriesInAccessListA
RegQueryInfoKeyA
SystemFunction008
SetTraceCallback
SetEntriesInAclW
LsaQueryDomainInformationPolicy
RegSaveKeyA
RegSetValueExW
MakeSelfRelativeSD
BackupEventLogA
SetSecurityInfoExA
SystemFunction025
RegEnumValueA
EnumDependentServicesA
SetDIBits
CreatePolygonRgn
SelectBrushLocal
GetCharABCWidthsW
PathToRegion
GetViewportOrgEx
GetGlyphOutlineA
PolyDraw
GetPixelFormat
GdiStartPageEMF
GetCharABCWidthsI
GdiPlayEMF
FillRgn
ExtTextOutW
CreateEllipticRgn
GdiGetPageCount
RectVisible
GetStockObject
CreateDIBitmap
SetPixelFormat
CreateDIBSection
EndPage
ExtEscape
GdiPlayDCScript
CreateFontIndirectExA
GdiGetSpoolFileHandle
InternalSetTcpEntry
GetIfTable
GetInterfaceInfo
GetIcmpStatistics
AllocateAndGetIpAddrTableFromStack
InternalSetIpNetEntry
SetIfEntry
GetUdpStatistics
DeleteIPAddress
AddIPAddress
GetNetworkParams
GetUdpTable
InternalDeleteIpForwardEntry
GetRTTAndHopCount
GetTcpStatistics
InternalGetIpForwardTable
SendARP
SetIpForwardEntry
NTTimeToNTPTime
GetNumberOfInterfaces
InternalCreateIpNetEntry
GetIpAddrTable
InternalGetUdpTable
IpReleaseAddress
SetIpNetEntry
GetCommModemStatus
DeleteVolumeMountPointW
ResetEvent
acmStreamClose
acmDriverClose
acmFilterTagDetailsA
acmDriverDetailsW
acmFilterTagEnumA
acmStreamPrepareHeader
acmFilterEnumW
acmStreamConvert
acmFilterTagEnumW
acmDriverPriority
acmStreamReset
acmDriverDetailsA
acmFormatTagDetailsW
NetServiceControl
NetStatisticsGet
NetWkstaTransportEnum
NetLocalGroupAddMembers
NetLogonGetTimeServiceParentDomain
NetServerTransportAdd
DsGetDcNameA
NetGroupEnum
NetUserGetInfo
NetReplExportDirGetInfo
NetApiBufferFree
NetReplGetInfo
NetGroupDel
NetScheduleJobGetInfo
NetServerGetInfo
NetLocalGroupGetMembers
NetReplExportDirUnlock
I_BrowserQueryStatistics
NetDfsAddStdRoot
DsValidateSubnetNameW
NetLocalGroupAdd
DsGetDcNameWithAccountW
NetWkstaUserGetInfo
NetReplExportDirLock
NetWkstaGetInfo
NetDfsRemoveStdRoot
NetServiceInstall
NetAlertRaise
NetUserModalsGet
RtlDowncaseUnicodeString
NtOpenEvent
LdrShutdownProcess
NtDuplicateObject
RtlTraceDatabaseUnlock
RtlLargeIntegerSubtract
ZwAccessCheckByTypeResultList
ZwWriteFile
RtlMultiByteToUnicodeN
RtlInitializeAtomPackage
ZwAddAtom
RtlSetUserFlagsHeap
RtlImageRvaToSection
ZwAccessCheckByTypeResultListAndAuditAlarm
RtlSetIoCompletionCallback
RtlEqualComputerName
NtQueryTimerResolution
LdrQueryProcessModuleInformation
RtlpNtOpenKey
NtQueryInformationFile
CsrFreeCaptureBuffer
ZwCreateSection
NtCreateWaitablePort
DsReplicaUpdateRefsW
DsGetSpnW
DsRemoveDsServerW
DsCrackNamesA
DsUnquoteRdnValueW
DsAddSidHistoryW
DsCrackNamesW
DsRemoveDsServerA
DsGetDomainControllerInfoW
DsBindWithSpnW
DsReplicaGetInfoW
DsListInfoForServerW
DsBindWithCredW
DsRemoveDsDomainA
DsInheritSecurityIdentityW
DsListInfoForServerA
DsUnBindA
DsRemoveDsDomainW
DsQuoteRdnValueA
DsClientMakeSpnForTargetServerW
DsServerRegisterSpnA
DsReplicaAddW
DsWriteAccountSpnA
DsCrackSpnW
DsReplicaAddA
DsListSitesW
OleUIChangeSourceA
OleUIPasteSpecialA
OleUIAddVerbMenuW
OleUIBusyW
OleUIUpdateLinksA
OleUIAddVerbMenuA
OleUICanConvertOrActivateAs
OleUIChangeIconA
OleUIBusyA
OleUIInsertObjectA
OleUIConvertA
CITextToSelectTree
CollectFILTERPerformanceData
SetupCacheEx
CIRestrictionToFullTree
LoadTextFilter
CollectCIISAPIPerformanceData
CIMakeICommand
InitializeFILTERPerformanceData
CICreateCommand
CITextToFullTree
CIState
EndCacheTransaction
CIGetGlobalPropertyList
CiSvcMain
LoadBinaryFilter
CIBuildQueryTree
DoneFILTERPerformanceData
SetCatalogState
NdrServerInitialize
RpcMgmtEpEltInqDone
RpcEpRegisterNoReplaceW
RpcSsGetContextBinding
RpcStringBindingParseA
RpcStringBindingComposeW
RpcSmFree
NdrNsGetBuffer
I_RpcAllocate
UuidCreateNil
NdrRpcSmSetClientToOsf
NdrAsyncServerCall
NdrFullPointerQueryRefId
I_RpcTransConnectionFreePacket
RpcServerInqIf
RpcMgmtInqDefaultProtectLevel
RpcCertGeneratePrincipalNameW
RpcServerRegisterAuthInfoA
I_RpcParseSecurity
RpcServerUseAllProtseqsIfEx
RpcServerUseProtseqEpW
NdrVaryingArrayFree
RpcRaiseException
NdrGetUserMarshalInfo
RpcMgmtSetAuthorizationFn
NdrFreeBuffer
RpcBindingInqAuthClientExA
RpcObjectSetType
NdrMesTypeFree2
NDRSContextUnmarshallEx
I_RpcLogEvent
NdrConformantVaryingStructBufferSize
lineGetGroupListA
lineGetNumRings
lineRemoveProvider
phoneSetLamp
lineSetupTransferA
lineSendUserUserInfo
phoneSetStatusMessages
GetTapi16CallbackMsg
lineAgentSpecific
lineGetQueueInfo
lineGetQueueListW
lineGetCallStatus
phoneGetIDA
phoneGetStatusW
lineConfigDialogA
lineUnhold
phoneGetIDW
lineForwardW
lineGetAppPriorityA
lineRegisterRequestRecipient
lineSetTollListW
lineUnparkW
lineSetCallPrivilege
lineTranslateAddressA
lineAddProviderW
lineGenerateDigitsA
lineGetDevCapsW
lineCreateAgentW
lineGetCallInfoW
lineGetDevCapsA
HlinkNavigateMoniker
CoInternetGetSecurityUrl
URLDownloadToCacheFileA
GetComponentIDFromCLSSPEC
GetSoftwareUpdateInfo
URLOpenPullStreamA
URLDownloadW
HlinkSimpleNavigateToMoniker
UrlMkSetSessionOption
CopyBindInfo
MapVirtualKeyA
GetKeyboardLayoutNameA
GetScrollRange
SetWindowsHookW
EqualRect
SetCaretPos
SetWindowContextHelpId
SetMenuContextHelpId
SetMessageQueue
GetMessageExtraInfo
CopyImage
DrawTextA
UpdateLayeredWindow
MenuItemFromPoint
DrawIconEx
IsCharLowerA
CreateAcceleratorTableW
IsCharAlphaNumericW
EnumDisplayDevicesW
GetMenuItemCount
GetWindowTextLengthA
GetActiveWindow
TileChildWindows
DdeCreateDataHandle
GetDialogBaseUnits
LoadIconW
GetMenuStringA
CloseClipboard
DdeNameService
PtInRect
