× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 340bf9b53fd4f06c36036f86547839d2a26d7d283dd6aba2bf24fd5052e2e6e0
File name: iztoqav.exe
Detection ratio: 20 / 57
Analysis date: 2015-01-24 17:17:42 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.12635618 20150124
Avast Win32:Trojan-gen 20150124
AVG Win32/Cryptor 20150124
Avira (no cloud) TR/Crypt.XPACK.Gen 20150124
BitDefender Trojan.Generic.12635618 20150124
Bkav HW32.Packed.2580 20150124
CAT-QuickHeal (Suspicious) - DNAScan 20150124
Emsisoft Trojan.Generic.12635618 (B) 20150124
ESET-NOD32 Win32/Spy.Zbot.ABA 20150124
F-Secure Trojan.Generic.12635618 20150124
Fortinet W32/Kryptik.CSQV!tr 20150124
GData Trojan.Generic.12635618 20150124
Kaspersky Trojan-Spy.Win32.Zbot.uwtv 20150124
McAfee PWSZbot-FAHK!265667419CF4 20150124
McAfee-GW-Edition BehavesLike.Win32.Dropper.hh 20150124
eScan Trojan.Generic.12635618 20150124
Panda Trj/Genetic.gen 20150124
Qihoo-360 Malware.QVM20.Gen 20150124
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150123
SUPERAntiSpyware Trojan.Agent/Gen-Falcomp 20150124
AegisLab 20150124
Yandex 20150124
AhnLab-V3 20150124
Alibaba 20150120
ALYac 20150124
Antiy-AVL 20150124
AVware 20150124
Baidu-International 20150124
ByteHero 20150124
ClamAV 20150124
CMC 20150124
Comodo 20150124
Cyren 20150124
DrWeb 20150124
F-Prot 20150124
Ikarus 20150124
Jiangmin 20150123
K7AntiVirus 20150124
K7GW 20150124
Kingsoft 20150124
Malwarebytes 20150124
Microsoft 20150124
NANO-Antivirus 20150124
Norman 20150123
nProtect 20150123
Sophos AV 20150124
Symantec 20150124
Tencent 20150124
TheHacker 20150123
TotalDefense 20150124
TrendMicro 20150124
TrendMicro-HouseCall 20150124
VBA32 20150123
VIPRE 20150124
ViRobot 20150124
Zillya 20150124
Zoner 20150123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Erdoaem Corniratu
Product Erdoaem
Original name lbadole.exe
Internal name lbadole.exe
File version 11.5.26832.19723
Description Erdoaem Vire Studaa 2021
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-31 08:49:01
Entry Point 0x0004B5A8
Number of sections 6
PE sections
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
LsaNtStatusToWinError
CopySid
AccessCheck
OpenServiceW
QueryServiceConfigW
LogonUserW
InitializeAcl
RegEnumValueW
RegDeleteKeyW
GetUserNameW
RegQueryValueExW
GetSecurityDescriptorLength
LsaOpenPolicy
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
RegOpenKeyA
RegisterEventSourceW
RegEnumKeyW
LsaClose
QueryServiceStatus
RegConnectRegistryW
AddAccessAllowedAce
RegOpenKeyExW
SetFileSecurityW
LsaCreateSecret
RegOpenKeyW
LsaSetSecret
SetSecurityDescriptorSacl
SetServiceStatus
RegQueryInfoKeyW
RegDeleteValueW
ControlService
LsaOpenSecret
OpenThreadToken
RegEnumKeyExW
GetLengthSid
ImpersonateNamedPipeClient
LsaRetrievePrivateData
LsaFreeMemory
RevertToSelf
StartServiceW
RegSetValueExW
AddAce
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW
DeregisterEventSource
ImpersonateLoggedOnUser
FreeSid
CloseServiceHandle
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
SetThreadLocale
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
DisconnectNamedPipe
GetCurrentProcess
OpenFileMappingW
LocalAlloc
GetVolumeInformationW
SetErrorMode
GetLogicalDrives
GetLocaleInfoW
IsDBCSLeadByteEx
GetCPInfo
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
GetStringTypeW
GetThreadPriority
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
GetExitCodeProcess
FindClose
InterlockedDecrement
QueryDosDeviceW
SetFileAttributesW
SetLastError
ConnectNamedPipe
PeekNamedPipe
DeviceIoControl
GetModuleFileNameW
TryEnterCriticalSection
HeapAlloc
FlushViewOfFile
QueueUserAPC
SetProcessWorkingSetSize
SetThreadPriority
GetCalendarInfoW
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
FoldStringW
GetSystemPowerStatus
CreateThread
GetSystemDirectoryW
DeleteCriticalSection
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
SetPriorityClass
WaitForMultipleObjectsEx
SearchPathW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetProcAddress
SleepEx
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetSystemTime
GetComputerNameW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
FlushFileBuffers
LoadLibraryA
LeaveCriticalSection
GetFileSize
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
CreateNamedPipeW
CreateFileMappingW
CompareStringW
WaitNamedPipeW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
SetEvent
CreateEventW
CreateFileW
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
WaitForSingleObjectEx
SwitchToThread
GetCurrentDirectoryW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
CancelIo
GetCurrentThread
MapViewOfFile
SetFilePointer
VirtualUnlock
ReadFile
WriteFileEx
CloseHandle
GetACP
GlobalLock
GetFileAttributesExW
GetLongPathNameW
CompareFileTime
HeapCreate
OpenEventW
VirtualFree
TransactNamedPipe
ReadFileEx
wcsncmp
malloc
_wcsupr
strtoul
??1type_info@@UAE@XZ
wcstoul
_wcsnicmp
wcscat
_stricmp
_wcslwr
isdigit
_wcsicmp
_ultow
toupper
fgets
towupper
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcstod
strncpy
_except_handler3
?terminate@@YAXXZ
_errno
qsort
fclose
isxdigit
wcslen
wcscmp
isalpha
sprintf
realloc
wcsrchr
mbstowcs
wcsncpy
towlower
__CxxFrameHandler
_CxxThrowException
strcspn
wcschr
_adjust_fdiv
_itow
??3@YAXPAX@Z
free
_strnicmp
wcscspn
_wsplitpath
__dllonexit
_wfopen
_onexit
memmove
wcsspn
wcstombs
strchr
swscanf
wcscpy
iswdigit
swprintf
_ftol
bsearch
iswalpha
iswspace
wcsstr
wcstol
_initterm
CoFileTimeNow
CoUninitialize
StgPropertyLengthAsVariant
StgConvertPropertyToVariant
FreePropVariantArray
StringFromGUID2
CoSetProxyBlanket
CreateStreamOnHGlobal
PropSysFreeString
StgConvertVariantToProperty
CLSIDFromString
CoGetClassObject
PropSysAllocString
GetClassFile
CoCreateInstance
StgOpenStorage
PropVariantCopy
CoInitializeEx
CoTaskMemAlloc
CoFreeUnusedLibraries
CreateBindCtx
PropVariantClear
CoTaskMemFree
UuidFromStringW
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Connect
NdrDllGetClassObject
NdrDllRegisterProxy
NdrOleAllocate
IUnknown_AddRef_Proxy
NdrOleFree
NdrCStdStubBuffer_Release
SHBindToParent
SHGetDesktopFolder
GetLastInputInfo
PeekMessageW
wsprintfW
UnregisterDeviceNotification
RegisterDeviceNotificationW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ARABIC NEUTRAL 1
ITALIAN 1
DUTCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:01:31 09:49:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
354816

LinkerVersion
9.0

FileAccessDate
2015:01:24 18:17:49+01:00

EntryPoint
0x4b5a8

InitializedDataSize
161792

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2015:01:24 18:17:49+01:00

UninitializedDataSize
0

File identification
MD5 265667419cf4d4d495397cae3348062b
SHA1 72f5bf58601a720fa76da32284319b6c9ad6d2cd
SHA256 340bf9b53fd4f06c36036f86547839d2a26d7d283dd6aba2bf24fd5052e2e6e0
ssdeep
12288:qezB1jMMdj94JnL6n9gVkzcX4IQwtK2gRNPg5L+ZjAP6g:v1jMMh9+5VkztwoR0LFV

authentihash 52abcbebf2dc2259084376fee28ccac2f112f4ed8777ea9d8ac7629756a7f1ac
imphash e7a8a69fd9d92471d9c4e9e085bcca22
File size 506.6 KB ( 518749 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-24 17:17:42 UTC ( 4 years, 1 month ago )
Last submission 2015-01-24 17:17:42 UTC ( 4 years, 1 month ago )
File names iztoqav.exe
lbadole.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.