× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 52dc5d89ed540061e4779b5c21c2c6be288aba9373271434157489c7addcdb03
File name: statement_id.exe
Detection ratio: 20 / 46
Analysis date: 2013-05-03 22:07:56 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
AVG Generic32.CPUW 20130503
AhnLab-V3 Trojan/Win32.Zbot 20130503
AntiVir TR/Spy.ZBot.EB.380 20130503
BitDefender Trojan.Spy.YOZ 20130503
Commtouch W32/Trojan.BSGX-1282 20130503
DrWeb Trojan.PWS.Panda.3734 20130503
ESET-NOD32 Win32/Spy.Zbot.AAU 20130503
Emsisoft Worm.Win32.Luder.AMN (A) 20130503
F-Prot W32/Trojan3.CEP 20130503
F-Secure Trojan-Spy:W32/Zbot.BBHX 20130503
Ikarus Trojan-Spy.Agent 20130503
Kaspersky Trojan-Spy.Win32.Zbot.lcnn 20130503
Kingsoft Win32.Troj.Zbot.lc.(kcloud) 20130502
McAfee RDN/Generic.hra!bg 20130503
McAfee-GW-Edition Artemis!75A666F81847 20130503
PCTools Trojan.Zbot 20130503
Sophos Troj/Zbot-EXU 20130503
Symantec Trojan.Zbot 20130503
TrendMicro TSPY_ZBOT.UDT 20130503
TrendMicro-HouseCall TSPY_ZBOT.UDT 20130503
Agnitum 20130503
Antiy-AVL 20130503
Avast 20130504
ByteHero 20130425
CAT-QuickHeal 20130503
ClamAV 20130503
Comodo 20130503
Fortinet 20130503
GData 20130503
Jiangmin 20130503
K7AntiVirus 20130503
K7GW 20130503
Malwarebytes 20130503
MicroWorld-eScan 20130503
Microsoft 20130504
NANO-Antivirus 20130503
Norman 20130503
Panda 20130503
SUPERAntiSpyware 20130504
TheHacker 20130503
TotalDefense 20130503
VBA32 20130503
VIPRE 20130503
ViRobot 20130503
eSafe 20130501
nProtect 20130503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© 1999 Gopiqic Tyjoce. Uge Huxo Ninor.

Publisher Data Encryption Systems Ltd
Product Xir
Original name Kwmfd2.exe
Internal name Myfoca
File version 10, 7, 10
Description Asebe Icyqubo Wuj
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-15 02:47:12
Entry Point 0x00020C4E
Number of sections 4
PE sections
PE imports
GetUserDefaultUILanguage
SetFileApisToANSI
GetShortPathNameW
FreeLibrary
ExitProcess
TlsAlloc
CreateMailslotA
GetPrivateProfileStructW
CreateJobObjectA
CancelWaitableTimer
GetCurrentDirectoryW
lstrcatA
GetCalendarInfoW
GetProcessHeaps
GetSystemDefaultLCID
GetFileInformationByHandle
SetVolumeMountPointW
FlushInstructionCache
GetFileTime
GlobalWire
LockFileEx
SetEnvironmentVariableW
ConvertDefaultLocale
CreateMutexW
GetComputerNameExW
GetThreadTimes
GetFileAttributesExW
CreateEventW
ReadDirectoryChangesW
IsValidCodePage
GetStringTypeExW
ChangeTimerQueueTimer
SetFileAttributesW
DeleteAtom
RedrawWindow
VkKeyScanExW
DdeAccessData
BringWindowToTop
EnableScrollBar
DrawStateW
LoadBitmapA
DdeDisconnect
DdeCreateStringHandleA
CreateDesktopA
SetMenuItemInfoA
CharUpperBuffA
GetInputState
SendMessageW
AllowSetForegroundWindow
CharLowerBuffA
GetNextDlgTabItem
DdeConnectList
MsgWaitForMultipleObjects
ScrollWindow
InvalidateRgn
DeregisterShellHookWindow
DdeSetQualityOfService
GetCursorInfo
VkKeyScanExA
GetClassInfoExA
DrawFrameControl
DlgDirListComboBoxA
SetDlgItemInt
PeekMessageW
SetWindowPlacement
ShowWindowAsync
DdeKeepStringHandle
GetMenuItemRect
DdeEnableCallback
GetWindow
ActivateKeyboardLayout
SetParent
EnumDisplayDevicesA
GetWindowPlacement
IsIconic
InvertRect
GetDCEx
UnhookWinEvent
SwitchToThisWindow
EnumThreadWindows
SetWindowContextHelpId
WaitForInputIdle
GetSysColorBrush
IsWindowUnicode
TabbedTextOutW
GetGUIThreadInfo
CreateAcceleratorTableA
MapWindowPoints
DdeAbandonTransaction
OffsetRect
CopyIcon
SendNotifyMessageW
CheckMenuRadioItem
ToUnicodeEx
RegisterDeviceNotificationA
ReleaseCapture
GetProcessWindowStation
CheckDlgButton
CreatePopupMenu
GetClassLongW
SetWindowTextW
UnloadKeyboardLayout
SendInput
GetClassLongA
GetMenuItemInfoA
SetActiveWindow
CreateIconFromResourceEx
LoadCursorW
FindWindowExW
InsertMenuW
NotifyWinEvent
PostThreadMessageA
IntersectRect
LoadMenuA
CreateIconIndirect
GetCapture
LoadMenuW
RemoveMenu
HiliteMenuItem
GetMenu
MessageBoxIndirectA
GetDialogBaseUnits
LoadCursorFromFileA
MessageBoxA
DestroyCursor
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
MenuItemFromPoint
GetDoubleClickTime
DestroyIcon
GetAltTabInfoA
GetWindowInfo
SetRect
GetClassNameW
AdjustWindowRect
ModifyMenuW
ValidateRect
IsRectEmpty
CloseClipboard
ReplyMessage
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
DUTCH 6
ExifTool file metadata
LegalTrademarks
Sumesal Ejuxek Uhimyve Hyqopy Hab Nejyj Pyxovah Ozygut Bup Buqahe

FileDescription
Asebe Icyqubo Wuj

InitializedDataSize
146432

ImageVersion
0.0

ProductName
Xir

FileVersionNumber
10.7.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
4.0

OriginalFilename
Kwmfd2.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10, 7, 10

TimeStamp
2011:05:15 03:47:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Myfoca

SubsystemVersion
4.0

FileAccessDate
2013:05:19 14:53:17+01:00

ProductVersion
10, 7

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2013:05:19 14:53:17+01:00

FileOS
Windows NT 32-bit

LegalCopyright
1999 Gopiqic Tyjoce. Uge Huxo Ninor.

MachineType
Intel 386 or later, and compatibles

CompanyName
Data Encryption Systems Ltd

CodeSize
148480

FileSubtype
0

ProductVersionNumber
10.7.0.0

EntryPoint
0x20c4e

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 75a666f81847ccf7656790162e6a666a
SHA1 6a4b08de993900851a663a73c5be87468dd2697f
SHA256 52dc5d89ed540061e4779b5c21c2c6be288aba9373271434157489c7addcdb03
ssdeep
6144:NqNAp150R9pKTAXrKi60WHNbKMZQJhWwOCLRuzUriGQn:NqNAyRXvWHNyALcR4Hn

File size 237.5 KB ( 243200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-03 07:52:07 UTC ( 11 months, 2 weeks ago )
Last submission 2013-05-19 13:53:04 UTC ( 11 months ago )
File names 75a666f81847ccf7656790162e6a666a
Statement ID 758-456-324-562-457.exe
75a666f81847ccf7656790162e6a666a.exe
StatementID758456324562457.exe
Statement ID 758-456-324-562-457.exe-
file-5449960_exe-
virus.exe
Myfoca
Statement ID 758-456-324-562-457-v2.exe
statement_id.exe
75a666f81847ccf7656790162e6a666a.virus
Kwmfd2.exe
75a666f81847ccf7656790162e6a666a
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!