× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3bff2d34e5a0fbefb5a6f4a44debd8c2c6520c13fc276a837e1b3f346ad07f36
File name: BXnKTRK.exe
Detection ratio: 46 / 55
Analysis date: 2016-08-02 12:56:27 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.128756 20160802
AegisLab W32.W.Ngrbot.amqd!c 20160801
AhnLab-V3 Trojan/Win32.MDA.N1443011701 20160802
ALYac Gen:Variant.Zusy.128756 20160802
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20160802
Arcabit Trojan.Zusy.D1F6F4 20160802
Avast Win32:GenMalicious-JZM [Trj] 20160802
AVG Ransomer.ERO 20160802
Avira (no cloud) TR/Injector.28364813 20160802
AVware Worm.Win32.Dorkbot 20160802
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160802
BitDefender Gen:Variant.Zusy.128756 20160802
Bkav W32.ZmoaN.Trojan 20160802
CAT-QuickHeal Trojan.Lethic.MUE.B4 20160802
Comodo UnclassifiedMalware 20160802
Cyren W32/Dorkbot.NAZK-6562 20160802
DrWeb Trojan.DownLoader12.25211 20160802
Emsisoft Gen:Variant.Zusy.128756 (B) 20160802
ESET-NOD32 a variant of Win32/Kryptik.DFPB 20160802
F-Prot W32/Dorkbot.OS 20160802
F-Secure Gen:Variant.Zusy.128756 20160802
Fortinet W32/Kryptik.DJAS!tr 20160802
GData Gen:Variant.Zusy.128756 20160802
Ikarus Worm.Win32.Kasidet 20160802
Jiangmin Backdoor/Zegost.cdc 20160802
K7AntiVirus Trojan ( 0040fa5a1 ) 20160802
K7GW Trojan ( 0040fa5a1 ) 20160802
Kaspersky HEUR:Trojan.Win32.Generic 20160802
McAfee RDN/Sdbot.worm!cd 20160802
McAfee-GW-Edition BehavesLike.Win32.Sality.dh 20160802
Microsoft Worm:Win32/Dorkbot.I 20160802
eScan Gen:Variant.Zusy.128756 20160802
NANO-Antivirus Trojan.Win32.Foreign.dojiwf 20160802
Panda Trj/Chgt.O 20160802
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160802
Sophos AV Mal/Generic-S 20160802
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20160802
Symantec Trojan.Gen 20160802
Tencent Win32.Trojan.Kryptik.Lgju 20160802
TheHacker Trojan/Kryptik.dfpb 20160802
TotalDefense Win32/Zbot.GcOSNSB 20160802
VBA32 Worm.Ngrbot 20160802
VIPRE Worm.Win32.Dorkbot 20160802
ViRobot Trojan.Win32.Agent.283648.B[h] 20160802
Yandex Worm.Ngrbot!zvvLtApApag 20160802
Zillya Worm.Ngrbot.Win32.6616 20160802
Alibaba 20160802
ClamAV 20160802
CMC 20160801
Kingsoft 20160802
Malwarebytes 20160802
nProtect 20160802
TrendMicro 20160802
TrendMicro-HouseCall 20160802
Zoner 20160802
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©Kyazuzzom

Product IHDOBAIW
Original name ihdobaiw.exe
Internal name IHDOBAIW.EXE
File version 2.1.8.0
Description olicenybi yruxol wybogoix kegowye ylhogol ofziofud umsyla ibiwce yzarangy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-25 07:44:11
Entry Point 0x00024B12
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
AllocateAndInitializeSid
RegQueryValueExW
RegQueryValueW
CheckTokenMembership
GetFileTitleW
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
SetBkMode
GetRgnBox
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
SetViewportExtEx
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
DeleteObject
GetObjectW
SetTextColor
ExtTextOutW
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
PtVisible
ExtSelectClipRgn
ScaleViewportExtEx
SelectObject
SetWindowExtEx
GetTextColor
DPtoLP
Escape
GetViewportExtEx
GetBkColor
ReplaceFileA
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
BindIoCompletionCallback
HeapDestroy
ReplaceFileW
GetFileAttributesW
lstrcmpW
GetExitCodeProcess
GetProcessId
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
QueryMemoryResourceNotification
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
MoveFileA
BeginUpdateResourceW
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
TlsGetValue
FormatMessageA
SetFileAttributesW
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
InitializeCriticalSection
GlobalFindAtomW
UpdateResourceW
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
EnumResourceLanguagesW
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
GetModuleHandleA
GetFullPathNameW
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
GetMailslotInfo
UnlockFile
InterlockedDecrement
SetEnvironmentVariableA
GetThreadSelectorEntry
TerminateProcess
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
CreateEventW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
EndUpdateResourceW
FindVolumeClose
GetVersionExW
SetEvent
QueryPerformanceCounter
CreateJobSet
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
CopyFileW
GetStartupInfoA
GetDateFormatA
PurgeComm
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
GetModuleFileNameW
GetTimeFormatA
ResetEvent
GetProcessWorkingSetSize
FindFirstFileW
IsValidLocale
DuplicateHandle
GetProcAddress
GetTempPathW
GetTimeZoneInformation
CreateFileW
SetFileApisToOEM
ConvertThreadToFiber
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
GetAtomNameW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
AssignProcessToJobObject
GetProcessTimes
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
LockFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
ContinueDebugEvent
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
UnlockFileEx
GetACP
GlobalLock
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
SetMailslotInfo
VirtualAlloc
CompareStringA
SHGetFolderPathW
ShellExecuteW
PathIsUNCW
PathStripToRootW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
RedrawWindow
GetMessagePos
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
IsWindow
GrayStringW
EndPaint
OpenIcon
GetMessageTime
GetClipboardSequenceNumber
SetActiveWindow
DispatchMessageW
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClipCursor
SendMessageW
UnregisterClassA
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
GetClientRect
GetTopWindow
GetWindowTextW
EnumClipboardFormats
CopyAcceleratorTableW
GetActiveWindow
InvalidateRgn
GetMenuItemID
DestroyWindow
GetParent
UpdateWindow
GetPropW
EqualRect
GetMenuState
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
SetDlgItemInt
IsCharAlphaW
ValidateRgn
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
GetWindowPlacement
LoadStringW
CloseWindow
IsIconic
TrackPopupMenuEx
GetSubMenu
IsDialogMessageW
FlashWindow
MonitorFromPoint
SetWindowContextHelpId
WaitForInputIdle
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
GetKeyboardLayoutNameW
GetMonitorInfoA
SetMenuContextHelpId
MapWindowPoints
GetClassInfoExW
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetLastActivePopup
PtInRect
SetWindowTextW
GetDlgItem
RemovePropW
BringWindowToTop
ClientToScreen
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
ExitWindowsEx
WindowFromDC
EmptyClipboard
IsWinEventHookInstalled
CreateDialogIndirectParamW
MapDialogRect
IntersectRect
EndDialog
CopyRect
GetCapture
SetWinEventHook
MessageBeep
GetWindowThreadProcessId
MessageBoxW
GetMenu
GetKBCodePage
RegisterClassExW
SetMenu
MoveWindow
GetWindowDC
AdjustWindowRectEx
SetUserObjectInformationW
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
SystemParametersInfoA
EnableMenuItem
DefFrameProcW
IsWindowVisible
WinHelpW
SystemParametersInfoW
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
ReplyMessage
ValidateRect
IsRectEmpty
GetFocus
SetCursor
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
DocumentPropertiesW
ClosePrinter
OpenPrinterW
OleUninitialize
CLSIDFromString
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CLSIDFromProgID
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
CoGetClassObject
OleUIBusyW
Number of PE resources by type
RT_DIALOG 15
RT_FONTDIR 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
NEUTRAL 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
111616

ImageVersion
0.0

ProductName
IHDOBAIW

FileVersionNumber
2.1.8.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
olicenybi yruxol wybogoix kegowye ylhogol ofziofud umsyla ibiwce yzarangy

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
ihdobaiw.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.1.8.0

TimeStamp
2015:02:25 08:44:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IHDOBAIW.EXE

ProductVersion
2.1.8.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Kyazuzzom

MachineType
Intel 386 or later, and compatibles

CompanyName
Kyazuzzom

CodeSize
171008

FileSubtype
0

ProductVersionNumber
2.1.8.0

EntryPoint
0x24b12

ObjectFileType
Unknown

File identification
MD5 322e11b552b897adbc9abce51774988e
SHA1 c442eb5a89d206260a5c1439b83fcf8630fbefef
SHA256 3bff2d34e5a0fbefb5a6f4a44debd8c2c6520c13fc276a837e1b3f346ad07f36
ssdeep
6144:psM1eeKZZye3Tl8VU3VMO+Iii4n6kqU1E:psMFKDnxVb+c4n6kpC

authentihash d3f1fef3887d0b4bf310a2521587119f31651a52f2723c6a932786064d533bdf
imphash 2c48d8a903bd7513d0ab66726f2bd8e8
File size 277.0 KB ( 283648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2015-02-25 08:17:01 UTC ( 4 years, 1 month ago )
Last submission 2016-08-02 12:56:27 UTC ( 2 years, 7 months ago )
File names IHDOBAIW.EXE
lfQfeyK.exe
BXnKTRK.exe
wvcmjdp.exe
fef5b8ffa96c638bc88f536e7cd0586a-fef5b8ffa96c638bc88f536e7cd0586a-1424851525
ihdobaiw.exe
zcenxts.exe
322e11b552b897adbc9abce51774988e
api1.gif
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.