× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b32362054d303ae3fdd0e6a2be46d9a79d965c4c616f162cb21e2073bba7d12
File name: byMCeocE.exe
Detection ratio: 41 / 55
Analysis date: 2016-01-11 15:08:45 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.392065 20160120
Yandex TrojanSpy.Zbot!JLvPdUKdUNA 20160120
AhnLab-V3 Spyware/Win32.Banker 20160120
ALYac Gen:Variant.Kazy.392065 20160120
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160120
Arcabit Trojan.Kazy.D5FB81 20160120
Avast Win32:Malware-gen 20160120
AVG Inject2.AJKZ 20160120
Avira (no cloud) TR/Crypt.ZPACK.71502 20160120
Baidu-International Trojan.Win32.Zbot.AAO 20160120
BitDefender Gen:Variant.Kazy.392065 20160120
Bkav W32.ZedimaS.Trojan 20160120
CAT-QuickHeal TrojanSpy.Zbot.r4 20160119
Comodo UnclassifiedMalware 20160120
DrWeb Trojan.PWS.Panda.8820 20160120
Emsisoft Gen:Variant.Kazy.392065 (B) 20160120
ESET-NOD32 Win32/Spy.Zbot.AAO 20160120
F-Secure Gen:Variant.Kazy.392065 20160120
Fortinet W32/Zbot.TEXD!tr 20160120
GData Gen:Variant.Kazy.392065 20160120
Ikarus Trojan-Spy.Win32.Zbot 20160120
Jiangmin Trojan/Generic.bbqwb 20160120
K7AntiVirus Spyware ( 004b908d1 ) 20160120
K7GW Spyware ( 004b908d1 ) 20160120
Kaspersky HEUR:Trojan.Win32.Generic 20160120
Malwarebytes Spyware.Zbot.VXGen 20160120
McAfee GenericR-DYB!BF2239887B59 20160120
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20160120
Microsoft PWS:Win32/Zbot 20160120
eScan Gen:Variant.Kazy.392065 20160120
NANO-Antivirus Trojan.Win32.Zbot.dbcawo 20160120
Panda Trj/Genetic.gen 20160120
Qihoo-360 Win32/Trojan.622 20160120
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160120
Sophos AV Mal/Generic-S 20160120
Symantec Infostealer.Banker.C 20160120
Tencent Win32.Trojan-spy.Zbot.Pgwg 20160120
TrendMicro TROJ_SPNR.0BFJ14 20160120
TrendMicro-HouseCall TROJ_SPNR.0BFJ14 20160120
VIPRE Trojan.Win32.Generic!BT 20160120
Zillya Trojan.Zbot.Win32.158167 20160120
AegisLab 20160120
Alibaba 20160120
ByteHero 20160120
ClamAV 20160120
CMC 20160111
Cyren 20160120
F-Prot 20160120
nProtect 20160120
SUPERAntiSpyware 20160120
TheHacker 20160119
TotalDefense 20160120
VBA32 20160120
ViRobot 20160120
Zoner 20160120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1993-2010

Product HOCXcvEcHVS
Original name kaYjYoP.exe
Internal name byMCeocE.exe
File version 21,12,35,35
Description OIcCEpe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-07 12:40:17
Entry Point 0x00001630
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
InitializeSecurityDescriptor
RegSetValueExA
ControlService
StartServiceA
RegDeleteValueA
RegCreateKeyExA
DeleteService
RegOpenKeyExA
OpenSCManagerA
IsTextUnicode
RegQueryValueExW
ChooseFontW
FindTextW
FindTextA
ChooseFontA
CreateDCA
SetTextColor
SetAbortProc
CreateFontIndirectW
SetViewportExtEx
GetTextExtentPoint32A
EnumFontsW
GetStockObject
CreateFontIndirectA
GetTextMetricsA
EndPage
StartPage
DeleteObject
GetObjectW
CreateDCW
StartDocW
CreateHatchBrush
LPtoDP
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
GetConsoleOutputCP
GetShortPathNameW
LoadResource
TerminateThread
lstrcpynA
GetConsoleCP
GetOEMCP
HeapReAlloc
IsDebuggerPresent
HeapAlloc
CreateTapePartition
FatalAppExitA
GlobalUnlock
GetFileAttributesW
DeleteFileA
lstrlenW
GetLocalTime
GlobalSize
FreeEnvironmentStringsA
GetCurrentProcess
LoadLibraryExA
SizeofResource
SearchPathA
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
UnhandledExceptionFilter
GetModuleHandleW
GetCurrentDirectoryA
QueueUserAPC
MultiByteToWideChar
HeapSize
GetEnvironmentStrings
GetCommandLineA
GetUserDefaultLCID
GetConsoleScreenBufferInfo
FileTimeToSystemTime
GetCurrentThread
WriteTapemark
SwitchToThread
ExitThread
GetStringTypeA
GetModuleHandleA
ZombifyActCtx
WriteFileEx
DeleteAtom
WaitForSingleObject
GetSystemTimeAsFileTime
CreateFileMappingA
GlobalMemoryStatus
GetSystemDirectoryA
WaitForMultipleObjects
CreateThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FreeLibrary
LocalFree
FindResourceA
TerminateProcess
GetLogicalProcessorInformation
GetModuleFileNameA
GetTimeZoneInformation
CreateEventW
HeapCreate
PostQueuedCompletionStatus
RtlMoveMemory
FindAtomA
lstrcatW
Sleep
GetFileType
SetEndOfFile
CreateFileA
ExitProcess
GetProcAddress
VirtualAlloc
DeleteFileW
WriteConsoleW
CloseHandle
DragAcceptFiles
ShellExecuteExA
MapWindowPoints
GetCursorPos
RegisterClassA
GetParent
UpdateWindow
RegisterWindowMessageA
HideCaret
CheckRadioButton
GetMessageW
FindWindowA
MessageBeep
LoadMenuW
SetWindowPos
GetMenuState
GetSystemMetrics
SetWindowLongW
PeekMessageW
GetWindowRect
RegisterClassExW
PostMessageA
ReleaseCapture
DialogBoxParamW
GetDlgItemTextA
WindowFromPoint
MessageBoxA
AppendMenuW
CharLowerW
SetWindowLongA
TranslateMessage
InvalidateRect
GetDC
RegisterClassExA
GetAsyncKeyState
DrawTextA
BeginPaint
CreatePopupMenu
CheckMenuItem
SendMessageW
GetWindowLongA
GetClassLongW
SendDlgItemMessageW
IsWindowVisible
GetDesktopWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
DrawTextW
BringWindowToTop
LoadCursorA
ClientToScreen
CallNextHookEx
LoadAcceleratorsA
GetSubMenu
IsClipboardFormatAvailable
CreateWindowExA
UnhookWinEvent
LoadStringW
IsDialogMessageW
GetSysColorBrush
CharNextA
SetDlgItemInt
IsWindowUnicode
GetFocus
CreateWindowExW
LoadAcceleratorsW
EnableWindow
CloseClipboard
CharNextW
IsDialogMessageA
TranslateAcceleratorW
ClosePrinter
OpenPrinterW
Number of PE resources by type
RT_STRING 34
RT_RCDATA 32
RT_DIALOG 6
RT_ACCELERATOR 4
RT_MENU 3
RT_VERSION 1
Number of PE resources by language
ENGLISH US 80
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
21.12.35.35

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
444928

EntryPoint
0x1630

OriginalFileName
kaYjYoP.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1993-2010

FileVersion
21,12,35,35

TimeStamp
2014:06:07 12:40:17+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
byMCeocE.exe

ProductVersion
21,12

FileDescription
OIcCEpe

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sredios,Company

CodeSize
23040

ProductName
HOCXcvEcHVS

ProductVersionNumber
21.12.35.35

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bf2239887b591f603c16ea315efa9d67
SHA1 0d0d7eb70e363ce2ee655f8f51b22e85bc31809a
SHA256 3b32362054d303ae3fdd0e6a2be46d9a79d965c4c616f162cb21e2073bba7d12
ssdeep
6144:t1w/vf9iATyD5dNmwyML88fHNeL33s2i0jj3XP7:t1IFa5SwyMHkBDj7

authentihash 442b763f39b883d416fe20f4fab8351b42e20571f193c6637dacb8decdaeca97
imphash 6cdfe17ca6ceeda2963054b091be5f81
File size 222.0 KB ( 227328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-10 14:52:54 UTC ( 4 years, 6 months ago )
Last submission 2014-06-10 14:52:54 UTC ( 4 years, 6 months ago )
File names vt-upload-S9Opc
byMCeocE.exe
kaYjYoP.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests