× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4725c6d715770221c04793c8a812c043944ff8464d2d50df15af09b1132b1ac9
File name: iuytre
Detection ratio: 42 / 55
Analysis date: 2015-10-26 09:41:17 UTC ( 1 year, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.118634 20151026
Yandex TrojanSpy.Zbot!VFCo/92Eeks 20151026
AhnLab-V3 Spyware/Win32.Zbot 20151026
ALYac Gen:Variant.Graftor.118634 20151026
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151026
Arcabit Trojan.Graftor.D1CF6A 20151026
Avast Win32:Malware-gen 20151026
AVG PSW.Generic12.CYM 20151026
AVware Trojan.Win32.Zbot.gmh (v) 20151026
Baidu-International Trojan.Win32.Injector.AOMS 20151026
BitDefender Gen:Variant.Graftor.118634 20151026
CAT-QuickHeal TrojanPWS.Zbot.Gen 20151026
Comodo UnclassifiedMalware 20151026
Cyren W32/Trojan.SCOD-7427 20151026
DrWeb Trojan.PWS.Panda.786 20151026
Emsisoft Gen:Variant.Graftor.118634 (B) 20151026
ESET-NOD32 a variant of Win32/Injector.AOMS 20151026
F-Secure Gen:Variant.Graftor.118634 20151026
Fortinet W32/Kryptik.WIF!tr 20151026
GData Gen:Variant.Graftor.118634 20151026
Ikarus Trojan-Spy.Win32.Zbot 20151026
K7AntiVirus Riskware ( 0040eff71 ) 20151026
K7GW Riskware ( 0040eff71 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151026
McAfee PWSZbot-FIU!FAB9055FC889 20151026
McAfee-GW-Edition PWSZbot-FIU!FAB9055FC889 20151026
Microsoft PWS:Win32/Zbot!ZA 20151026
eScan Gen:Variant.Graftor.118634 20151026
NANO-Antivirus Trojan.Win32.Zbot.cqnkbj 20151026
Panda Trj/CI.A 20151026
Qihoo-360 Win32/Trojan.7a3 20151026
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos Troj/Zbot-GMG 20151026
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20151026
Symantec Trojan.Zbot 20151026
Tencent Win32.Trojan-spy.Zbot.Egej 20151026
TrendMicro TROJ_SPNR.38JR13 20151026
TrendMicro-HouseCall TROJ_SPNR.38JR13 20151026
VBA32 SScope.Malware-Cryptor.FCM.3913 20151026
VIPRE Trojan.Win32.Zbot.gmh (v) 20151026
ViRobot Trojan.Win32.S.Zbot.635392.C[h] 20151026
Zillya Trojan.Zbot.Win32.140202 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
ByteHero 20151026
ClamAV 20151026
CMC 20151026
F-Prot 20151026
Jiangmin 20151025
Malwarebytes 20151026
nProtect 20151026
TheHacker 20151026
TotalDefense 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2011

Product ouiytr
Original name iuytr.EXE
Internal name iuytre
File version 1, 0, 0, 1
Description oiuytr
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-11 07:12:10
Entry Point 0x00002784
Number of sections 4
PE sections
Overlays
MD5 5c7d54e62b643acb419bb899d259c5a2
File type data
Offset 634880
Size 512
Entropy 7.58
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyW
TranslateCharsetInfo
CreateFontA
GetStartupInfoA
GetStdHandle
LoadLibraryW
GetCurrentProcessId
OpenProcess
SetEvent
GetStartupInfoW
FlushFileBuffers
GlobalUnlock
VirtualAlloc
GetModuleHandleW
GetCurrentThread
Ord(3820)
Ord(5193)
Ord(6113)
Ord(4621)
Ord(739)
Ord(5102)
Ord(6332)
Ord(4462)
Ord(2980)
Ord(5099)
Ord(2374)
Ord(5070)
Ord(2438)
Ord(5012)
Ord(459)
Ord(4934)
Ord(4891)
Ord(4073)
Ord(4454)
Ord(3782)
Ord(6048)
Ord(5996)
Ord(5069)
Ord(5257)
Ord(4435)
Ord(4422)
Ord(5236)
Ord(4523)
Ord(5247)
Ord(5727)
Ord(4362)
Ord(4940)
Ord(2093)
Ord(5303)
Ord(3744)
Ord(1822)
Ord(4691)
Ord(4148)
Ord(3449)
Ord(4616)
Ord(5652)
Ord(3167)
Ord(4851)
Ord(2873)
Ord(4718)
Ord(4620)
Ord(4717)
Ord(4996)
Ord(4880)
Ord(4033)
Ord(4539)
Ord(6370)
Ord(4647)
Ord(815)
Ord(5014)
Ord(1165)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(2119)
Ord(641)
Ord(5233)
Ord(4464)
Ord(2382)
Ord(2478)
Ord(4820)
Ord(6060)
Ord(5497)
Ord(4540)
Ord(456)
Ord(2502)
Ord(3076)
Ord(3345)
Ord(4430)
Ord(3142)
Ord(4604)
Ord(3193)
Ord(1887)
Ord(5298)
Ord(5285)
Ord(4617)
Ord(5286)
Ord(4932)
Ord(5623)
Ord(2433)
Ord(4622)
Ord(4589)
Ord(2486)
Ord(617)
Ord(5813)
Ord(3341)
Ord(3256)
Ord(4234)
Ord(825)
Ord(4614)
Ord(4149)
Ord(4343)
Ord(5710)
Ord(5237)
Ord(4531)
Ord(5276)
Ord(5251)
Ord(4952)
Ord(4401)
Ord(4424)
Ord(2874)
Ord(1203)
Ord(457)
Ord(4682)
Ord(1716)
Ord(3182)
Ord(4335)
Ord(4692)
Ord(2619)
Ord(4431)
Ord(3061)
Ord(1196)
Ord(1767)
Ord(4921)
Ord(2371)
Ord(4831)
Ord(5092)
Ord(4229)
Ord(401)
Ord(4931)
Ord(5748)
Ord(823)
Ord(4240)
Ord(4854)
Ord(529)
Ord(2047)
Ord(4537)
Ord(4516)
Ord(1851)
Ord(5096)
Ord(4488)
Ord(6371)
Ord(2504)
Ord(1878)
Ord(5006)
Ord(5015)
Ord(2096)
Ord(4607)
Ord(5157)
Ord(4984)
Ord(4298)
Ord(4147)
Ord(2875)
Ord(4269)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(1688)
Ord(2394)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4987)
Ord(5000)
Ord(554)
Ord(4381)
Ord(4906)
Ord(657)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4885)
Ord(5491)
Ord(2641)
Ord(4855)
Ord(3864)
Ord(3917)
Ord(4926)
Ord(796)
Ord(1850)
Ord(5095)
Ord(674)
Ord(2028)
Ord(5650)
Ord(4711)
Ord(736)
Ord(2618)
Ord(1886)
Ord(3249)
Ord(4599)
Ord(5573)
Ord(3444)
Ord(748)
Ord(2715)
Ord(5240)
Ord(3398)
Ord(5055)
Ord(4103)
Ord(3346)
Ord(439)
Ord(4426)
Ord(747)
Ord(4992)
Ord(6133)
Ord(4608)
Ord(4461)
Ord(5832)
Ord(4511)
Ord(4459)
Ord(1569)
Ord(5280)
Ord(986)
Ord(2377)
Ord(2986)
Ord(4819)
Ord(3825)
Ord(5281)
Ord(3743)
Ord(4419)
Ord(4606)
Ord(4074)
Ord(2640)
Ord(2546)
Ord(2109)
Ord(344)
Ord(5472)
Ord(4421)
Ord(4480)
Ord(2383)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4410)
Ord(3412)
Ord(2615)
Ord(1220)
Ord(4485)
Ord(4451)
Ord(5097)
Ord(749)
Ord(5273)
Ord(6077)
Ord(4958)
Ord(3402)
Ord(2971)
Ord(2534)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(4623)
Ord(324)
Ord(4417)
Ord(4331)
Ord(5296)
Ord(4158)
Ord(3055)
Ord(1768)
Ord(4704)
Ord(5297)
Ord(2392)
Ord(3793)
Ord(4640)
Ord(4955)
Ord(3826)
Ord(2163)
Ord(4847)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(5250)
Ord(4950)
Ord(5094)
Ord(5738)
Ord(450)
Ord(6350)
Ord(1740)
Ord(743)
Ord(1131)
Ord(1244)
Ord(4150)
Ord(3733)
Ord(2388)
Ord(4010)
Ord(4246)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(2429)
Ord(6617)
Ord(807)
Ord(3101)
Ord(4910)
Ord(561)
Ord(6348)
Ord(4994)
Ord(411)
Ord(4974)
Ord(5019)
Ord(3054)
Ord(4634)
Ord(975)
Ord(6372)
Ord(442)
Ord(3131)
Ord(2375)
Ord(4154)
Ord(6190)
Ord(5059)
Ord(5084)
Ord(4651)
Ord(6211)
Ord(4072)
Ord(1089)
Ord(6340)
Ord(3245)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(4951)
Ord(976)
Ord(2437)
Ord(296)
Ord(3509)
Ord(3276)
Ord(1003)
Ord(3348)
Ord(4249)
Ord(5496)
Ord(1202)
Ord(402)
Ord(4944)
Ord(4580)
Ord(5098)
__p__fmode
__wgetmainargs
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_controlfp
_wcmdln
_adjust_fdiv
__CxxFrameHandler
__p__commode
memcpy
_initterm
_exit
__set_app_type
GetModuleFileNameExA
PeekMessageW
UpdateWindow
EnableWindow
ReleaseCapture
SetWindowPos
GetClipboardOwner
CloseClipboard
DispatchMessageW
Number of PE resources by type
RT_STRING 14
RT_ICON 13
RT_MENU 4
RT_ACCELERATOR 3
RT_DIALOG 2
Struct(241) 2
RT_BITMAP 2
RT_HTML 1
SYS 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 27
NEUTRAL 15
FINNISH DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Turkish

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
622592

EntryPoint
0x2784

OriginalFileName
iuytr.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011

FileVersion
1, 0, 0, 1

TimeStamp
2013:10:11 08:12:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iuytre

ProductVersion
1, 0, 0, 1

FileDescription
oiuytr

OSVersion
4.0

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
8192

ProductName
ouiytr

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fab9055fc8899c122cedfec0a0a64fec
SHA1 fdbaeb0fe8f3b782b3cb7fb901a40b343cfafd37
SHA256 4725c6d715770221c04793c8a812c043944ff8464d2d50df15af09b1132b1ac9
ssdeep
3072:CZSWl5KRuKNEFNhMfVn0NiXlGcc7tSM6rTMXLzOp5dpglBII009/BMLGXya/+rjE:MSkCucf3VGc8tqrG2aD009/mAwsN

authentihash 9ae59f64436899fc13404d5d564d100e9f772a9d6a946c809c21ac05ddd84cb9
imphash f9890363e55c34207a3061451753fe9b
File size 620.5 KB ( 635392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-10-16 10:42:09 UTC ( 3 years, 5 months ago )
Last submission 2013-11-11 10:53:19 UTC ( 3 years, 4 months ago )
File names iuytr.EXE
fdbaeb0fe8f3b782b3cb7fb901a40b343cfafd37.exe
output.16148406.txt
TT COPY.scr
16148406
c-b6284-387-1382132103
TT%20COPY.scr
4725c6d715770221c04793c8a812c043944ff8464d2d50df15af09b1132b1ac9
iuytre
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!