× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 347a38e615e2431e19159cf947b4e21646e1c648ba47c7512bd3e7b0444bbde0
File name: message_zdm.exe
Detection ratio: 33 / 46
Analysis date: 2013-04-04 01:44:13 UTC ( 1 year ago )
Antivirus Result Update
AVG Generic31.CLRM 20130403
AhnLab-V3 Trojan/Win32.FakeAV 20130403
AntiVir TR/Kazy.151233.2 20130403
Avast Win32:LockScreen-SL [Trj] 20130404
BitDefender Trojan.Generic.KD.887581 20130404
CAT-QuickHeal Worm.Gamarue.B 20130403
Commtouch W32/SuspPack.EX2.gen!Eldorado 20130404
Comodo TrojWare.Win32.Kryptik.AVZX 20130403
DrWeb Trojan.Packed.196 20130404
ESET-NOD32 Win32/PSW.Fareit.A 20130404
F-Prot W32/SuspPack.EX2.gen!Eldorado 20130403
F-Secure Trojan.Generic.KD.887581 20130404
Fortinet W32/Kryptik.KZ!tr 20130403
GData Trojan.Generic.KD.887581 20130404
Ikarus Trojan-PWS.Win32.Fareit 20130404
K7AntiVirus Trojan 20130402
Kaspersky Trojan-PSW.Win32.Tepfer.gsof 20130404
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130401
Malwarebytes Malware.Packer.SGX2 20130403
McAfee BackDoor-FJW 20130404
McAfee-GW-Edition PWS-Zbot-FANG!6E360ACA1BE5 20130404
Microsoft PWS:Win32/Fareit.gen!C 20130404
Norman Kryptik.RMX 20130403
PCTools Malware.Qakbot!rem 20130404
Panda Trj/Tepfer.B 20130403
Sophos Troj/Zbot-ECS 20130404
Symantec W32.Qakbot 20130404
TotalDefense Win32/Fareit.FW 20130403
TrendMicro TSPY_FAREIT.PVR 20130404
TrendMicro-HouseCall TSPY_FAREIT.PVR 20130404
VBA32 OScope.Trojan.Hlux.01732 20130403
VIPRE Trojan.Win32.Generic!BT 20130403
nProtect Trojan-PWS/W32.Tepfer.130048.D 20130403
Agnitum 20130403
Antiy-AVL 20130403
ByteHero 20130322
ClamAV 20130404
Emsisoft 20130404
Jiangmin 20130331
MicroWorld-eScan 20130404
NANO-Antivirus 20130404
Rising 20130403
SUPERAntiSpyware 20130404
TheHacker 20130403
ViRobot 20130403
eSafe 20130403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:07:20
Entry Point 0x000010C0
Number of sections 4
PE sections
PE imports
RegCloseKey
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer
EnterCriticalSection
lstrlenA
GlobalFree
SetEvent
GetEnvironmentStringsW
GetTickCount
VirtualProtect
LoadLibraryA
RemoveDirectoryA
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetCommandLineA
OpenMutexA
CloseHandle
GetModuleFileNameA
WriteConsoleA
OpenSemaphoreA
Sleep
ReadConsoleW
CreateFileA
SetLastError
SetFocus
GetWindowLongA
GetClassInfoA
DispatchMessageA
CallWindowProcW
IsZoomed
IsWindow
PeekMessageA
DestroyMenu
DrawTextW
FindWindowA
GetSysColor
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
RUSSIAN 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:23 18:07:20+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
12.0

EntryPoint
0x10c0

InitializedDataSize
124928

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 6e360aca1be5569a681832df8b16f320
SHA1 bdcae4d1fd952c66f9b47250506d3f58fd2db56f
SHA256 347a38e615e2431e19159cf947b4e21646e1c648ba47c7512bd3e7b0444bbde0
ssdeep
1536:ls6A7zJw7KOAmCADAFw7K6skMmH0iG8Oi3tw9QUtiFDIb3pArcvKe11fUc50K/ei:lLPhrUnvpmLw9QQssbZHv3ffd/bUQI8

File size 127.0 KB ( 130048 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-05 21:40:54 UTC ( 1 year, 1 month ago )
Last submission 2013-04-04 01:44:13 UTC ( 1 year ago )
File names message_zdm.exe
message_zdm.exe
inc_wire_report#{DIGIT[14]}.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications