× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4603f908de8080fc6e5d33738225a3f4c2ae609a958819be16e782ad469f38c7
File name: 005504662
Detection ratio: 47 / 56
Analysis date: 2015-07-27 17:29:51 UTC ( 6 days, 11 hours ago )
Antivirus Result Update
ALYac Trojan.Generic.KDV.907187 20150727
AVG PSW.Generic10.CHZE 20150727
AVware Win32.Malware!Drop 20150727
Ad-Aware Trojan.Generic.KDV.907187 20150727
Agnitum Trojan.Bublik!6sDCrHiLPzc 20150727
AhnLab-V3 Spyware/Win32.Zbot 20150727
Antiy-AVL Trojan/Win32.Bublik 20150727
Arcabit Trojan.Generic.KDV.DDD7B3 20150727
Avast Win32:Injector-BOP [Trj] 20150727
Avira TR/Crypt.EPACK.Gen2 20150727
Baidu-International Trojan.Win32.Bublik.ajnz 20150727
BitDefender Trojan.Generic.KDV.907187 20150727
CAT-QuickHeal Trojan.Agen.rw8 20150727
Comodo TrojWare.Win32.Kryptik.AYQE 20150727
Cyren W32/Trojan.SVOX-2156 20150727
DrWeb Trojan.Necurs.97 20150727
ESET-NOD32 Win32/Cridex.AA 20150727
Emsisoft Trojan.Generic.KDV.907187 (B) 20150727
F-Prot W32/Trojan2.NVWO 20150727
F-Secure Trojan.Generic.KDV.907187 20150727
Fortinet W32/Bublik.AA!tr 20150727
GData Trojan.Generic.KDV.907187 20150727
Ikarus Trojan.Win32.Bublik 20150727
Jiangmin Trojan/Bublik.hbu 20150726
K7AntiVirus Riskware ( 0040eff71 ) 20150727
K7GW Riskware ( 0040eff71 ) 20150727
Kaspersky Trojan.Win32.Bublik.ajnz 20150727
Kingsoft Win32.Troj.Agent.xh.(kcloud) 20150727
Malwarebytes Trojan.Zbot 20150727
McAfee PWS-Zbot.gen.ad 20150727
McAfee-GW-Edition PWS-Zbot.gen.ad 20150726
MicroWorld-eScan Trojan.Generic.KDV.907187 20150727
Microsoft Worm:Win32/Cridex.E 20150727
Panda Trj/WL.A 20150727
Qihoo-360 Win32/Trojan.f7d 20150727
Rising PE:Trojan.Win32.Generic.14500849!340789321 20150722
Sophos Troj/Zbot-EHY 20150727
Symantec W32.Cridex 20150727
Tencent Win32.Trojan.Bublik.Dzkk 20150727
TotalDefense Win32/Cridex.IH 20150727
TrendMicro BKDR_CRIDEX.AJPM 20150727
TrendMicro-HouseCall BKDR_CRIDEX.AJPM 20150727
VBA32 BScope.Malware-Cryptor.SB.01798 20150727
VIPRE Win32.Malware!Drop 20150727
Zillya Trojan.Bublik.Win32.8746 20150727
Zoner I-Worm.Cridex.AA 20150727
nProtect Trojan/W32.Bublik.128512 20150727
AegisLab 20150727
Alibaba 20150727
Bkav 20150727
ByteHero 20150727
ClamAV 20150727
NANO-Antivirus 20150727
SUPERAntiSpyware 20150727
TheHacker 20150723
ViRobot 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher ?????????? ??????????
Description ???????? ?????? ????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-19 07:09:44
Link date 8:09 AM 3/19/2013
Entry Point 0x00004430
Number of sections 8
PE sections
PE imports
RegOpenKeyExW
GetACP
GetStartupInfoA
GetWindowsDirectoryW
ReadFile
LoadLibraryW
lstrlenA
lstrcatA
CreateFileW
lstrcpyA
ExitProcess
GetStartupInfoW
lstrcatW
GetProcAddress
LoadIconW
LoadIconA
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Struct(240) 1
Number of PE resources by language
RUSSIAN 2
ENGLISH US 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
114176

EntryPoint
0x4430

MIMEType
application/octet-stream

TimeStamp
2013:03:19 08:09:44+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
13824

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1d4aaaf4ae7bfdb0d9936cd71ea717b2
SHA1 2464b7b40e5eb43e9655ca47eced6ac291bd9a0b
SHA256 4603f908de8080fc6e5d33738225a3f4c2ae609a958819be16e782ad469f38c7
ssdeep
1536:n5R2MtSdlLG1dGKQyD262wCy3HfHeSK4ySZjFIBszj0VBzErM/yF4:n5R2M8T61hQSkg3fGF1AjelK6

authentihash 070635666e33b45f506a13663d5bedd25785078b0e9d16d18c05b0e2b17f615b
imphash a5594858e70e42f49e6a56d08be3ed1d
File size 125.5 KB ( 128512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-19 14:54:44 UTC ( 2 years, 4 months ago )
Last submission 2015-06-12 10:49:03 UTC ( 1 month, 3 weeks ago )
File names KB00371046.exl
2342430.exe
1d4aaaf4ae7bfdb0d9936cd71ea717b2
005504662
5819098.exe
KB01367860.exe
Copy of KB00883353.exe
contacts.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.