× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3df9de27c5b927c3facf9c98e1074d8189acac01ba4170e5a6b810d413ac24ca
File name: wefrgthyjki
Detection ratio: 40 / 54
Analysis date: 2014-11-02 10:46:15 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.34313 20141102
Yandex TrojanSpy.Zbot!4J0g51/IRDY 20141101
AhnLab-V3 Trojan/Win32.ShipUp 20141102
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141102
Avast Win32:LockScreen-AGS [Trj] 20141102
AVG PSW.Generic12.BQY 20141102
Avira (no cloud) TR/Spy.ZBot.qjjt 20141101
AVware Trojan.Win32.Generic!BT 20141031
Baidu-International Trojan.Win32.Zbot.aw 20141031
BitDefender Gen:Variant.Symmi.34313 20141102
CAT-QuickHeal TrojanPWS.Zbot.Gen 20141101
Comodo TrojWare.Win32.Injector.AON 20141102
DrWeb Trojan.PWS.Panda.2401 20141102
Emsisoft Gen:Variant.Symmi.34313 (B) 20141102
ESET-NOD32 Win32/Spy.Zbot.AAO 20141102
F-Secure Gen:Variant.Symmi.34313 20141102
Fortinet W32/Kryptik.WIF!tr 20141102
GData Gen:Variant.Symmi.34313 20141102
Ikarus Virus.Win32.CeeInject 20141101
K7AntiVirus Trojan ( 0048c4571 ) 20141031
K7GW Trojan ( 0048c4571 ) 20141031
Kaspersky Trojan-Spy.Win32.Zbot.qjjt 20141102
Kingsoft Win32.Troj.Zbot.qj.(kcloud) 20141102
Malwarebytes Trojan.Zbot 20141102
McAfee PWSZbot-FIU!12C67DA2D098 20141102
McAfee-GW-Edition PWSZbot-FIU!12C67DA2D098 20141102
Microsoft VirTool:Win32/CeeInject.gen!KK 20141102
eScan Gen:Variant.Symmi.34313 20141101
NANO-Antivirus Trojan.Win32.Panda.cqiffx 20141102
Norman ZBot.OETA 20141102
Qihoo-360 Win32/Trojan.Spy.e89 20141102
Rising PE:Malware.Obscure/Heur!1.9E03 20141102
Sophos Mal/Generic-S 20141031
Symantec Trojan.Zbot 20141102
Tencent Win32.Trojan-spy.Zbot.Dygs 20141102
TrendMicro TROJ_SPNR.35KD13 20141102
TrendMicro-HouseCall TROJ_SPNR.35KD13 20141102
VBA32 TrojanSpy.Zbot 20141031
VIPRE Trojan.Win32.Generic!BT 20141102
Zillya Trojan.Zbot.Win32.143212 20141101
AegisLab 20141102
Bkav 20141027
ByteHero 20141102
ClamAV 20141102
CMC 20141102
Cyren 20141102
F-Prot 20141031
Jiangmin 20141101
nProtect 20141031
SUPERAntiSpyware 20141101
TheHacker 20141031
TotalDefense 20141102
ViRobot 20141101
Zoner 20141031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2013

Publisher
Product dfdghjkjhgfds
Original name gthyjkhgf.exe
Internal name wefrgthyjki
File version 1, 0, 0, 1
Description wefrgthyju
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-09 13:50:49
Entry Point 0x00003C78
Number of sections 4
PE sections
PE imports
LocalFree
GetCurrentDirectoryW
SetFilePointer
GetModuleFileNameW
CreateFileW
GetStartupInfoW
GetModuleHandleW
CloseHandle
Ord(3820)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(5240)
Ord(4997)
Ord(5298)
Ord(4462)
Ord(527)
Ord(2980)
Ord(5099)
Ord(6592)
Ord(2374)
Ord(2050)
Ord(6567)
Ord(3251)
Ord(2486)
Ord(3394)
Ord(4424)
Ord(5237)
Ord(1722)
Ord(5208)
Ord(4073)
Ord(5747)
Ord(3782)
Ord(1089)
Ord(5996)
Ord(5006)
Ord(3733)
Ord(2540)
Ord(4506)
Ord(971)
Ord(6822)
Ord(6005)
Ord(5727)
Ord(5086)
Ord(2093)
Ord(6391)
Ord(5303)
Ord(3744)
Ord(4691)
Ord(4148)
Ord(3449)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(4154)
Ord(2873)
Ord(4948)
Ord(3917)
Ord(6690)
Ord(2363)
Ord(2853)
Ord(4717)
Ord(5018)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(6325)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(2119)
Ord(5236)
Ord(4418)
Ord(6835)
Ord(6077)
Ord(2388)
Ord(6519)
Ord(4382)
Ord(5737)
Ord(6371)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(3345)
Ord(1202)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(4548)
Ord(4381)
Ord(1875)
Ord(5285)
Ord(4617)
Ord(1773)
Ord(1971)
Ord(1767)
Ord(5623)
Ord(437)
Ord(4853)
Ord(6478)
Ord(1165)
Ord(794)
Ord(4501)
Ord(4955)
Ord(6643)
Ord(4298)
Ord(4526)
Ord(2167)
Ord(825)
Ord(2644)
Ord(4604)
Ord(5710)
Ord(4415)
Ord(641)
Ord(5276)
Ord(5251)
Ord(4401)
Ord(665)
Ord(2874)
Ord(4480)
Ord(4335)
Ord(4692)
Ord(4886)
Ord(3293)
Ord(4431)
Ord(4233)
Ord(1196)
Ord(6211)
Ord(1130)
Ord(2386)
Ord(2950)
Ord(2371)
Ord(4477)
Ord(3313)
Ord(4229)
Ord(401)
Ord(823)
Ord(6048)
Ord(529)
Ord(2047)
Ord(4537)
Ord(1560)
Ord(1851)
Ord(4958)
Ord(4641)
Ord(813)
Ord(1984)
Ord(2504)
Ord(5257)
Ord(268)
Ord(4607)
Ord(5157)
Ord(2375)
Ord(5468)
Ord(5250)
Ord(5822)
Ord(6863)
Ord(2875)
Ord(3410)
Ord(6051)
Ord(2244)
Ord(3074)
Ord(1934)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(554)
Ord(3729)
Ord(2619)
Ord(441)
Ord(4487)
Ord(4523)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(3864)
Ord(734)
Ord(3053)
Ord(4639)
Ord(796)
Ord(1850)
Ord(5095)
Ord(674)
Ord(2382)
Ord(4831)
Ord(4240)
Ord(5070)
Ord(2618)
Ord(4557)
Ord(4158)
Ord(4606)
Ord(3444)
Ord(800)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(3245)
Ord(3346)
Ord(5977)
Ord(4269)
Ord(4241)
Ord(5297)
Ord(4608)
Ord(4818)
Ord(5116)
Ord(5100)
Ord(3743)
Ord(986)
Ord(2377)
Ord(6815)
Ord(3054)
Ord(3825)
Ord(2985)
Ord(3348)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(303)
Ord(2109)
Ord(5180)
Ord(4421)
Ord(2383)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(3341)
Ord(5451)
Ord(5013)
Ord(5121)
Ord(4451)
Ord(5273)
Ord(4376)
Ord(5820)
Ord(4582)
Ord(402)
Ord(2534)
Ord(807)
Ord(4347)
Ord(1658)
Ord(324)
Ord(5296)
Ord(2527)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(1662)
Ord(3793)
Ord(617)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(3509)
Ord(5096)
Ord(1720)
Ord(4075)
Ord(4147)
Ord(3193)
Ord(5255)
Ord(4956)
Ord(2393)
Ord(6840)
Ord(5648)
Ord(4459)
Ord(4339)
Ord(2006)
Ord(4364)
Ord(4150)
Ord(4435)
Ord(4267)
Ord(5910)
Ord(4518)
Ord(6171)
Ord(2546)
Ord(4583)
Ord(5280)
Ord(6617)
Ord(2785)
Ord(561)
Ord(5094)
Ord(411)
Ord(5261)
Ord(975)
Ord(6113)
Ord(6372)
Ord(4422)
Ord(3131)
Ord(4486)
Ord(5016)
Ord(4484)
Ord(5059)
Ord(738)
Ord(6696)
Ord(5456)
Ord(4072)
Ord(6340)
Ord(4103)
Ord(4032)
Ord(5279)
Ord(4370)
Ord(4663)
Ord(976)
Ord(2437)
Ord(296)
Ord(5952)
Ord(5649)
Ord(4992)
Ord(5122)
Ord(1003)
Ord(4419)
Ord(6833)
Ord(4893)
Ord(5286)
Ord(354)
Ord(1258)
Ord(5098)
_except_handler3
__p__fmode
_XcptFilter
__CxxFrameHandler
__wgetmainargs
??1type_info@@UAE@XZ
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_exit
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
SystemParametersInfoA
MessageBoxW
UpdateWindow
IsDialogMessageW
EnableWindow
GetWindowLongA
HideCaret
FindWindowW
SetForegroundWindow
DialogBoxParamA
GetMessageTime
FindWindowA
Number of PE resources by type
RT_STRING 16
RT_ICON 9
RT_MENU 3
RT_DIALOG 2
RT_ACCELERATOR 2
RT_HTML 1
K 1
Struct(241) 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 24
NEUTRAL 11
CHINESE SIMPLIFIED 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
French (Swiss)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
708608

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2013

FileVersion
1, 0, 0, 1

TimeStamp
2013:10:09 14:50:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wefrgthyjki

FileAccessDate
2014:11:02 11:49:05+01:00

ProductVersion
1, 0, 0, 1

FileDescription
wefrgthyju

OSVersion
4.0

FileCreateDate
2014:11:02 11:49:05+01:00

OriginalFilename
gthyjkhgf.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
16384

ProductName
dfdghjkjhgfds

ProductVersionNumber
1.0.0.1

EntryPoint
0x3c78

ObjectFileType
Executable application

File identification
MD5 12c67da2d09856cc935448461e516a93
SHA1 03985f549bcab53d3a23ac711f3f5d74d3f678a3
SHA256 3df9de27c5b927c3facf9c98e1074d8189acac01ba4170e5a6b810d413ac24ca
ssdeep
12288:5CbSZpZwXt7zxJ/FbegqXKa7leSNZX6o72sHSZueBlhB8:5qSZpZwXt3xzbegqXIIHChB8

authentihash 18a5292c9859b327a5b3db036673eb146d815cb1a058f0dc680ec449de3e69ab
imphash db32699f9f914f03e03032b206b6e723
File size 713.0 KB ( 730112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-10-10 17:13:22 UTC ( 3 years, 8 months ago )
Last submission 2013-10-10 17:13:22 UTC ( 3 years, 8 months ago )
File names wefrgthyjki
03985f549bcab53d3a23ac711f3f5d74d3f678a3
gthyjkhgf.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.