× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 568c5c14f72bfd8adfcd22f49932a52830572e8d7e0871b3b2632c5d1f7d201c
File name: GrpConv
Detection ratio: 47 / 54
Analysis date: 2016-11-02 06:54:02 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Kazy.156788 20161102
AVG Worm/Generic3.DY 20161102
Ad-Aware Gen:Variant.Kazy.156788 20161102
AegisLab Troj.W32.Bublik.ajyb!c 20161102
AhnLab-V3 Trojan/Win32.Jorik.N809569966 20161102
Antiy-AVL Trojan/Win32.Bublik 20161102
Arcabit Trojan.Kazy.D26474 20161102
Avast Win32:Crypt-PCV [Trj] 20161102
Avira (no cloud) TR/Kazy.156788 20161101
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161101
BitDefender Gen:Variant.Kazy.156788 20161102
Bkav W32.eHeur.Malware09 20161101
CMC Trojan.Win32.Bublik!O 20161102
Comodo TrojWare.Win32.Kryptik.AYQE 20161102
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.JVUY-4109 20161102
DrWeb Trojan.Necurs.300 20161102
ESET-NOD32 Win32/Cridex.AA 20161102
Emsisoft Gen:Variant.Kazy.156788 (B) 20161102
F-Secure Gen:Variant.Kazy.156788 20161102
Fortinet W32/ZBOT.QT!tr 20161102
GData Gen:Variant.Kazy.156788 20161102
Ikarus Trojan-PWS.Win32.Fareit 20161101
Invincea trojandropper.win32.gepys.a 20161018
Jiangmin Trojan/Bublik.dux 20161102
K7AntiVirus Riskware ( 0040eff71 ) 20161102
K7GW Riskware ( 0040eff71 ) 20161102
Kaspersky Trojan.Win32.Bublik.ajyb 20161102
Malwarebytes Trojan.FakeMS.ED 20161102
McAfee PWS-Zbot-FASE!00C7693681D1 20161102
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20161102
eScan Gen:Variant.Kazy.156788 20161102
Microsoft Worm:Win32/Cridex.E 20161102
NANO-Antivirus Trojan.Win32.Bublik.cyldjx 20161102
Panda Trj/Hexas.HEU 20161101
Qihoo-360 HEUR/Malware.QVM20.Gen 20161102
Rising Malware.Generic!2VzkUV8AdVQ@2 (thunder) 20161102
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20161102
Sophos Troj/Zbot-EHY 20161102
Symantec Trojan.Bebloh 20161102
Tencent Win32.Worm.Cridex.Eol 20161102
TheHacker Trojan/Cridex.aa 20161101
TrendMicro-HouseCall WORM_CRIDEX.GG 20161102
VBA32 BScope.Malware-Cryptor.SB.01798 20161101
Yandex Worm.Cridex!nlsoedaCABQ 20161101
Zillya Trojan.Bublik.Win32.9010 20161101
nProtect Trojan/W32.Bublik.152064.B 20161101
AVware 20161102
Alibaba 20161102
CAT-QuickHeal 20161101
ClamAV 20161101
F-Prot 20161102
Kingsoft 20161102
TotalDefense 20161028
TrendMicro 20161102
VIPRE 20161102
ViRobot 20161102
Zoner 20161102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name GRPCONV.EXE
Internal name GrpConv
File version 5.1.2600.5512 (xpsp.080413-2105)
Description ????????? ????? ?????????? ???????? Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-22 11:24:35
Entry Point 0x00004570
Number of sections 5
PE sections
PE imports
RegOpenKeyExW
LocalLock
lstrlenA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetModuleFileNameA
GetFileSize
LoadLibraryA
GetACP
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
lstrcatA
UnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetSystemDirectoryA
MoveFileExA
LocalUnlock
LocalFree
TerminateProcess
CreateFileW
lstrcatW
CreateFileA
ExitProcess
GetCurrentThreadId
LocalAlloc
LoadIconW
LoadIconA
_cexit
__p__fmode
_c_exit
_except_handler3
_acmdln
_exit
__p__commode
malloc
free
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
sprintf
__set_app_type
Number of PE resources by type
RT_STRING 2
RT_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 6
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
137216

EntryPoint
0x4570

OriginalFileName
GRPCONV.EXE

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-2105)

TimeStamp
2013:03:22 12:24:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GrpConv

ProductVersion
5.1.2600.5512

FileDescription
Windows

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
14336

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 00c7693681d111c0b74121ea513abe91
SHA1 a2431ae0ed6b914641f5b0dd7ed535e3d99dfb74
SHA256 568c5c14f72bfd8adfcd22f49932a52830572e8d7e0871b3b2632c5d1f7d201c
ssdeep
3072:l0664bBnKbefU1gpt/b1ODdAhI0egPciFkRAOYnlZ5L:l08dm1YNSa

authentihash 4398a57836e6f2534fffb82416248ad2ca97e192bce63d4896cbb5c03ddff22e
imphash 86cd8c929c7b8f58fcfdd0b45d5646c7
File size 148.5 KB ( 152064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-22 15:22:24 UTC ( 3 years, 10 months ago )
Last submission 2014-04-26 15:50:24 UTC ( 2 years, 9 months ago )
File names about.exe
6561360.exe
GrpConv
00c7693681d111c0b74121ea513abe91
8003594.exe
00c7693681d111c0b74121ea513abe91
info.exe
readme.exe
calc.exe
KB00990274.exe
report20130321.PDF.exe
contacts.exe
GRPCONV.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.