× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 58b770a0674b7d560c47ecc0f2f8090f1b0e99ab52a6b2b76e84ab80fce98998
File name: Ozjijw.exe
Detection ratio: 50 / 56
Analysis date: 2016-11-12 10:17:14 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Encpk.Gen.4 20161112
AegisLab Troj.PSW32.W.Tepfer.nmlu!c 20161112
AhnLab-V3 Trojan/Win32.Zbot.N892771369 20161111
ALYac Trojan.Encpk.Gen.4 20161112
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20161112
Arcabit Trojan.Encpk.Gen.4 20161112
Avast Win32:Fareit-HK [Trj] 20161112
AVG SHeur4.BMNX 20161112
Avira (no cloud) BDS/Androm.vmba 20161112
AVware TrojanPWS.Win32.Fareit.aa (v) 20161112
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9969 20161111
BitDefender Trojan.Encpk.Gen.4 20161112
Bkav W32.AppdataOfomoaL.Trojan 20161112
ClamAV Win.Trojan.Agent-1116300 20161112
Comodo TrojWare.Win32.Monder.GEN 20161112
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb BackDoor.Bulknet.958 20161112
Emsisoft Trojan.Encpk.Gen.4 (B) 20161112
ESET-NOD32 Win32/Dorkbot.B 20161112
F-Secure Trojan.Encpk.Gen.4 20161112
Fortinet W32/Injector.AHLB!tr 20161112
GData Trojan.Encpk.Gen.4 20161112
Ikarus Trojan-PWS.Win32.Tepfer 20161112
Sophos ML virus.win32.sality.t 20161018
Jiangmin Trojan/PSW.Tepfer.bnbf 20161112
K7AntiVirus Trojan ( 004b8b021 ) 20161112
K7GW Trojan ( 004b8b021 ) 20161112
Kaspersky HEUR:Trojan.Win32.Generic 20161112
Malwarebytes Trojan.Zbot 20161112
McAfee PWS-Zbot-FAQD!8BB7D761C188 20161112
McAfee-GW-Edition BehavesLike.Win32.Pate.cc 20161111
Microsoft VirTool:Win32/Injector.gen!DV 20161112
eScan Trojan.Encpk.Gen.4 20161112
NANO-Antivirus Trojan.Win32.Bulknet.cqnrfg 20161111
nProtect Trojan-PWS/W32.Tepfer.195717 20161112
Panda Trj/Dtcontx.F 20161111
Qihoo-360 Win32/Trojan.PSW.53e 20161112
Rising Malware.Generic!ACOTH2t1GeI@5 (thunder) 20161112
Sophos AV Troj/Agent-ADBJ 20161112
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20161112
Symantec Infostealer 20161112
Tencent Win32.Backdoor.Androm.Edxv 20161112
TheHacker Trojan/Injector.aixm 20161111
TotalDefense Win32/Inject.C2!generic 20161112
TrendMicro-HouseCall TROJ_SPNR.11G713 20161112
VBA32 Hoax.Gimemo 20161111
VIPRE TrojanPWS.Win32.Fareit.aa (v) 20161112
ViRobot Trojan.Win32.Zbot.195717[h] 20161112
Yandex Trojan.PWS.Tepfer!zbl/+FjcdVI 20161111
Zillya Trojan.Tepfer.Win32.55295 20161111
Alibaba 20161110
CAT-QuickHeal 20161111
CMC 20161112
Cyren 20161112
F-Prot 20161112
Kingsoft 20161112
Zoner 20161112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2032-08-22 20:34:29
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 f08fe2077f685c9441a34c5afad53fe1
File type data
Offset 57856
Size 137861
Entropy 8.00
PE imports
InitializeCriticalSection
HeapFree
GetModuleHandleA
HeapCreate
ReadFile
HeapDestroy
ExitProcess
CloseHandle
GetCommandLineA
HeapAlloc
LoadLibraryA
HeapReAlloc
GetProcAddress
malloc
realloc
fread
fclose
_setmode
_fstat
fopen
feof
strncpy
strlen
fseek
qsort
frexp
ftell
_fileno
__p__iob
memset
ferror
free
_CIlog
_CIatan
calloc
memcpy
memmove
memchr
fprintf
_CIacos
Number of PE resources by type
Struct(257) 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2032:08:22 21:34:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45568

LinkerVersion
3.87

FileTypeExtension
exe

InitializedDataSize
14336

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 8bb7d761c1883ebd95ef0c2fac4279fc
SHA1 fe33794dd5fc906190469fd6ae25feee5e134f04
SHA256 58b770a0674b7d560c47ecc0f2f8090f1b0e99ab52a6b2b76e84ab80fce98998
ssdeep
3072:06hzd3PqqD//L4Boq8K7OIHKMDsk0EtgboHVZPk7VwOZyVGXOxGNQcfmWo68UZ:06rPqIb4BSK7OIqAtg0HrPEqGGAD/Z

authentihash 478d2d490b2e9f4edfd5cc63c6708d396a210561db513dff61a2ebdc5c910735
imphash 82fa3e30a6b22eec00c6155aad03c69e
File size 191.1 KB ( 195717 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe usb-autorun overlay

VirusTotal metadata
First submission 2013-07-03 13:14:20 UTC ( 5 years, 6 months ago )
Last submission 2014-11-01 11:57:48 UTC ( 4 years, 2 months ago )
File names 58b770a0674b7d560c47ecc0f2f8090f1b0e99ab52a6b2b76e84ab80fce98998.bin
ScreenSaverPro.scr
file-7076454_bin
65166.exe
Ozjijw.exe
temp.bin
733c.exe
Ihcaci.exe
Glgkgq.exe
Djxixl.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications