× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5629e44f4a14083a669bc3f56d3879863f50c57eb4669ca2e051477681ffeef0
File name: vt-upload-grVI5
Detection ratio: 22 / 53
Analysis date: 2014-07-19 02:37:04 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.405494 20140719
AntiVir TR/Zbot.A.975 20140718
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140718
Avast Win32:Malware-gen 20140719
AVG PSW.Generic12.ARGV 20140718
BitDefender Gen:Variant.Kazy.405494 20140719
Bkav HW32.Laneul.ukwy 20140718
Emsisoft Gen:Variant.Kazy.405494 (B) 20140719
F-Secure Gen:Variant.Kazy.405494 20140719
GData Gen:Variant.Kazy.405494 20140719
Kaspersky Trojan-Spy.Win32.Zbot.tnpd 20140719
McAfee Artemis!9EBE1E70E1D4 20140719
McAfee-GW-Edition Artemis!9EBE1E70E1D4 20140718
Microsoft PWS:Win32/Zbot 20140719
eScan Gen:Variant.Kazy.405494 20140719
NANO-Antivirus Trojan.Win32.Zbot.dcizxe 20140719
Panda Trj/CI.A 20140718
Qihoo-360 Win32/Trojan.Spy.481 20140719
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140718
Sophos AV Mal/Generic-S 20140719
TrendMicro-HouseCall TROJ_GEN.R0CBH01GH14 20140719
VIPRE Trojan.Win32.Generic!BT 20140719
AegisLab 20140719
Yandex 20140718
AhnLab-V3 20140718
Baidu-International 20140718
ByteHero 20140719
CAT-QuickHeal 20140718
ClamAV 20140718
CMC 20140717
Commtouch 20140719
Comodo 20140718
DrWeb 20140719
ESET-NOD32 20140719
F-Prot 20140719
Fortinet 20140719
Ikarus 20140718
Jiangmin 20140718
K7AntiVirus 20140718
K7GW 20140718
Kingsoft 20140719
Malwarebytes 20140719
Norman 20140718
nProtect 20140718
SUPERAntiSpyware 20140719
Symantec 20140719
Tencent 20140719
TheHacker 20140718
TotalDefense 20140718
TrendMicro 20140719
VBA32 20140718
ViRobot 20140719
Zoner 20140718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-27 19:41:29
Entry Point 0x0000C51E
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
GetLastError
GetOverlappedResult
DeviceIoControl
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
GetTickCount
OutputDebugStringA
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetLocalTime
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetTempPathA
GlobalAddAtomW
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
GetACP
GetCurrentThreadId
SetEnvironmentVariableA
GetFullPathNameA
TerminateProcess
CreateEventA
Sleep
FormatMessageA
CreateFileA
GetVersion
ResetEvent
SetupDiGetDeviceInstallParamsA
SetupDiGetClassDevsA
SetupDiSetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupGetStringFieldA
SetupFindNextLine
SetupFindFirstLineA
SetupCloseInfFile
SetupDiEnumDeviceInfo
SetupOpenInfFileA
SetupDiSetClassInstallParamsA
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
FindWindowA
PostMessageA
malloc
realloc
memset
fclose
fprintf
fgets
fopen
strncpy
_amsg_exit
fputs
_strlwr
_XcptFilter
_snprintf
sprintf
free
getenv
atoi
memcpy
_vsnprintf
strstr
fputws
memmove
strerror
wcsstr
_initterm
fgetws
_iob
Number of PE resources by type
RT_DIALOG 26
RT_GROUP_ICON 4
RT_ICON 4
HEADER 2
REGISTRY 1
Number of PE resources by language
ENGLISH US 37
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:27 20:41:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
194560

LinkerVersion
8.0

FileAccessDate
2014:07:25 03:04:03+01:00

EntryPoint
0xc51e

InitializedDataSize
162304

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:07:25 03:04:03+01:00

UninitializedDataSize
0

File identification
MD5 9ebe1e70e1d4c86914c91fecbc9304bd
SHA1 994110243fac2d4a0f6802ab7e0a305ecee314f6
SHA256 5629e44f4a14083a669bc3f56d3879863f50c57eb4669ca2e051477681ffeef0
ssdeep
6144:Hj+AIwPxffoGAM4fPea4u/gZyUqtkRWN2SI:HjywPFfoGnuWa4wg47kkdI

imphash 02547d60099ccdf3353670f9a95ba1f0
File size 350.0 KB ( 358400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-19 02:37:04 UTC ( 4 years, 8 months ago )
Last submission 2014-07-25 02:03:51 UTC ( 4 years, 8 months ago )
File names vt-upload-grVI5
9ebe1e70e1d4c86914c91fecbc9304bd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.