× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47323c4f7245ae85d6038f0ab77b21989bd35cc61b3e4dee9da0dac49564abd3
File name: vt-upload-ycIoo
Detection ratio: 22 / 54
Analysis date: 2014-06-26 18:07:44 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.397600 20140626
Yandex Trojan.Kryptik!5dsRFRfcKtw 20140626
AhnLab-V3 Trojan/Win32.Agent 20140626
AntiVir TR/Crypt.EPACK.20317 20140626
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140626
AVG Win32/Cryptor 20140626
BitDefender Gen:Variant.Kazy.397600 20140626
Emsisoft Gen:Variant.Kazy.397600 (B) 20140626
ESET-NOD32 a variant of Win32/Kryptik.CERZ 20140626
F-Secure Gen:Variant.Kazy.397600 20140626
GData Gen:Variant.Kazy.397600 20140626
Kaspersky Trojan-Spy.Win32.Zbot.thtj 20140626
McAfee Artemis!92A7C8D43235 20140626
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J 20140626
Microsoft PWS:Win32/Zbot 20140626
eScan Gen:Variant.Kazy.397600 20140626
Qihoo-360 Win32/Trojan.1af 20140626
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140623
Sophos AV Mal/Generic-S 20140626
Tencent Win32.Trojan-spy.Zbot.Htbz 20140626
TrendMicro-HouseCall TROJ_GEN.R0C1H01FO14 20140626
VIPRE Trojan.Win32.Generic!BT 20140626
AegisLab 20140626
Avast 20140626
Baidu-International 20140626
Bkav 20140625
ByteHero 20140626
CAT-QuickHeal 20140626
ClamAV 20140626
CMC 20140624
Commtouch 20140626
Comodo 20140626
DrWeb 20140626
F-Prot 20140626
Fortinet 20140626
Ikarus 20140626
Jiangmin 20140626
K7AntiVirus 20140626
K7GW 20140626
Kingsoft 20140626
Malwarebytes 20140626
NANO-Antivirus 20140626
Norman 20140626
nProtect 20140626
Panda 20140626
SUPERAntiSpyware 20140626
Symantec 20140626
TheHacker 20140624
TotalDefense 20140626
TrendMicro 20140626
VBA32 20140626
ViRobot 20140626
Zillya 20140626
Zoner 20140626
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-02 07:45:23
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
CallNamedPipeW
GlobalGetAtomNameW
Toolhelp32ReadProcessMemory
FileTimeToDosDateTime
GetSystemInfo
lstrcmpiA
GetEnvironmentStringsA
GetSystemDefaultLCID
IsBadWritePtr
SetThreadPriorityBoost
GlobalUnlock
FillConsoleOutputCharacterW
EndUpdateResourceA
CreatePipe
OpenProcess
ClearCommBreak
SetErrorMode
EnumSystemLocalesW
LoadLibraryExW
GetBinaryTypeA
ReadProcessMemory
WritePrivateProfileSectionA
GetCurrentThread
GetProfileStringW
GetPrivateProfileSectionA
FindNextFileW
SetNamedPipeHandleState
SetUnhandledExceptionFilter
GetStringTypeExA
IsValidLocale
SetHandleInformation
SetThreadExecutionState
SetFileAttributesA
FindCloseChangeNotification
QueryPerformanceCounter
GetProcessShutdownParameters
GetEnvironmentVariableA
GetStringTypeExW
SearchPathA
AllocConsole
ReadFileEx
LocalShrink
PrepareTape
GetThreadLocale
GetClipboardFormatNameA
ChangeMenuA
mouse_event
HideCaret
PostQuitMessage
GetShellWindow
GetForegroundWindow
SetMenuItemInfoW
RemoveMenu
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:07:02 08:45:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
343040

LinkerVersion
1.64

FileAccessDate
2014:06:26 19:06:35+01:00

EntryPoint
0x1000

InitializedDataSize
42520

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
1.0

FileCreateDate
2014:06:26 19:06:35+01:00

UninitializedDataSize
0

File identification
MD5 92a7c8d432351724dffbe2c80de7c940
SHA1 66518cfcc4a37fa44ba8244665f83e4aed7de135
SHA256 47323c4f7245ae85d6038f0ab77b21989bd35cc61b3e4dee9da0dac49564abd3
ssdeep
3072:R2t09A/gA73GFxluZjc7vpOG9sZjLAxPoPIw/KOPWO1vOe4RQX5AvemP/3f:Qt0+/gLF6Z2vo4p9aPJ1mDge

imphash 535882fa3b9af1a2104e5a69ac2ea775
File size 377.5 KB ( 386560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-26 18:07:44 UTC ( 4 years, 8 months ago )
Last submission 2014-06-26 18:07:44 UTC ( 4 years, 8 months ago )
File names vt-upload-ycIoo
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.