× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36d9e805cd125f25c2ebeab2a0478090baa43cba621252470c86a46436826e71
File name: vt-upload-X2Ffh
Detection ratio: 22 / 54
Analysis date: 2014-09-17 14:38:37 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.444134 20140917
AhnLab-V3 Trojan/Win32.Necurs 20140917
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140917
Avast Win32:Malware-gen 20140917
AVG PSW.Generic12.AUAD 20140917
Avira (no cloud) TR/Crypt.ZPACK.Gen7 20140917
BitDefender Gen:Variant.Kazy.444134 20140917
DrWeb Trojan.PWS.Panda.2401 20140917
Emsisoft Gen:Variant.Kazy.444134 (B) 20140917
ESET-NOD32 Win32/Spy.Zbot.AAO 20140917
F-Secure Gen:Variant.Kazy.444134 20140917
Fortinet W32/Zbot.AAO!tr 20140917
GData Gen:Variant.Kazy.444134 20140917
Kaspersky Trojan-Spy.Win32.Zbot.tynp 20140917
Kingsoft Win32.Troj.Zbot.ty.(kcloud) 20140917
Malwarebytes Trojan.Psuedo.inj 20140917
McAfee Artemis!8AC2F2F39807 20140917
McAfee-GW-Edition BehavesLike.Win32.FakeRean.gc 20140916
Microsoft PWS:Win32/Zbot 20140917
eScan Gen:Variant.Kazy.444134 20140917
Panda Trj/Genetic.gen 20140917
Sophos AV Mal/Yakes-F 20140917
AegisLab 20140917
Yandex 20140917
AVware 20140917
Baidu-International 20140917
Bkav 20140916
ByteHero 20140917
CAT-QuickHeal 20140917
ClamAV 20140917
CMC 20140917
Comodo 20140917
Cyren 20140917
F-Prot 20140917
Ikarus 20140917
Jiangmin 20140916
K7AntiVirus 20140917
K7GW 20140917
NANO-Antivirus 20140917
Norman 20140917
nProtect 20140917
Qihoo-360 20140917
Rising 20140917
SUPERAntiSpyware 20140917
Symantec 20140917
Tencent 20140917
TheHacker 20140915
TotalDefense 20140917
TrendMicro 20140917
TrendMicro-HouseCall 20140917
VBA32 20140917
VIPRE 20140917
ViRobot 20140917
Zillya 20140917
Zoner 20140916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright © 1998-2010 Mark Russinovich

Publisher Sysinternals - www.sysinternals.com
Product Process Explorer
Original name Procexp.exe
Internal name Process Explorer
File version 1.2.0.4
Description WSysinternals Process Explorer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-30 22:32:40
Entry Point 0x000374B0
Number of sections 5
PE sections
Number of PE resources by type
RT_DIALOG 3
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
PE resources
File identification
MD5 8ac2f2f398074b22423c2872bbcf1876
SHA1 ce9c9976440e53630e9fc6da066fd5d738b2a8db
SHA256 36d9e805cd125f25c2ebeab2a0478090baa43cba621252470c86a46436826e71
ssdeep
12288:V8QWu1RobdugGB3MN9Id6VAeudQ8pJfbR:SQB1ObvP9Idy8pJTR

authentihash 0cfdc0f3d3aee631ab6bbaf241c873cd6367f3260bfe23139f832134cfc322ea
imphash 7cc4ea9288e1003f5eba6cf054e7f9e6
File size 403.5 KB ( 413184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-17 14:38:37 UTC ( 4 years, 2 months ago )
Last submission 2014-09-17 14:38:37 UTC ( 4 years, 2 months ago )
File names Process Explorer
Procexp.exe
vt-upload-X2Ffh
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests