× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e5ad3521e9687f3c7d895d3db88ab2e7df61aa2573c073ce913243e5f7040e0
File name: bot_k2.exe
Detection ratio: 22 / 53
Analysis date: 2014-06-19 11:54:36 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.394568 20140619
AntiVir TR/Crypt.ZPACK.86498 20140619
AVG Crypt3.ZQE 20140619
Baidu-International Trojan.Win32.Kryptik.BCEGN 20140619
BitDefender Gen:Variant.Kazy.394568 20140619
Bkav HW32.CDB.9349 20140618
Emsisoft Gen:Variant.Kazy.394568 (B) 20140619
ESET-NOD32 a variant of Win32/Kryptik.CEGN 20140619
F-Secure Gen:Variant.Kazy.394568 20140619
GData Gen:Variant.Kazy.394568 20140619
Kaspersky Trojan-Spy.Win32.Zbot.tgyq 20140619
Malwarebytes Spyware.Zbot.VXGen 20140619
McAfee PWSZbot-FXW!06E271F0AD7D 20140619
McAfee-GW-Edition Artemis!06E271F0AD7D 20140618
Microsoft PWS:Win32/Zbot.gen!Y 20140619
eScan Gen:Variant.Kazy.394568 20140619
Norman Suspicious_Gen5.ARKPJ 20140619
Panda Generic Malware 20140618
Qihoo-360 HEUR/Malware.QVM20.Gen 20140619
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140619
Sophos AV Mal/Generic-S 20140619
TrendMicro-HouseCall TROJ_GEN.R047H01FI14 20140619
AegisLab 20140619
Yandex 20140618
AhnLab-V3 20140618
Antiy-AVL 20140618
Avast 20140619
CAT-QuickHeal 20140619
ClamAV 20140619
CMC 20140619
Commtouch 20140619
Comodo 20140619
DrWeb 20140619
F-Prot 20140619
Fortinet 20140618
Ikarus 20140619
Jiangmin 20140619
K7AntiVirus 20140619
K7GW 20140619
Kingsoft 20140619
NANO-Antivirus 20140619
nProtect 20140619
SUPERAntiSpyware 20140619
Symantec 20140619
Tencent 20140619
TheHacker 20140617
TotalDefense 20140619
TrendMicro 20140619
VBA32 20140619
VIPRE 20140619
ViRobot 20140619
Zillya 20140619
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
 1995

Publisher Uniblue Registry Booster
Product Ado
Original name Mpcdb.exe
Internal name Fopore
File version 3, 4, 10
Description Dyjufa Ovisu Qigenih
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-18 02:41:47
Entry Point 0x0002E66B
Number of sections 5
PE sections
PE imports
RegisterTraceGuidsA
RegCreateKeyW
GetLengthSid
RegisterEventSourceA
OpenBackupEventLogA
CryptImportKey
RegQueryMultipleValuesW
CryptDuplicateHash
EnumServicesStatusW
ElfBackupEventLogFileW
SystemFunction013
AddUsersToEncryptedFile
LsaEnumerateAccountsWithUserRight
RemoveTraceCallback
I_ScSetServiceBitsW
CryptGetDefaultProviderA
LsaLookupPrivilegeName
BuildTrusteeWithNameA
GetTraceEnableFlags
ImpersonateNamedPipeClient
CryptSetProviderW
RegDeleteValueW
SetAclInformation
LsaSetDomainInformationPolicy
SystemFunction041
GetServiceDisplayNameA
ReadEventLogW
SetUserFileEncryptionKey
GetMultipleTrusteeA
SystemFunction029
DrawInsert
ImageList_SetFilter
ImageList_SetBkColor
ImageList_GetImageInfo
InitCommonControls
FlatSB_GetScrollProp
PropertySheetA
ImageList_SetDragCursorImage
ImageList_GetImageRect
ImageList_SetFlags
FlatSB_ShowScrollBar
LBItemFromPt
ImageList_SetOverlayImage
ImageList_AddMasked
ImageList_Draw
DestroyPropertySheetPage
DrawStatusTextA
FlatSB_SetScrollPos
ImageList_Add
InitCommonControlsEx
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_DragShowNolock
ImageList_Replace
ImageList_Copy
FlatSB_EnableScrollBar
ImageList_EndDrag
CryptUIDlgViewCTLW
CryptUIDlgSelectStoreA
CryptUIDlgViewSignerInfoA
CryptUIGetViewSignaturesPagesW
CryptUIWizDigitalSign
CryptUIDlgViewCertificatePropertiesW
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewCRLA
CryptUIDlgSelectCA
CryptUIDlgViewCTLA
CryptUIWizExport
CryptUIStartCertMgr
CryptUIWizFreeDigitalSignContext
CryptUIDlgFreeCAContext
ACUIProviderInvokeUI
CryptUIFreeViewSignaturesPagesW
CryptUIGetViewSignaturesPagesA
DeleteProxyArpEntry
InternalSetTcpEntry
InternalGetIfTable
GetTcpTable
GetIfTable
GetIcmpStatistics
NTTimeToNTPTime
GetIpForwardTable
SetIpTTL
GetIpStatistics
InternalDeleteIpNetEntry
GetUniDirectionalAdapterInfo
EnableRouter
NotifyRouteChange
InternalGetTcpTable
InternalSetIpStats
GetNetworkParams
GetPerAdapterInfo
GetUdpTable
InternalCreateIpForwardEntry
CreateIpNetEntry
GetBestRoute
DeleteIpForwardEntry
InternalSetIfEntry
SendARP
SetAdapterIpAddress
GetAdaptersInfo
IpRenewAddress
GetNumberOfInterfaces
FormatMessageW
FreeLibraryAndExitThread
GetNamedPipeHandleStateA
GlobalFlags
GetDiskFreeSpaceExW
DeleteTimerQueue
PdhVbGetOneCounterPath
PdhEnumMachinesW
PdhFormatFromRawValue
PdhReadRawLogRecord
PdhUpdateLogFileCatalog
PdhEnumMachinesA
PdhBrowseCountersA
PdhAddCounterA
PdhIsRealTimeQuery
PdhRemoveCounter
PdhParseCounterPathW
PdhGetDllVersion
PdhVbAddCounter
PdhCollectQueryData
PdhCalculateCounterFromRawValue
PdhMakeCounterPathW
PdhGetDefaultPerfObjectW
PdhVbCreateCounterPathList
PdhGetDataSourceTimeRangeW
PdhGetRawCounterArrayA
PdhEnumObjectItemsA
PdhGetCounterInfoW
PdhLookupPerfNameByIndexA
PdhOpenLogW
PdhVbGetCounterPathFromList
PdhGetDefaultPerfCounterW
PdhParseInstanceNameW
SamQueryInformationAlias
SamDeleteAlias
SamShutdownSamServer
SamSetInformationDomain
SamiChangePasswordUser2
SamLookupDomainInSamServer
SamChangePasswordUser2
SamLookupNamesInDomain
SamOpenAlias
SamEnumerateDomainsInSamServer
SamCloseHandle
SamOpenGroup
SamGetGroupsForUser
SamGetDisplayEnumerationIndex
SamEnumerateGroupsInDomain
SamRemoveMemberFromAlias
SamQuerySecurityObject
SamEnumerateAliasesInDomain
SamLookupIdsInDomain
SamAddMemberToGroup
SamQueryInformationGroup
SamiEncryptPasswords
SamCreateGroupInDomain
CM_Open_Class_Key_ExW
SetupDiLoadClassIcon
CM_Register_Device_Interface_ExW
SetupDiGetClassImageListExA
CM_Request_Device_Eject_ExW
SetupCloseLog
SetupDiOpenDeviceInfoW
CM_Intersect_Range_List
SetupGetInfFileListA
SetupQuerySpaceRequiredOnDriveW
CM_Get_Depth_Ex
SetupAdjustDiskSpaceListA
CM_Is_Dock_Station_Present
CM_Unregister_Device_Interface_ExA
SetupDiGetClassInstallParamsA
SetupDiChangeState
CM_Disconnect_Machine
SetupRemoveSectionFromDiskSpaceListA
CM_Get_Device_Interface_List_Size_ExA
SetupCancelTemporarySourceList
SetupDiGetDeviceInstanceIdW
SetupDiSetDeviceInstallParamsW
CM_Get_Depth
CM_Get_Device_ID_Size
SetupDiGetDeviceInfoListDetailA
CM_Set_HW_Prof_FlagsA
CM_Get_Parent_Ex
SetupDiClassNameFromGuidExW
CM_Query_And_Remove_SubTreeW
CM_Get_Device_Interface_List_SizeA
SetupInstallFileA
SetupDiDestroyClassImageList
IsWindow
UnlockUrlCacheEntryStream
HttpSendRequestExW
InternetUnlockRequestFile
InternetHangUp
InternetTimeToSystemTimeW
FtpFindFirstFileW
HttpOpenRequestW
FindFirstUrlCacheGroup
InternetDialW
UrlZonesDetach
InternetAutodialCallback
FindNextUrlCacheGroup
FtpRenameFileW
InternetTimeFromSystemTimeW
ShowCertificate
SetUrlCacheEntryGroupW
FtpCommandW
FtpPutFileEx
InternetFindNextFileA
HttpQueryInfoA
InternetGetCertByURLA
FindFirstUrlCacheContainerW
SetUrlCacheConfigInfoA
InternetOpenW
InternetAlgIdToStringA
InternetCrackUrlW
FindNextUrlCacheEntryA
FtpPutFileW
InternetOpenUrlW
GopherGetAttributeA
WinStationInstallLicense
WinStationSendWindowMessage
ServerGetInternetConnectorStatus
WinStationEnumerateProcesses
WinStationGetProcessSid
_WinStationReInitializeSecurity
_WinStationWaitForConnect
WinStationShadow
WinStationQueryLicense
WinStationGetTermSrvCountersValue
WinStationEnumerate_IndexedA
WinStationReset
WinStationEnumerateW
WinStationGenerateLicense
WinStationShutdownSystem
WinStationRenameA
_WinStationNotifyLogon
WinStationGetLanAdapterNameA
Number of PE resources by type
RT_BITMAP 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_ICON 1
Number of PE resources by language
ENGLISH AUS 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:18 03:41:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
200704

LinkerVersion
7.1

FileAccessDate
2014:06:19 12:51:59+01:00

EntryPoint
0x2e66b

InitializedDataSize
495616

SubsystemVersion
4.0

ImageVersion
10.0

OSVersion
4.0

FileCreateDate
2014:06:19 12:51:59+01:00

UninitializedDataSize
0

File identification
MD5 06e271f0ad7db59d6febeae7665b615b
SHA1 23be1f65208283ab95d0904e7b4be25cbf1aa42a
SHA256 4e5ad3521e9687f3c7d895d3db88ab2e7df61aa2573c073ce913243e5f7040e0
ssdeep
6144:q9W7cQBN9mwDx06Gh/XPXpeFRt7mCaF1mN5REeeS+C:qs7cQbtDxGhf4PNmCaiNTEdSr

imphash 85042ca1edfc92549eb290524be7fb86
File size 276.0 KB ( 282624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-18 18:40:58 UTC ( 4 years, 9 months ago )
Last submission 2014-06-18 18:40:58 UTC ( 4 years, 9 months ago )
File names bot_k2.exe
Mpcdb.exe
Nd6ltbF8yC.scr
Fopore
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs