× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2fa0542f78965828ab5054c61aa1c7efee9dce67f1366f2e28d442af01e1dcc2
File name: vt-upload-672uT
Detection ratio: 28 / 53
Analysis date: 2014-06-11 06:03:42 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.392050 20140611
AhnLab-V3 Dropper/Win32.Necurs 20140610
AntiVir TR/Crypt.ZPACK.71215 20140611
Avast Win32:Trojan-gen 20140611
AVG Zbot.JTY 20140611
BitDefender Gen:Variant.Kazy.392050 20140611
Bkav HW32.CDB.20fc 20140606
Emsisoft Gen:Variant.Kazy.392050 (B) 20140611
ESET-NOD32 Win32/Spy.Zbot.ABS 20140611
F-Secure Gen:Variant.Kazy.392050 20140611
Fortinet W32/Zbot.AAU!tr 20140611
GData Gen:Variant.Kazy.392050 20140611
Ikarus Trojan.Zbot 20140611
K7AntiVirus Spyware ( 0049a4df1 ) 20140610
K7GW Spyware ( 0049a4df1 ) 20140610
Kaspersky Trojan-Spy.Win32.Zbot.teps 20140611
Malwarebytes Spyware.Zbot.VXGen 20140611
McAfee Artemis!A067B6232F5A 20140611
McAfee-GW-Edition Artemis!A067B6232F5A 20140610
eScan Gen:Variant.Kazy.392050 20140611
NANO-Antivirus Trojan.Win32.Zbot.damusw 20140611
Panda Trj/CI.A 20140610
Qihoo-360 HEUR/Malware.QVM20.Gen 20140611
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140610
Sophos AV Mal/Generic-S 20140611
Symantec WS.Reputation.1 20140611
Tencent Win32.Trojan-spy.Zbot.Ljtn 20140611
VIPRE Trojan.Win32.Generic!BT 20140611
AegisLab 20140611
Yandex 20140610
Antiy-AVL 20140611
Baidu-International 20140610
ByteHero 20140611
CAT-QuickHeal 20140611
ClamAV 20140611
CMC 20140610
Commtouch 20140611
Comodo 20140611
DrWeb 20140611
F-Prot 20140610
Jiangmin 20140611
Kingsoft 20140611
Microsoft 20140611
Norman 20140611
nProtect 20140610
SUPERAntiSpyware 20140611
TheHacker 20140610
TotalDefense 20140610
TrendMicro 20140611
TrendMicro-HouseCall 20140611
VBA32 20140610
ViRobot 20140611
Zoner 20140606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
! 1997

Product Ykaf
Original name Iuhldfkfc.exe
Internal name Ybib
File version 6, 6, 2
Description Byhi Alyp Ovuny
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-12 23:53:26
Entry Point 0x0001A91A
Number of sections 5
PE sections
PE imports
RegisterOCX
TranslateInfString
GetVersionFromFileEx
RegInstall
RegSaveRestore
IsNTAdmin
DelNodeRunDLL32
FileSaveMarkNotExist
RebootCheckOnInstall
UserInstStubWrapper
OpenINFEngine
TranslateInfStringEx
NeedRebootInit
ClusterRegQueryValue
ClusterResourceOpenEnum
ClusterGroupCloseEnum
FailClusterResource
GetClusterFromGroup
OpenClusterGroup
ClusterResourceControl
SetClusterGroupNodeList
SetClusterResourceName
PauseClusterNode
ClusterRegSetKeySecurity
GetClusterNodeId
ClusterGroupOpenEnum
ClusterGroupControl
ChangeClusterResourceGroup
ClusterGroupEnum
ClusterOpenEnum
ClusterNetworkCloseEnum
ClusterNetworkEnum
CreateClusterResource
ClusterNodeControl
GetClusterNetworkState
GetClusterNetInterfaceKey
ClusterResourceEnum
GetClusterNodeState
PropertySheetA
ImageList_Replace
FlatSB_SetScrollInfo
InitCommonControls
FlatSB_GetScrollProp
PropertySheetW
ImageList_SetDragCursorImage
FlatSB_GetScrollInfo
MakeDragList
ImageList_Merge
ImageList_DrawEx
ImageList_SetFlags
CreateToolbarEx
ImageList_Draw
LBItemFromPt
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
CreateMappedBitmap
InitCommonControlsEx
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_DragShowNolock
ImageList_Copy
ImageList_EndDrag
CryptHashMessage
CertEnumCTLContextProperties
PFXIsPFXBlob
CertDuplicateStore
CertRemoveEnhancedKeyUsageIdentifier
CertRegisterPhysicalStore
CertDeleteCertificateFromStore
CryptSIPPutSignedDataMsg
CertFindChainInStore
CertVerifyTimeValidity
CertAddEnhancedKeyUsageIdentifier
CryptFindCertificateKeyProvInfo
CertSetCTLContextProperty
CryptVerifyMessageHash
CertFindCertificateInCRL
CryptVerifyDetachedMessageSignature
CryptDecryptAndVerifyMessageSignature
CryptImportPublicKeyInfo
CryptGetMessageSignerCount
CryptSIPCreateIndirectData
CertGetEnhancedKeyUsage
CertCreateCertificateContext
CertRDNValueToStrA
CertCompareIntegerBlob
CryptQueryObject
CertCreateCertificateChainEngine
CertAddCTLLinkToStore
CertFreeCTLContext
CertFreeCRLContext
CertAddEncodedCertificateToSystemStoreA
CryptInitOIDFunctionSet
CryptUIFreeCertificatePropertiesPagesA
CryptUIDlgViewCRLW
CryptUIDlgSelectCA
CryptUIDlgCertMgr
CryptUIGetCertificatePropertiesPagesW
CryptUIWizBuildCTL
CryptUIDlgViewCRLA
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewCTLA
CryptUIFreeCertificatePropertiesPagesW
CryptUIWizFreeDigitalSignContext
CryptUIDlgViewCertificateW
PeekNamedPipe
SystemTimeToFileTime
CreateNamedPipeW
GetCompressedFileSizeW
lstrcmpW
GetLocalTime
GetAtomNameA
GetCurrentDirectoryW
GetFileSize
CreateIoCompletionPort
SetProcessPriorityBoost
FatalAppExitA
_lread
InterlockedCompareExchange
WritePrivateProfileStringW
GetCPInfo
FindFirstFileExA
SetNamedPipeHandleState
ConvertDefaultLocale
_lopen
GetSystemTimeAsFileTime
GetProcessWorkingSetSize
FindFirstFileW
Thread32First
GetSystemTimeAdjustment
WaitForMultipleObjectsEx
GetProcessShutdownParameters
SetCurrentDirectoryW
OutputDebugStringW
OpenSemaphoreA
GetStringTypeExA
GetDefaultCommConfigA
MultinetGetConnectionPerformanceW
WNetUseConnectionA
WNetGetResourceInformationW
WNetGetUserW
WNetAddConnectionW
WNetOpenEnumA
WNetDisconnectDialog
WNetConnectionDialog
WNetAddConnectionA
WNetAddConnection2A
WNetCancelConnection2A
CheckBitmapBits
InstallColorProfileA
GetColorProfileHeader
CreateProfileFromLogColorSpaceA
GetNamedProfileInfo
GetColorDirectoryW
GetStandardColorSpaceProfileW
CreateDeviceLinkProfile
GetColorProfileFromHandle
OpenColorProfileW
OpenColorProfileA
RegisterCMMA
TranslateColors
CheckColors
TranslateBitmapBits
SpoolerCopyFileEvent
InternalGetPS2PreviewCRD
SelectCMM
InternalSetDeviceConfig
IsColorProfileValid
GetCMMInfo
CreateColorTransformW
RpcBindingInqObject
I_RpcClearMutex
RpcSsDontSerializeContext
RpcAsyncCancelCall
NdrNonConformantStringMemorySize
NdrFixedArrayBufferSize
NdrComplexArrayMemorySize
NdrUserMarshalSimpleTypeConvert
NdrRangeUnmarshall
NdrEncapsulatedUnionMarshall
NdrComplexArrayFree
RpcMgmtEpEltInqBegin
MesDecodeBufferHandleCreate
I_RpcTransConnectionFreePacket
RpcServerUseProtseqA
RpcStringFreeW
RpcMgmtInqIfIds
I_RpcBindingCopy
NdrNonConformantStringUnmarshall
NdrServerContextNewUnmarshall
RpcSsDestroyClientContext
NdrFixedArrayMemorySize
NdrVaryingArrayFree
UuidCreateNil
NdrClientInitialize
NdrGetUserMarshalInfo
NdrServerInitializeNew
I_RpcTransIoCancelled
RpcSmSwapClientAllocFree
NdrComplexStructMarshall
NdrDcomAsyncStubCall
RpcServerRegisterIf2
PathRemoveArgsA
PathIsContentTypeW
PathFindExtensionA
PathIsPrefixA
PathIsDirectoryA
SHCopyKeyW
SHRegGetUSValueW
UrlEscapeW
StrCmpNIA
GetMenuPosFromID
SHRegGetUSValueA
StrFormatByteSizeW
UrlUnescapeW
PathMakeSystemFolderA
StrCSpnW
SHSkipJunction
StrTrimA
UrlApplySchemeW
StrFromTimeIntervalA
AssocQueryStringByKeyW
UrlHashA
SHRegCreateUSKeyA
PathStripPathA
UrlIsOpaqueA
PathSkipRootA
SHQueryValueExA
SHSetThreadRef
PathRemoveBlanksA
PathQuoteSpacesW
SHCreateShellPalette
SHRegWriteUSValueW
UnionRect
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:03:13 00:53:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
7.1

EntryPoint
0x1a91a

InitializedDataSize
491520

SubsystemVersion
4.0

ImageVersion
10.4

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a067b6232f5ad38ae129cb637909142a
SHA1 3a15c12a9ca78b99fd7a4dbed59639227a74cf30
SHA256 2fa0542f78965828ab5054c61aa1c7efee9dce67f1366f2e28d442af01e1dcc2
ssdeep
6144:Bw0MR66PGEMGjhX0vUweoT2BdHNXOPJJZ1ITNhcPbVSP9/:60s66PGAkZB2hkJZGjck

authentihash 03808fb45b4040338e718ebc22375127ed02ca80f236271b46d6d6f49eb39425
imphash a71e8cff47903e0a8fd94b2ff0d01424
File size 202.5 KB ( 207360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-11 06:03:42 UTC ( 4 years, 9 months ago )
Last submission 2016-06-04 06:19:55 UTC ( 2 years, 9 months ago )
File names isheriff_a067b6232f5ad38ae129cb637909142a.bin
Ybib
vt-upload-672uT
Iuhldfkfc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.