× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 329f12d0a5bec827a48c742abd1c87ba1d7be7b1aa16600422b8a1d9cce10c53
File name: 60204b057baa7a44b8d5537f2ccad6b13b93b43f
Detection ratio: 15 / 52
Analysis date: 2014-05-04 10:13:21 UTC ( 2 years, 10 months ago )
Antivirus Result Update
AntiVir TR/Spy.ZBot.aao.227 20140504
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140504
AVG Zbot.ICQ 20140504
Baidu-International Trojan.Win32.Zbot.AAO 20140504
Bkav HW32.CDB.Bc4e 20140428
ESET-NOD32 Win32/Spy.Zbot.AAO 20140504
Fortinet W32/Zbot.AAO!tr 20140504
Kaspersky Trojan-Spy.Win32.Zbot.shay 20140504
Malwarebytes Spyware.Zbot.VXGen 20140504
McAfee Artemis!A944C2D45112 20140504
McAfee-GW-Edition Artemis!A944C2D45112 20140503
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140503
Sophos Mal/Generic-S 20140504
TrendMicro-HouseCall TROJ_GEN.R02PH07E314 20140504
VIPRE Trojan.Win32.Generic!BT 20140504
Ad-Aware 20140504
AegisLab 20140504
Yandex 20140503
AhnLab-V3 20140504
Avast 20140504
BitDefender 20140504
ByteHero 20140504
CAT-QuickHeal 20140502
ClamAV 20140504
CMC 20140429
Commtouch 20140504
Comodo 20140504
DrWeb 20140504
Emsisoft 20140504
F-Prot 20140504
F-Secure 20140504
GData 20140504
Ikarus 20140504
Jiangmin 20140504
K7AntiVirus 20140502
K7GW 20140502
Kingsoft 20140504
Microsoft 20140504
eScan 20140504
NANO-Antivirus 20140504
Norman 20140504
nProtect 20140504
Panda 20140504
Qihoo-360 20140504
SUPERAntiSpyware 20140503
Symantec 20140504
TheHacker 20140502
TotalDefense 20140504
TrendMicro 20140504
VBA32 20140503
ViRobot 20140504
Zillya 20140504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© # 2000

Publisher Control Break International
Product Opiqogi
Original name Ppiokhrevv.exe
Internal name Zilu
File version 8, 9, 10
Description Icet Okyk Amopi
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-17 19:01:46
Entry Point 0x00012A6B
Number of sections 4
PE sections
PE imports
LsaNtStatusToWinError
GetExplicitEntriesFromAclW
SetPrivateObjectSecurity
ControlTraceW
RegRestoreKeyW
ConvertSDToStringSDRootDomainW
RegisterTraceGuidsW
BuildTrusteeWithObjectsAndSidW
GetNamedSecurityInfoW
ObjectDeleteAuditAlarmA
OpenEventLogA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
SetEntriesInAuditListW
LsaEnumerateAccountRights
BuildExplicitAccessWithNameA
GetAuditedPermissionsFromAclW
UnregisterTraceGuids
LsaAddAccountRights
LsaICLookupSids
GetCurrentHwProfileW
EnumServicesStatusExA
EnumServicesStatusA
ConvertSecurityDescriptorToAccessA
RegEnumValueW
StartServiceCtrlDispatcherA
BuildTrusteeWithObjectsAndNameW
RegSetValueExW
SystemFunction024
ElfOpenBackupEventLogA
ObjectOpenAuditAlarmW
BuildTrusteeWithSidW
AdvInstallFile
FileSaveMarkNotExist
NeedRebootInit
ClusterRegQueryValue
MoveClusterGroup
ClusterGroupCloseEnum
ClusterRegGetKeySecurity
ClusterNetworkControl
EvictClusterNode
ClusterRegEnumKey
CloseClusterResource
CloseClusterNetwork
ClusterResourceTypeCloseEnum
GetClusterFromGroup
OpenCluster
RemoveClusterResourceDependency
ClusterRegQueryInfoKey
GetClusterResourceState
ResumeClusterNode
ClusterRegDeleteKey
ClusterNodeOpenEnum
OpenClusterNode
GetClusterNetworkKey
CloseClusterNotifyPort
OnlineClusterGroup
GetClusterResourceKey
GetClusterNetworkId
ClusterNetworkOpenEnum
GetClusterNetInterfaceKey
GetClusterNetInterface
ClusterNodeEnum
ImageList_BeginDrag
ImageList_SetFilter
ImageList_Replace
FlatSB_SetScrollInfo
FlatSB_GetScrollProp
GetEffectiveClientRect
ImageList_Read
MakeDragList
ImageList_AddMasked
ImageList_DrawIndirect
FlatSB_ShowScrollBar
CreateToolbarEx
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_GetBkColor
ImageList_GetIcon
InitializeFlatSB
ImageList_DragEnter
InitCommonControlsEx
CreateUpDownControl
ImageList_LoadImageA
CreatePropertySheetPageW
ImageList_SetImageCount
CreateStatusWindowA
ImageList_Remove
CreatePropertySheetPageA
ImageList_Copy
PrintDlgA
FindTextA
ChooseFontA
GetFileTitleW
GetSaveFileNameA
CertEnumCTLContextProperties
CertDuplicateStore
CertCreateSelfSignCertificate
CertRegisterPhysicalStore
CertDeleteCertificateFromStore
CertStrToNameA
CryptGetKeyIdentifierProperty
CertFindExtension
CertCompareCertificate
CertSetStoreProperty
CryptFindLocalizedName
CertAddStoreToCollection
CertRegisterSystemStore
PFXExportCertStore
CertNameToStrA
CertEnumSubjectInSortedCTL
CertRemoveStoreFromCollection
CryptGetOIDFunctionAddress
CertFreeCRLContext
CertOpenStore
CertGetCRLContextProperty
CertResyncCertificateChainEngine
CertSerializeCertificateStoreElement
CertVerifySubjectCertificateContext
CertCompareCertificateName
CryptUninstallDefaultContext
CryptMsgSignCTL
CryptSetKeyIdentifierProperty
CryptProtectData
CertGetNameStringW
CryptUIDlgViewSignerInfoA
CryptUIDlgSelectCertificateW
CryptUIDlgViewSignerInfoW
CryptUIDlgViewCRLA
CryptUIGetCertificatePropertiesPagesW
CryptUIWizBuildCTL
CryptUIDlgCertMgr
CryptUIDlgSelectCA
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgViewCRLW
CryptUIWizFreeDigitalSignContext
EnumFontsW
CreateICW
GetPixel
GetCharABCWidthsI
GdiEndDocEMF
GetTextExtentExPointA
GdiGetDevmodeForPage
GdiGetBatchLimit
SetDCPenColor
GetMapMode
CreateDIBPatternBrush
RectInRegion
GetTextExtentPointW
GdiGetPageHandle
GetGlyphOutlineA
SetMiterLimit
RectVisible
DeleteColorSpace
EqualRgn
CreateDIBitmap
SetRelAbs
SetTextAlign
GetMetaFileW
CreateCompatibleDC
StretchBlt
RemoveFontResourceA
GetEnhMetaFilePixelFormat
GetBoundsRect
GetTextColor
CreateSolidBrush
Escape
StartDocW
ImmGetIMCCSize
ImmShowSoftKeyboard
ImmGetImeMenuItemsW
ImmGetCandidateListCountW
ImmDestroyIMCC
ImmGetStatusWindowPos
ImmSimulateHotKey
ImmGetDescriptionA
ImmReSizeIMCC
ImmAssociateContextEx
ImmInstallIMEA
ImmLockIMC
ImmGetOpenStatus
ImmGetCompositionStringW
ImmUnregisterWordW
ImmGetCompositionWindow
ImmGetVirtualKey
ImmRequestMessageA
ImmSetCandidateWindow
ImmGetGuideLineW
ImmRegisterWordA
ImmGetIMCCLockCount
ImmUnlockIMCC
ImmIsUIMessageA
ImmSetCompositionWindow
ImmDestroyContext
ImmCreateContext
ImmAssociateContext
InternalSetIfEntry
SetAdapterIpAddress
InternalGetIpAddrTable
GetUdpTable
GetAdaptersInfo
GetTcpTable
NhpAllocateAndGetInterfaceInfoFromStack
GetIpNetTable
FlushIpNetTable
DeleteIpNetEntry
CreateIpForwardEntry
GetIpAddrTable
GetNumberOfInterfaces
InternalSetIpStats
InternalGetIpNetTable
InternalDeleteIpForwardEntry
EnableRouter
GetBestInterface
InternalGetUdpTable
GetFriendlyIfIndex
NhGetGuidFromInterfaceName
SystemTimeToTzSpecificLocalTime
FoldStringA
DisconnectNamedPipe
SetProcessWorkingSetSize
SetSystemTime
CreateDirectoryExW
MapViewOfFileEx
SetProcessPriorityBoost
TlsGetValue
GetAtomNameW
GetLogicalDrives
WaitForDebugEvent
GetProcessHeap
EnumResourceTypesA
GetSystemDefaultLangID
WriteFile
GlobalAddAtomW
ReleaseSemaphore
GetCPInfo
MoveFileExW
GetModuleHandleA
LocalFlags
SetNamedPipeHandleState
FindResourceExW
DeleteAtom
LocalShrink
GetModuleHandleW
GetTempPathW
FindResourceW
GetLongPathNameA
CreateFileA
GetStringTypeExA
WNetCancelConnectionA
WNetGetNetworkInformationA
WNetGetProviderNameW
WNetGetNetworkInformationW
WNetCancelConnectionW
WNetGetConnectionW
WNetUseConnectionA
WNetGetUniversalNameW
WNetAddConnection2W
WNetGetConnectionA
WNetGetUniversalNameA
MultinetGetConnectionPerformanceW
WNetOpenEnumW
WNetAddConnectionW
MultinetGetConnectionPerformanceA
WNetEnumResourceW
WNetAddConnectionA
WNetAddConnection3W
WNetSetLastErrorA
WNetGetResourceParentA
WNetGetUserW
WNetSetLastErrorW
WNetAddConnection3A
acmFormatDetailsW
acmFormatEnumW
acmFilterTagEnumA
acmFormatEnumA
acmStreamConvert
acmFilterTagEnumW
acmFilterTagDetailsW
acmFormatTagDetailsA
acmStreamUnprepareHeader
acmDriverClose
acmStreamMessage
acmFormatTagEnumW
acmDriverDetailsW
acmFormatChooseW
acmStreamPrepareHeader
acmFilterEnumA
acmFormatTagEnumA
acmFilterChooseW
acmFilterDetailsA
acmMetrics
acmFormatSuggest
acmDriverOpen
acmDriverPriority
CheckBitmapBits
InstallColorProfileA
InternalGetDeviceConfig
ConvertColorNameToIndex
GetColorProfileHeader
TranslateColors
UninstallColorProfileW
UninstallColorProfileA
GetStandardColorSpaceProfileA
SelectCMM
InternalGetPS2CSAFromLCS
RegisterCMMA
GetCountColorProfileElements
CheckColors
TranslateBitmapBits
GetColorProfileElement
InternalGetPS2PreviewCRD
SetColorProfileElementReference
IsColorProfileTagPresent
InternalSetDeviceConfig
CreateColorTransformA
SetStandardColorSpaceProfileA
DeleteColorTransform
GetCMMInfo
GetNamedProfileInfo
AlphaBlend
_safe_fprem1
_adj_fdiv_m32
_wrmdir
srand
iswalnum
_stricmp
__p__acmdln
_lseek
__pioinfo
_fputwchar
__RTCastToVoid
_tzset
isxdigit
_mbccpy
_strdup
asctime
_execl
__CxxFrameHandler
_getdrive
iswxdigit