WinStationSendWindowMessage
_WinStationBeepOpen
_NWLogonSetAdmin
WinStationSendMessageA
WinStationBroadcastSystemMessage
WinStationEnumerateLicenses
ServerQueryInetConnectorInformationW
WinStationSendMessageW
_WinStationGetApplicationInfo
_WinStationReInitializeSecurity
WinStationNameFromLogonIdA
WinStationActivateLicense
WinStationEnumerateW
_WinStationShadowTargetSetup
WinStationQueryInformationA
WinStationGetAllProcesses
WinStationConnectA
WinStationEnumerateProcesses
WinStationOpenServerA
_WinStationCheckForApplicationName
WinStationEnumerateA
WinStationSetInformationA
WinStationEnumerate_IndexedW
ServerSetInternetConnectorStatus
TrustIsCertificateSelfSigned
CryptCATCDFEnumAttributesWithCDFTag
mscat32DllRegisterServer
TrustFreeDecode
HTTPSFinalProv
CryptSIPGetSignedDataMsg
WinVerifyTrustEx
WintrustGetDefaultForUsage
WVTAsn1SpcMinimalCriteriaInfoEncode
CryptCATCDFEnumMembers
SoftpubCleanup
WTHelperGetKnownUsages
DriverCleanupPolicy
SoftpubCheckCert
WTHelperCertIsSelfSigned
FindCertsByIssuer
WintrustSetRegPolicyFlags
WintrustCertificateTrust
WTHelperGetFileHandle
SoftpubAuthenticode
SoftpubInitialize
WintrustRemoveActionID
CryptCATEnumerateAttr
TrustOpenStores
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFOpen
CryptCATAdminReleaseContext
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcSpAgencyInfoEncode
SoftpubDllRegisterServer
WSASocketA
WSARecv
ioctlsocket
connect
WSAInstallServiceClassW
WSAGetServiceClassInfoW
WPUCompleteOverlappedRequest
WSAResetEvent
WSASetBlockingHook
getsockopt
WSAAccept
ntohl
WSASetServiceA
send
WSALookupServiceEnd
WSANtohs
gethostbyaddr
WSANtohl
WSAStringToAddressA
WSALookupServiceNextA
WSASetLastError
WSAIoctl
WSAStringToAddressW
WSASetEvent
bind
WSASendTo
getprotobynumber
getservbyname
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:07:22 19:32:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
172032

LinkerVersion
7.0

FileAccessDate
2014:06:28 23:49:29+01:00

EntryPoint
0x27146

InitializedDataSize
344064

SubsystemVersion
4.0

ImageVersion
9.1

OSVersion
4.0

FileCreateDate
2014:06:28 23:49:29+01:00

UninitializedDataSize
0

File identification
MD5 90a05d3fb2372d2b615130bd2871e511
SHA1 bd42fbc2bfde4147a01c844421dcd5b41f57a950
SHA256 2e104cb78d53c95259a45d67312b962de16cabf5f3ddf388cbab4d4e8995d863
ssdeep
6144:KBIL8skFfFOGSwzz+VmTWVi3XakOZ6KTQBe4I:PLoX+nEao

imphash e2d9e2940c386508ecb46f16f66b7340
File size 225.0 KB ( 230400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-28 22:50:57 UTC ( 2 years, 10 months ago )
Last submission 2014-06-28 22:50:57 UTC ( 2 years, 10 months ago )
File names 90a05d3fb2372d2b615130bd2871e511
Spkbpjiac.exe
Ipakel
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests