× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 347a38e615e2431e19159cf947b4e21646e1c648ba47c7512bd3e7b0444bbde0
File name: 005833729
Detection ratio: 49 / 56
Analysis date: 2015-07-27 17:42:22 UTC ( 1 week ago )
Antivirus Result Update
ALYac Trojan.Generic.KD.887581 20150727
AVG Generic31.CLRM 20150727
AVware Trojan.Win32.Generic!BT 20150727
Ad-Aware Trojan.Generic.KD.887581 20150727
Agnitum Trojan.PWS.Tepfer!GQ3a40SIPFk 20150727
AhnLab-V3 Trojan/Win32.FakeAV 20150727
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20150727
Arcabit Trojan.Generic.KD.DD8B1D 20150727
Avast Win32:LockScreen-SL [Trj] 20150727
Avira TR/Kazy.151233.2 20150727
Baidu-International Trojan.Win32.Katusha.FE 20150727
BitDefender Trojan.Generic.KD.887581 20150727
CAT-QuickHeal Trojan.Urausy.C 20150727
Comodo TrojWare.Win32.Kryptik.AVZX 20150727
Cyren W32/SuspPack.EX.gen!Eldorado 20150727
DrWeb Trojan.Packed.24465 20150727
ESET-NOD32 Win32/PSW.Fareit.A 20150727
Emsisoft Trojan.Generic.KD.887581 (B) 20150727
F-Prot W32/SuspPack.EX.gen!Eldorado 20150727
F-Secure Trojan.Generic.KD.887581 20150727
Fortinet W32/Tepfer.A!tr.pws 20150727
GData Trojan.Generic.KD.887581 20150727
Ikarus Trojan-PWS.Win32.Fareit 20150727
Jiangmin Trojan/PSW.Tepfer.bjdw 20150726
K7AntiVirus Riskware ( 0040eff71 ) 20150727
K7GW Riskware ( 0040eff71 ) 20150727
Kaspersky Trojan-PSW.Win32.Tepfer.gsof 20150727
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150727
Malwarebytes Trojan.LameShield 20150727
McAfee BackDoor-FJW 20150727
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20150726
MicroWorld-eScan Trojan.Generic.KD.887581 20150727
Microsoft PWS:Win32/Fareit 20150727
NANO-Antivirus Trojan.Win32.AgentAAIK.bvhppe 20150727
Panda Trj/Agent.IVN 20150727
Qihoo-360 Win32/Trojan.PSW.6d5 20150727
Rising PE:Trojan.Win32.Generic.1436A19E!339124638 20150722
Sophos Troj/Zbot-ECS 20150727
Symantec W32.Qakbot 20150727
Tencent Win32.Trojan-qqpass.Qqrob.Wqdi 20150727
TotalDefense Win32/Fareit.FW 20150727
TrendMicro TSPY_FAREIT.PVR 20150727
TrendMicro-HouseCall TSPY_FAREIT.PVR 20150727
VBA32 OScope.Trojan.Hlux.01732 20150727
VIPRE Trojan.Win32.Generic!BT 20150727
ViRobot Trojan.Win32.S.Agent.130048.GV[h] 20150727
Zillya Trojan.Tepfer.Win32.38366 20150727
Zoner Trojan.Fareit.A 20150727
nProtect Trojan-PWS/W32.Tepfer.130048.D 20150727
AegisLab 20150727
Alibaba 20150727
Bkav 20150727
ByteHero 20150727
ClamAV 20150727
SUPERAntiSpyware 20150727
TheHacker 20150723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:07:20
Link date 7:07 PM 1/23/2013
Entry Point 0x000010C0
Number of sections 4
PE sections
PE imports
RegCloseKey
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer
EnterCriticalSection
lstrlenA
GlobalFree
SetEvent
GetEnvironmentStringsW
GetTickCount
VirtualProtect
LoadLibraryA
RemoveDirectoryA
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetCommandLineA
OpenMutexA
CloseHandle
GetModuleFileNameA
WriteConsoleA
OpenSemaphoreA
Sleep
ReadConsoleW
CreateFileA
SetLastError
SetFocus
GetWindowLongA
GetClassInfoA
DispatchMessageA
CallWindowProcW
IsZoomed
IsWindow
PeekMessageA
DestroyMenu
DrawTextW
FindWindowA
GetSysColor
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
RUSSIAN 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:01:23 19:07:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
12.0

EntryPoint
0x10c0

InitializedDataSize
124928

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 6e360aca1be5569a681832df8b16f320
SHA1 bdcae4d1fd952c66f9b47250506d3f58fd2db56f
SHA256 347a38e615e2431e19159cf947b4e21646e1c648ba47c7512bd3e7b0444bbde0
ssdeep
1536:ls6A7zJw7KOAmCADAFw7K6skMmH0iG8Oi3tw9QUtiFDIb3pArcvKe11fUc50K/ei:lLPhrUnvpmLw9QQssbZHv3ffd/bUQI8

authentihash 52c81ba8a523e234e2f2b744fa38cb07f85a922120466466bd16f81de52d0a65
imphash f6f3fcf5dd77969d1ec68a4585d3bbe9
File size 127.0 KB ( 130048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-05 21:40:54 UTC ( 2 years, 5 months ago )
Last submission 2015-06-12 10:58:10 UTC ( 1 month, 3 weeks ago )
File names message_zdm.exe
005833729
message_zdm.exe
inc_wire_report#{DIGIT[14]}.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications