× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 564576f4e118193a67ce7c77557b4b94d04bd8919465c5963f7d66692d2bdcd8
File name: vt-upload-0tjfu
Detection ratio: 21 / 53
Analysis date: 2014-06-23 10:56:06 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.96400 20140623
Avast Win32:Rootkit-gen [Rtk] 20140623
AVG Agent4.BXLU 20140623
BitDefender Gen:Variant.Zusy.96400 20140623
Bkav HW32.Laneul.mwcs 20140623
CMC Packed.Win32.FakeAV-Crypter.6!O 20140622
DrWeb BackDoor.Caphaw.77 20140623
Emsisoft Gen:Variant.Zusy.96400 (B) 20140623
ESET-NOD32 a variant of Win32/Kryptik.CESR 20140623
F-Secure Gen:Variant.Zusy.96400 20140622
GData Gen:Variant.Zusy.96400 20140623
K7GW Trojan ( 050000001 ) 20140621
Malwarebytes Trojan.Shylock.XGen 20140623
McAfee Artemis!0157C17A8A0C 20140623
McAfee-GW-Edition Artemis!0157C17A8A0C 20140622
Microsoft Backdoor:Win32/Caphaw.A 20140623
eScan Gen:Variant.Zusy.96400 20140623
Rising PE:Malware.Obscure!1.9C59 20140623
TotalDefense Win32/Caphaw.fUOVaAC 20140623
TrendMicro-HouseCall TROJ_GEN.R0C1H01FM14 20140623
VIPRE Backdoor.Win32.Caphaw 20140623
AegisLab 20140623
Yandex 20140622
AhnLab-V3 20140623
AntiVir 20140623
Antiy-AVL 20140619
Baidu-International 20140623
ByteHero 20140623
CAT-QuickHeal 20140621
ClamAV 20140622
Commtouch 20140623
Comodo 20140623
F-Prot 20140623
Fortinet 20140623
Ikarus 20140623
Jiangmin 20140623
K7AntiVirus 20140621
Kaspersky 20140623
Kingsoft 20140623
NANO-Antivirus 20140623
Norman 20140623
Panda 20140622
Qihoo-360 20140623
Sophos AV 20140623
SUPERAntiSpyware 20140623
Symantec 20140623
Tencent 20140623
TheHacker 20140622
TrendMicro 20140623
VBA32 20140623
ViRobot 20140623
Zillya 20140623
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 73

Product E Application
Original name U
Internal name E
File version 1, 0, 4, 1239
Description E Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-16 11:36:08
Entry Point 0x000018E0
Number of sections 4
PE sections
PE imports
QueryServiceConfigA
RestoreDC
SelectObject
GetLastError
HeapFree
GetStdHandle
LCMapStringW
VirtualAllocEx
TerminateThread
LoadLibraryW
VirtualProtect
GetOEMCP
QueryPerformanceCounter
HeapDestroy
GetTickCount
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
SetHandleCount
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetSystemInfo
GetProcessHeap
SuspendThread
SetFilePointer
RaiseException
GetCPInfo
GetStringTypeA
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
ResumeThread
LCMapStringA
HeapCreate
VirtualQuery
VirtualFree
Sleep
GetFileType
ExitProcess
GetCurrentThreadId
VirtualAlloc
InterlockedIncrement
acmStreamSize
DrawDibEnd
DrawDibClose
EnumProcessModules
SHCreateShellItem
EnableWindow
CreateDesktopA
PostMessageA
LoadIconA
DestroyWindow
recv
closesocket
send
select
SCardReleaseContext
Number of PE resources by type
RT_BITMAP 3
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
659456

ImageVersion
0.0

ProductName
E Application

FileVersionNumber
1.0.0.1

LanguageCode
Russian

FileFlagsMask
0x0017

FileDescription
E Application

CharacterSet
Unicode

LinkerVersion
7.1

OriginalFilename
U

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 4, 1239

TimeStamp
2014:06:16 12:36:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
E

FileAccessDate
2014:06:23 12:19:14+01:00

ProductVersion
1, 0, 4, 1239

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:06:23 12:19:14+01:00

FileOS
Win32

LegalCopyright
Copyright (C) 73

MachineType
Intel 386 or later, and compatibles

CodeSize
40960

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x18e0

ObjectFileType
Executable application

File identification
MD5 0157c17a8a0c21a435020709ccd1be0d
SHA1 cbaf2eccf4e9989e425e14bd09a83d4c13cd99e4
SHA256 564576f4e118193a67ce7c77557b4b94d04bd8919465c5963f7d66692d2bdcd8
ssdeep
6144:I230t4PMDIiTUyMUXPpcp/S0mdSvVuBtInfE:I230zsGUH4Ko0QS9F8

imphash ce6230b3139facb632835b678c97c887
File size 532.0 KB ( 544768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-23 10:56:06 UTC ( 4 years, 9 months ago )
Last submission 2014-06-23 10:56:06 UTC ( 4 years, 9 months ago )
File names vt-upload-0tjfu
E
U
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications