× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 347a38e615e2431e19159cf947b4e21646e1c648ba47c7512bd3e7b0444bbde0
File name: 005833729
Detection ratio: 49 / 57
Analysis date: 2016-05-24 14:08:26 UTC ( 3 months ago )
Antivirus Result Update
ALYac Trojan.Generic.KD.887581 20160524
AVG Generic31.CLRM 20160524
AVware Trojan.Win32.Generic!BT 20160524
Ad-Aware Trojan.Generic.KD.887581 20160524
AegisLab Troj.PSW32.W.Tepfer.gsof!c 20160524
AhnLab-V3 Trojan/Win32.FakeAV 20160524
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20160524
Arcabit Trojan.Generic.KD.DD8B1D 20160524
Avira (no cloud) TR/Kazy.151233.2 20160524
Baidu Win32.Trojan.Kryptik.ds 20160523
Baidu-International Trojan.Win32.Katusha.FE 20160524
BitDefender Trojan.Generic.KD.887581 20160524
CAT-QuickHeal Trojan.Urausy.C 20160524
Comodo TrojWare.Win32.Kryptik.AVZX 20160524
Cyren W32/SuspPack.EX.gen!Eldorado 20160524
DrWeb Trojan.Packed.24465 20160524
ESET-NOD32 Win32/PSW.Fareit.A 20160524
Emsisoft Trojan.Generic.KD.887581 (B) 20160524
F-Prot W32/SuspPack.EX.gen!Eldorado 20160524
F-Secure Trojan.Generic.KD.887581 20160524
Fortinet W32/Tepfer.A!tr.pws 20160524
GData Trojan.Generic.KD.887581 20160524
Ikarus Trojan-PWS.Win32.Fareit 20160524
Jiangmin Trojan/PSW.Tepfer.atox 20160524
K7AntiVirus Riskware ( 0040eff71 ) 20160524
K7GW Trojan ( 0040f2c01 ) 20160524
Kaspersky Trojan-PSW.Win32.Tepfer.gsof 20160524
Malwarebytes Trojan.LameShield 20160524
McAfee BackDoor-FJW 20160524
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.cc 20160524
eScan Trojan.Generic.KD.887581 20160524
Microsoft PWS:Win32/Fareit 20160524
NANO-Antivirus Trojan.Win32.AgentAAIK.bvhppe 20160524
Panda Trj/Agent.IVN 20160523
Qihoo-360 Win32/Trojan.PSW.6d5 20160524
Rising Trjoan.Generic-GwWqUTqsx5Q (Cloud) 20160524
Sophos Troj/Zbot-ECS 20160524
Symantec W32.Qakbot 20160524
Tencent Win32.Trojan-qqpass.Qqrob.Wqdi 20160524
TotalDefense Win32/Fareit.FW 20160524
TrendMicro TSPY_FAREIT.PVR 20160524
TrendMicro-HouseCall TSPY_FAREIT.PVR 20160524
VBA32 OScope.Trojan.Hlux.01732 20160524
VIPRE Trojan.Win32.Generic!BT 20160524
ViRobot Trojan.Win32.S.Agent.130048.GV[h] 20160524
Yandex Trojan.PWS.Tepfer!GQ3a40SIPFk 20160523
Zillya Trojan.Tepfer.Win32.38366 20160524
Zoner Trojan.Fareit.A 20160524
nProtect Trojan-PWS/W32.Tepfer.130048.D 20160524
Alibaba 20160524
Avast 20160524
Bkav 20160524
CMC 20160523
ClamAV 20160524
Kingsoft 20160524
SUPERAntiSpyware 20160524
TheHacker 20160523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:07:20
Entry Point 0x000010C0
Number of sections 4
PE sections
PE imports
RegCloseKey
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer
EnterCriticalSection
lstrlenA
GlobalFree
SetEvent
GetEnvironmentStringsW
GetTickCount
VirtualProtect
LoadLibraryA
RemoveDirectoryA
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetCommandLineA
OpenMutexA
CloseHandle
GetModuleFileNameA
WriteConsoleA
OpenSemaphoreA
Sleep
ReadConsoleW
CreateFileA
SetLastError
SetFocus
GetWindowLongA
GetClassInfoA
DispatchMessageA
CallWindowProcW
IsZoomed
IsWindow
PeekMessageA
DestroyMenu
DrawTextW
FindWindowA
GetSysColor
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:01:23 19:07:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
12.0

EntryPoint
0x10c0

InitializedDataSize
124928

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 6e360aca1be5569a681832df8b16f320
SHA1 bdcae4d1fd952c66f9b47250506d3f58fd2db56f
SHA256 347a38e615e2431e19159cf947b4e21646e1c648ba47c7512bd3e7b0444bbde0
ssdeep
1536:ls6A7zJw7KOAmCADAFw7K6skMmH0iG8Oi3tw9QUtiFDIb3pArcvKe11fUc50K/ei:lLPhrUnvpmLw9QQssbZHv3ffd/bUQI8

authentihash 52c81ba8a523e234e2f2b744fa38cb07f85a922120466466bd16f81de52d0a65
imphash f6f3fcf5dd77969d1ec68a4585d3bbe9
File size 127.0 KB ( 130048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-05 21:40:54 UTC ( 3 years, 5 months ago )
Last submission 2016-05-24 14:08:26 UTC ( 3 months ago )
File names message_zdm.exe
005833729
message_zdm.exe
inc_wire_report#{DIGIT[14]}.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications