× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 484deec8900a14dd4fce234ce79c7c9fe23d3c9fccc1f7f6c554ff1bd88c3506
File name: vt-upload-XSZki
Detection ratio: 20 / 44
Analysis date: 2013-08-15 06:44:26 UTC ( 5 years, 7 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent 20130815
AntiVir TR/Crypt.ZPACK.Gen8 20130815
Avast Win32:Malware-gen 20130815
AVG Agent4.AYJY 20130815
BitDefender Gen:Variant.Graftor.107808 20130815
Emsisoft Gen:Variant.Graftor.107808 (B) 20130815
ESET-NOD32 a variant of Win32/Kryptik.BHUV 20130814
F-Secure Gen:Variant.Graftor.107808 20130815
GData Gen:Variant.Graftor.107808 20130815
Ikarus Trojan.Win32.Agent 20130815
Jiangmin Win32/Virut.bn 20130814
Kaspersky Trojan.Win32.Agent.abamz 20130815
Malwarebytes Malware.Packer.GPC 20130815
McAfee Artemis!C9608CD54374 20130815
McAfee-GW-Edition Artemis!C9608CD54374 20130815
Microsoft VirTool:Win32/CeeInject 20130815
Norman Kryptik.CCFR 20130815
Panda Generic Malware 20130814
Sophos AV Mal/EncPk-AKV 20130815
VIPRE Trojan.Win32.Generic!BT 20130815
Yandex 20130814
Antiy-AVL 20130815
ByteHero 20130814
CAT-QuickHeal 20130814
ClamAV 20130815
Commtouch 20130815
Comodo 20130815
DrWeb 20130815
F-Prot 20130815
Fortinet 20130815
K7AntiVirus 20130814
K7GW 20130814
Kingsoft 20130723
eScan 20130815
NANO-Antivirus 20130815
nProtect 20130815
PCTools 20130814
Rising 20130815
SUPERAntiSpyware 20130815
Symantec 20130815
TheHacker 20130814
TotalDefense 20130814
TrendMicro 20130815
TrendMicro-HouseCall 20130815
VBA32 20130815
ViRobot 20130815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-10 12:19:18
Entry Point 0x00005620
Number of sections 9
PE sections
PE imports
SetBkColor
TextOutA
GetTextExtentPoint32A
GetCharWidth32A
SetTextColor
HeapFree
TerminateThread
GlobalFree
WaitForSingleObject
QueryPerformanceCounter
HeapAlloc
VirtualProtect
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStartupInfoA
SetThreadPriority
GetCurrentProcessId
GetCurrentDirectoryA
GetCommandLineA
GetProcAddress
GetProcessHeap
CreateThread
GetModuleHandleA
InterlockedExchange
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
ExitThread
HeapReAlloc
TerminateProcess
VirtualQuery
Sleep
GetTickCount
ExitProcess
GetCurrentThreadId
VirtualAlloc
BeginPaint
HideCaret
SetCaretPos
CreateCaret
PostQuitMessage
DefWindowProcA
MessageBeep
DrawTextExA
GetSystemMetrics
EndPaint
MessageBoxA
DestroyCaret
GetDC
GetAsyncKeyState
ReleaseDC
ShowCaret
SendMessageA
GetClientRect
SetRect
TabbedTextOutA
wsprintfA
GetDesktopWindow
timeBeginPeriod
SCardAccessStartedEvent
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:10 13:19:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
7.1

EntryPoint
0x5620

InitializedDataSize
266240

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c9608cd54374cd7904a559255f80d1ed
SHA1 ae4ca3d13b384557d2c7b42f306b9f6d6294d0d0
SHA256 484deec8900a14dd4fce234ce79c7c9fe23d3c9fccc1f7f6c554ff1bd88c3506
ssdeep
3072:fKHsUmZ1Q5gl+i7XGY2fqLD72DhTRAm7rWjyW/TMaV3Hki2D/2tqCQH3opymH9Q:KAQ0+kWY+BDhTRAm/rcTPT0CQYpyW9Q

File size 296.0 KB ( 303104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-14 20:55:38 UTC ( 5 years, 7 months ago )
Last submission 2013-08-15 06:44:26 UTC ( 5 years, 7 months ago )
File names vt-upload-XSZki
vt-upload-JOY2K
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications