× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 51c5bb652e77561de9572224ac6204ed7cf9cbc45da7034ff8540fe3910332ea
File name: vt-upload-ZZwoi
Detection ratio: 35 / 50
Analysis date: 2014-01-27 02:14:49 UTC ( 3 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.5741335 20140127
Yandex TrojanSpy.ZBot.Gen!Pac.23 20140126
AhnLab-V3 Trojan/Win32.Zbot 20140126
AntiVir TR/Crypt.XPACK.Gen 20140126
Avast Win32:Malware-gen 20140127
AVG Generic21.BOIN 20140126
BitDefender Trojan.Generic.5741335 20140127
Bkav W32.MosquitoQKK.Fam.Trojan 20140125
Commtouch W32/Troj_Obfusc.G.gen!Eldorado 20140127
Comodo Packed.Win32.MUPX.Gen 20140126
DrWeb Trojan.Packed.194 20140127
Emsisoft Trojan.Generic.5741335 (B) 20140127
ESET-NOD32 a variant of Win32/Kryptik.MCF 20140126
F-Prot W32/Troj_Obfusc.G.gen!Eldorado 20140126
F-Secure Trojan.Generic.5741335 20140126
Fortinet W32/Kryptik.WCH!tr 20140127
GData Trojan.Generic.5741335 20140127
Ikarus Trojan-PWS.Win32.Zbot 20140126
Jiangmin TrojanSpy.Zbot.aalz 20140126
K7AntiVirus Trojan ( 00386dc51 ) 20140125
K7GW Trojan ( 00386dc51 ) 20140125
Kaspersky HEUR:Trojan.Win32.Generic 20140127
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Spyware.Passwords.XGen 20140127
McAfee PWS-Zbot.gen.fw 20140127
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.J!81 20140127
eScan Trojan.Generic.5741335 20140127
Norman Kryptik.VT 20140126
nProtect Trojan.Generic.5741335 20140126
Panda Bck/Qbot.AO 20140126
Qihoo-360 Malware.QVM19.Gen 20140127
Sophos Mal/FakeAV-JX 20140127
TrendMicro TROJ_KRYPTIK.SM0 20140127
TrendMicro-HouseCall TROJ_KRYPTIK.SM0 20140127
VIPRE Trojan.Win32.Kryptik.mcf (v) 20140127
Antiy-AVL 20140126
Baidu-International 20140126
ByteHero 20140127
CAT-QuickHeal 20140125
ClamAV 20140126
CMC 20140122
Microsoft 20140127
NANO-Antivirus 20140126
Rising 20140126
SUPERAntiSpyware 20140126
Symantec 20140127
TheHacker 20140126
TotalDefense 20140127
VBA32 20140125
ViRobot 20140126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright © Sbhdlwq Mexrhgukl 2000-2010

Publisher Sbhdlwq Mexrhgukl
Product Sbhdlwq Dxmfuxhrey Igqjftv
Original name Sbhdlwq.exe
Internal name Sbhdlwq
File version 105, 67, 8, 7
Description Sbhdlwq Dxmfuxhrey Igqjftv
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-05-25 01:37:58
Entry Point 0x00004E06
Number of sections 3
PE sections
PE imports
SetFilePointer
GetSystemTime
GetLastError
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileMappingW
ReleaseMutex
UnmapViewOfFile
CreateNamedPipeW
LoadLibraryW
GlobalFree
WaitForSingleObject
GetVersionExW
FreeLibrary
ExitProcess
CreateDirectoryA
GlobalUnlock
FlushFileBuffers
LoadLibraryA
GetFileSize
GetFileAttributesW
GetLocalTime
DisconnectNamedPipe
GetCurrentProcess
GetWindowsDirectoryW
GetOverlappedResult
SetThreadPriority
LocalAlloc
GlobalLock
LockResource
ProcessIdToSessionId
GetModuleHandleW
GetSystemDefaultLCID
MultiByteToWideChar
ReadProcessMemory
DeleteFileW
CloseHandle
InterlockedCompareExchange
FileTimeToSystemTime
CancelIo
GetCurrentThread
GetComputerNameW
CompareStringW
WaitNamedPipeW
WideCharToMultiByte
GetModuleFileNameW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
SetProcessWorkingSetSize
CreateMutexW
ReadFile
GetComputerNameExW
GetACP
WaitForMultipleObjects
GetProcAddress
SetEvent
LocalFree
GetTempPathW
ConnectNamedPipe
CreateEventW
ResetEvent
GetCurrentDirectoryW
LoadResource
FindResourceW
CreateFileW
GlobalAlloc
VirtualFree
InterlockedDecrement
Sleep
SetEndOfFile
GetTickCount
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
SetLastError
InterlockedIncrement
MapWindowPoints
EmptyClipboard
GetMessagePos
SetWindowRgn
SetScrollInfo
EndPaint
GetFocus
GetMessageW
EnumWindows
MoveWindow
FindWindowW
KillTimer
DestroyMenu
PostQuitMessage
ScreenToClient
GetForegroundWindow
MessageBeep
LoadMenuW
SetPropW
SetFocus
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
IsIconic
GetCursorPos
InflateRect
FrameRect
SetCapture
ReleaseCapture
EnumChildWindows
GetSystemMenu
GetWindowDC
TranslateMessage
IsWindowEnabled
GetWindowTextLengthW
GetSysColor
GetLastActivePopup
GetMenuItemID
EndDeferWindowPos
SystemParametersInfoA
GetDlgCtrlID
GetIconInfo
DrawFocusRect
SetClipboardData
DrawIconEx
GetTopWindow
SetWindowTextW
GetMenuItemInfoW
RemovePropW
SystemParametersInfoW
BringWindowToTop
LoadImageW
GetNextDlgTabItem
ClientToScreen
GetMenuItemCount
AnimateWindow
GetSubMenu
CallWindowProcW
InvalidateRect
GetActiveWindow
AttachThreadInput
CopyRect
GetWindowTextW
GetSysColorBrush
IsMenu
SendMessageTimeoutW
DispatchMessageW
InsertMenuW
FillRect
CloseClipboard
DrawTextW
DestroyWindow
GetDoubleClickTime
AppendMenuW
FindWindowExW
OpenClipboard
Number of PE resources by type
RT_ICON 3
RT_RCDATA 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
File identification
MD5 e30b5d1e9654a5a3244d1c4edb823af3
SHA1 6c96a912dc8b6d0daa3835c997e265c91522aee5
SHA256 51c5bb652e77561de9572224ac6204ed7cf9cbc45da7034ff8540fe3910332ea
ssdeep
3072:+SK24Zq5dtZ+5b9agCLQSvIuEOpCcbkjamBveynEhzCrJxbNWt0qqG:RK1IdtZoq1QuEOgmkGSeSizkxS0q

File size 335.5 KB ( 343552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-27 02:14:49 UTC ( 3 years, 3 months ago )
Last submission 2014-01-27 02:14:49 UTC ( 3 years, 3 months ago )
File names Sbhdlwq.exe
Sbhdlwq
vt-upload-ZZwoi
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!