_CIsqrt
sinh
_rotl
cos
_ismbcgraph
_fsopen
_wfindfirst64
_filelengthi64
setvbuf
__crtGetLocaleInfoW
_ftime
__set_app_type
GetTypeByNameW
GetServiceA
AcceptEx
s_perror
NPLoadNameSpaces
WSARecvEx
sethostname
GetServiceW
GetAddressByNameW
dn_expand
rcmd
GetNameByTypeA
getnetbyname
NetSessionGetInfo
NetDfsManagerSendSiteInfo
I_NetServerPasswordGet
NetGroupDelUser
NetUserModalsSet
DsGetDcNameW
NetSessionDel
NetRemoteComputerSupports
NetMessageNameDel
NetReplGetInfo
NetReplImportDirDel
NetUserSetGroups
NetReplExportDirEnum
NetApiBufferAllocate
NetReplImportDirGetInfo
NetDfsGetClientInfo
NetDfsSetClientInfo
NetDfsGetInfo
NetShareAdd
NetDfsRemoveFtRootForced
NetConfigGet
I_NetLogonControl
NetLocalGroupGetInfo
NetReplExportDirGetInfo
NetAlertRaiseEx
NetReplImportDirUnlock
DsRoleGetPrimaryDomainInformation
NetFileEnum
RtlCreateUserProcess
RtlSetThreadPoolStartFunc
RtlInitializeHandleTable
ZwIsSystemResumeAutomatic
RtlLargeIntegerAdd
RtlIsGenericTableEmpty
NtQueryValueKey
RtlSetTimeZoneInformation
NtMakeTemporaryObject
NtCreateIoCompletion
RtlZeroMemory
NtSetDefaultHardErrorPort
RtlGenerate8dot3Name
ZwInitializeRegistry
NtDeleteObjectAuditAlarm
ZwTestAlert
RtlTraceDatabaseLock
RtlDetermineDosPathNameType_U
NtRemoveIoCompletion
RtlEqualUnicodeString
ZwReplaceKey
NtQueryDefaultLocale
NtQueryDirectoryFile
NtSaveMergedKeys
RtlFreeOemString
NtOpenEventPair
NtSetInformationToken
LdrQueryImageFileExecutionOptions
RtlIsTextUnicode
DsGetSpnW
DsUnquoteRdnValueW
DsCrackNamesW
DsGetSpnA
DsListServersInSiteA
DsMakeSpnW
DsListServersForDomainInSiteA
DsBindWithSpnA
DsReplicaConsistencyCheck
DsReplicaModifyA
DsFreeSpnArrayA
DsBindWithCredW
DsUnBindW
DsFreeSchemaGuidMapW
DsRemoveDsDomainW
DsQuoteRdnValueA
DsClientMakeSpnForTargetServerW
DsFreeDomainControllerInfoA
DsFreePasswordCredentials
DsBindW
DsListInfoForServerW
DsReplicaAddA
DsReplicaSyncA
NPGetConnectionPerformance
NPGetResourceParent
NPGetUser
CLIPFORMAT_UserSize
OleCreateLinkEx
ReadStringStream
CoMarshalInterThreadInterfaceInStream
CoGetMarshalSizeMax
PropStgNameToFmtId
CoFreeLibrary
OleCreateFromData
OleConvertOLESTREAMToIStorageEx
OleSave
HWND_UserUnmarshal
OleGetClipboard
GetDocumentBitStg
HWND_UserMarshal
StgCreatePropSetStg
OleRegGetUserType
PropSysAllocString
StringFromIID
StgConvertVariantToProperty
CoInstall
OleRun
CoGetObjectContext
OleConvertIStorageToOLESTREAM
WriteClassStm
CoSetState
CLSIDFromProgID
CreateOleAdviseHolder
CoQueryReleaseObject
OleGetIconOfClass
CoBuildVersion
OleBuildVersion
CoMarshalInterface
CreateStdAccessibleProxyA
WindowFromAccessibleObject
GetRoleTextW
AccessibleObjectFromPoint
ObjectFromLresult
AccessibleChildren
GetOleaccVersionInfo
GetStateTextW
AccessibleObjectFromWindow
OleUIEditLinksW
OleUIChangeIconW
OleUIPasteSpecialA
OleUIAddVerbMenuW
OleUIConvertW
OleUIPasteSpecialW
OleUIUpdateLinksW
OleUIObjectPropertiesA
PdhBrowseCountersA
PdhUpdateLogFileCatalog
PdhSetDefaultRealTimeDataSource
PdhGetRawCounterValue
PdhSetQueryTimeRange
PdhValidatePathA
PdhExpandCounterPathA
PdhLookupPerfIndexByNameW
PdhParseCounterPathW
PdhGetDataSourceTimeRangeA
PdhComputeCounterStatistics
PdhSelectDataSourceA
PdhGetFormattedCounterArrayW
PdhCollectQueryDataEx
PdhOpenQueryW
PdhGetCounterTimeBase
PdhSelectDataSourceW
PdhVbGetCounterPathElements
PdhEnumObjectsA
PdhVbGetDoubleCounterValue
PdhOpenLogA
PdhExpandCounterPathW
PdhGetDefaultPerfCounterA
PdhCloseLog
PdhGetCounterInfoA
PdhVbGetCounterPathFromList
PdhGetDefaultPerfCounterW
GetModuleFileNameExA
GetDeviceDriverFileNameA
GetDeviceDriverBaseNameW
QueryWorkingSet
GetMappedFileNameW
EnumProcesses
GetModuleInformation
EnumProcessModules
GetProcessMemoryInfo
GetModuleFileNameExW
EnumDeviceDrivers
GetWsChanges
GetModuleBaseNameW
CIState
CITextToSelectTreeEx
SetupCache
SetupCacheEx
DoneCIPerformanceData
CIMakeICommand
LocateCatalogsW
CIBuildQueryNode
InitializeCIISAPIPerformanceData
CIGetGlobalPropertyList
BindIFilterFromStream
LoadIFilter
SvcEntry_CiSvc
SetCatalogState
RasQueryRedialOnLinkFailure
RasSetOldPassword
RasRenameEntryW
RasGetEapUserIdentityA
UnInitializeRAS
RasGetAutodialEnableW
RasGetSubEntryPropertiesW
RasClearLinkStatistics
RasGetEntryPropertiesA
RasSetCredentialsW
RasSetEntryDialParamsA
RasSetCustomAuthDataA
RasQuerySharedAutoDial
RasSetAutodialAddressW
RasGetProjectionInfoA
RasHangUpA
RasGetHport
RasGetAutodialParamA
RasIsSharedConnection
RasFreeEapUserIdentityA
RasGetCustomAuthDataA
RasEditPhonebookEntryW
RasDialW
RasSetAutodialParamA
RasEnumDevicesA
RasAutodialAddressToNetwork
RasGetCustomAuthDataW
RasFreeEapUserIdentityW
ResUtilAddUnknownProperties
ResUtilSetPropertyTable
ResUtilGetDwordValue
ResUtilStartResourceService
ResUtilDupParameterBlock
ResUtilSetPropertyTableEx
ResUtilGetEnvironmentWithNetName
ResUtilVerifyPropertyTable
ResUtilSetDwordValue
ResUtilVerifyService
ResUtilSetPropertyParameterBlock
ResUtilGetSzValue
ResUtilFindDwordProperty
ResUtilGetResourceDependentIPAddressProps
ResUtilFindSzProperty
ResUtilVerifyResourceService
ResUtilGetResourceNameDependency
ResUtilIsResourceClassEqual
ResUtilFreeParameterBlock
ResUtilGetMultiSzProperty
ClusWorkerTerminate
ResUtilEnumResources
ResUtilGetResourceDependencyByClass
ClusWorkerCreate
IUnknown_QueryInterface_Proxy
NdrStubInitializeMarshall
RpcMgmtSetComTimeout
NdrCorrelationFree
NdrByteCountPointerBufferSize
NdrConformantArrayMarshall
RpcServerUseProtseqExA
NdrPointerUnmarshall
NdrComplexArrayMarshall
RpcObjectSetInqFn
UuidEqual
NdrUserMarshalUnmarshall
RpcMgmtInqIfIds
NdrConformantArrayFree
I_RpcGetCurrentCallHandle
I_RpcServerUseProtseqEp2A
I_RpcBindingInqTransportType
NdrOleFree
NdrConvert2
I_RpcGetBuffer
NdrVaryingArrayBufferSize
RpcSsSetClientAllocFree
NdrXmitOrRepAsBufferSize
RpcIfInqId
RpcSmClientFree
RpcSsSetThreadHandle
SamTestPrivateFunctionsUser
SamSetSecurityObject
SamQueryInformationGroup
SamEnumerateUsersInDomain
SamSetInformationDomain
SamiEncryptPasswords
SamiChangePasswordUser
SamOpenGroup
SamLookupDomainInSamServer
SamRemoveMemberFromGroup
SamCreateGroupInDomain
SamLookupIdsInDomain
SamRemoveMultipleMembersFromAlias
SamGetMembersInGroup
SamAddMemberToGroup
ScesrvInitializeServer
GetUserNameExW
InitSecurityInterfaceA
SealMessage
SaslGetProfilePackageA
AddSecurityPackageW
FreeContextBuffer
AddSecurityPackageA
SaslGetProfilePackageW
LsaCallAuthenticationPackage
InitSecurityInterfaceW
DeleteSecurityPackageW
QueryContextAttributesA
LsaLogonUser
QueryCredentialsAttributesA
TranslateNameW
SaslIdentifyPackageW
EnumerateSecurityPackagesW
QuerySecurityContextToken
SaslIdentifyPackageA
TranslateNameA
LsaRegisterPolicyChangeNotification
GetComputerObjectNameA
GetComputerObjectNameW
SaslAcceptSecurityContext
FreeCredentialsHandle
SetupDiGetClassImageListExA
SetupGetInfFileListW
SetupInstallServicesFromInfSectionW
SetupBackupErrorA
InstallHinfSectionA
CM_Create_Range_List
CM_Delete_Class_Key_Ex
SetupPromptForDiskA
SetupDeleteErrorW
SetupGetTargetPathW
CM_Get_First_Log_Conf
CM_Get_Device_Interface_Alias_ExW
SetupPromptForDiskW
CM_Unregister_Device_InterfaceA
SetupRemoveFromSourceListA
CM_Request_Eject_PC
CM_Modify_Res_Des_Ex
SetupDiCancelDriverInfoSearch
CM_Get_Device_ID_ListA
CM_Enumerate_Enumerators_ExA
SetupFreeSourceListW
CM_Get_Device_Interface_List_Size_ExA
CM_Delete_Range
CM_Move_DevNode_Ex
SetupDiClassGuidsFromNameA
SetupSetFileQueueAlternatePlatformW
SetupGetSourceFileSizeW
CM_Get_HW_Prof_Flags_ExW
SetupDiDeleteDeviceInterfaceData
CM_Get_Class_Registry_PropertyA
CM_Get_Sibling_Ex
SetupGetStringFieldW
ShellAboutA
SHInvokePrinterCommandW
SHGetDataFromIDListW
SHLoadInProc
FindExecutableA
InternalExtractIconListA
DuplicateIcon
SHAddToRecentDocs
DragQueryPoint
RealShellExecuteExA
ShellAboutW
ExtractAssociatedIconA
SHGetMalloc
DoEnvironmentSubstW
PathRemoveBackslashA
SHRegDeleteEmptyUSKeyA
phoneSetVolume
lineCompleteTransfer
lineGetAgentSessionList
phoneGetIconA
lineGetQueueInfo
lineHandoffW
lineSetupConferenceW
phoneSetButtonInfoA
lineHandoffA
phoneSetHookSwitch
lineGetConfRelatedCalls
lineCreateAgentW
phoneDevSpecific
lineDialA
phoneGetRing
lineSetTollListW
lineReleaseUserUserInfo
lineBlindTransferW
lineGetAppPriorityW
lineGetMessage
phoneGetDevCapsA
internalRenameLocationW
MMCGetLineStatus
TUISPIDLLCallback
NonAsyncEventThread
lineOpenW
phoneOpen
lineClose
HlinkSimpleNavigateToMoniker
URLOpenBlockingStreamA
CoInternetCreateZoneManager
URLOpenStreamW
IsLoggingEnabledW
URLOpenBlockingStreamW
HlinkGoBack
RegisterMediaTypeClass
URLDownloadToCacheFileW
RevokeFormatEnumerator
CreateFormatEnumerator
UrlMkBuildVersion
GetClassFileOrMime
Extract
ReleaseBindInfo
URLOpenPullStreamA
SendNotifyMessageA
GetKeyboardLayoutNameA
IntersectRect
GetInputState
RegisterWindowMessageA
GetCapture
SendNotifyMessageW
SetClassLongA
RegisterWindowMessageW
IMPGetIMEW
ToUnicodeEx
GetListBoxInfo
ValidateRgn
IMPSetIMEW
SendMessageCallbackA
VkKeyScanA
GetDialogBaseUnits
ChangeClipboardChain
SetDlgItemTextW
GetCursorPos
MessageBoxExA
DdeConnect
SetCursorPos
SetScrollPos
GetThreadDesktop
GetWindowTextLengthA
TrackPopupMenu
DlgDirListA
DragObject
CharNextA
SetDlgItemInt
LockWindowUpdate
MapVirtualKeyExA
CreateEnvironmentBlock
GetAppliedGPOListA
RefreshPolicy
ExpandEnvironmentStringsForUserW
UnloadUserProfile
FreeGPOListA
GetUserProfileDirectoryA
UnregisterGPNotification
GetGPOListW
RegisterGPNotification
ExpandEnvironmentStringsForUserA
GetAllUsersProfileDirectoryA
ProcessGroupPolicyCompleted
GetDefaultUserProfileDirectoryA
FreeGPOListW
VDMStartTaskInWOW
VDMGetThreadSelectorEntry
VDMGetSymbol
VDMProcessException
VDMGetSelectorModule
VDMDetectWOW
VDMKillWOW
VDMTerminateTaskWOW
VDMSetDbgFlags
VDMGetSegtablePointer
VDMGetContext
VerInstallFileA
VerFindFileA
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeW
FreeUrlCacheSpaceA
InternetUnlockRequestFile
CreateUrlCacheEntryA
InternetTimeToSystemTimeW
InternetConfirmZoneCrossingA
GetUrlCacheConfigInfoW
UnlockUrlCacheEntryFileA
InternetConnectW
HttpAddRequestHeadersA
RetrieveUrlCacheEntryStreamA
InternetConnectA
GetUrlCacheConfigInfoA
InternetAttemptConnect
FtpRenameFileW
InternetAutodial
InternetCreateUrlW
InternetQueryDataAvailable
FindNextUrlCacheContainerW
FtpGetFileW
FtpCommandW
GopherGetLocatorTypeW
InternetWriteFileExA
InternetCreateUrlA
FindCloseUrlCache
InternetSetDialStateA
FindNextUrlCacheEntryExW
HttpSendRequestW
FtpCreateDirectoryW
mciFreeCommandResource
midiOutGetErrorTextW
waveOutGetDevCapsW
midiOutShortMsg
mixerGetNumDevs
waveOutOpen
midiOutGetVolume
waveOutGetNumDevs
midiStreamOut
midiOutUnprepareHeader
waveOutGetID
mmGetCurrentTask
mmioOpenW
mciDriverNotify
mciSetDriverData
PlaySoundA
wid32Message
midiOutGetDevCapsA
waveOutSetPitch
joyGetPosEx
aux32Message
waveOutGetPlaybackRate
mmioAscend
mciSendCommandW
mciGetDeviceIDA
waveInStart
mciSendCommandA
PlayGdiScriptOnPrinterIC
SetDefaultPrinterA
DeletePrintProcessorW
EnumPortsW
ReadPrinter
AddJobA
ConvertAnsiDevModeToUnicodeDevmode
DocumentPropertiesW
EnumPortsA
DeletePrinterConnectionA
QuerySpoolMode
XcvDataW
ClosePrinter
DeletePrinterConnectionW
DeletePrinterIC
DeletePrinterKeyA
ScheduleJob
EnumPrinterDataExA
GetFormW
DevQueryPrintEx
GetJobA
FindNextPrinterChangeNotification
EnumJobsW
GetPrinterDriverW
StartDocPrinterA
WaitForPrinterChange
StartDocPrinterW
AddPortExA
DeleteFormA
GetPrinterDriverA
SetPrinterDataA
DeletePrinterDriverExA
WinStationSetPoolCount
WinStationSendMessageA
WinStationBroadcastSystemMessage
WinStationEnumerateLicenses
WinStationInstallLicense
_WinStationReInitializeSecurity
WinStationQueryInformationW
WinStationFreeMemory
WinStationShadow
_WinStationShadowTarget
WinStationEnumerateW
WinStationTerminateProcess
_WinStationShadowTargetSetup
WinStationRenameA
_WinStationBreakPoint
WinStationConnectA
WinStationEnumerateProcesses
WinStationOpenServerA
WinStationNtsdDebug
_WinStationReadRegistry
WinStationRemoveLicense
WinStationDisconnect
WinStationQueryUpdateRequired
WVTAsn1SpcLinkDecode
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcLinkEncode
CryptCATOpen
CryptCATStoreFromHandle
MsCatFreeHashTag
WVTAsn1SpcSigInfoDecode
CryptCATEnumerateAttr
SoftpubLoadSignature
WTHelperGetFileName
CryptCATPutMemberInfo
WintrustGetDefaultForUsage
WVTAsn1SpcSigInfoEncode
SoftpubCleanup
CryptCATEnumerateCatAttr
WTHelperGetKnownUsages
DriverCleanupPolicy
WVTAsn1SpcSpOpusInfoDecode
FindCertsByIssuer
WintrustSetRegPolicyFlags
WintrustCertificateTrust
CryptCATPersistStore
OfficeInitializePolicy
WinVerifyTrust
OfficeCleanupPolicy
WVTAsn1SpcSpAgencyInfoEncode
CatalogCompactHashDatabase
SoftpubDllRegisterServer
WSAAddressToStringW
WSCGetProviderPath
WSASocketW
WSAAddressToStringA
WSAResetEvent
WSAGetLastError
getsockopt
WSAAsyncGetHostByName
WSAEnumProtocolsA
WSACloseEvent
WSAWaitForMultipleEvents
WSAHtonl
WSAGetServiceClassInfoA
WSAAsyncGetHostByAddr
__WSAFDIsSet
WSAEventSelect
gethostbyname
WEP
WSARemoveServiceClass
WSASetLastError
closesocket
getprotobyname
recvfrom
WSAEnumNetworkEvents
WSCWriteProviderOrder
WSAEnumNameSpaceProvidersW
WSAAsyncGetServByPort
connect
WTSVirtualChannelPurgeOutput
WTSVirtualChannelPurgeInput
WTSLogoffSession
WTSTerminateProcess
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSOpenServerA
WTSFreeMemory
WTSShutdownSystem
WTSSendMessageA
WTSSetSessionInformationW
WTSEnumerateServersW
WTSWaitSystemEvent
WTSDisconnectSession
Number of PE resources by type
RT_BITMAP 176
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 177
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:17 20:01:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
10.0

FileAccessDate
2014:05:04 11:15:04+01:00

EntryPoint
0x12a6b

InitializedDataSize
258048

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:05:04 11:15:04+01:00

UninitializedDataSize
0

File identification
MD5 a944c2d4511226f91ae00a76ea64b9c4
SHA1 413f22d857969532a7470e9df7f743de86121e2e
SHA256 329f12d0a5bec827a48c742abd1c87ba1d7be7b1aa16600422b8a1d9cce10c53
ssdeep
6144:kVIk+Pnu74I1/1uOVGdN66D0JPb7t4aLMo:OmP493X6gHttL

imphash 7890ac3ae0c36cfffc48a77463bcccad
File size 258.0 KB ( 264192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-04 10:13:21 UTC ( 2 years, 10 months ago )
Last submission 2014-05-04 10:13:21 UTC ( 2 years, 10 months ago )
File names Zilu
60204b057baa7a44b8d5537f2ccad6b13b93b43f
Ppiokhrevv.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications