× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 59342876ccd04fc1c9ccc22215e6f9124150b1c1cdb084a13c941b9c63a57916
File name: 6f74b6a5f192549da73aa4ef070a14961c1e6a85
Detection ratio: 32 / 54
Analysis date: 2014-07-05 19:27:17 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.402256 20140705
AntiVir TR/Crypt.ZPACK.90215 20140704
Avast Win32:Kryptik-NZP [Trj] 20140705
AVG Crypt3.ACAQ 20140705
BitDefender Gen:Variant.Kazy.402256 20140705
Bkav HW32.CDB.5c11 20140702
Comodo UnclassifiedMalware 20140705
Emsisoft Gen:Variant.Kazy.402256 (B) 20140705
ESET-NOD32 a variant of Win32/Kryptik.CFOB 20140704
F-Secure Gen:Variant.Kazy.402256 20140705
Fortinet W32/Kryptik.CFOB!tr 20140705
GData Gen:Variant.Kazy.402256 20140705
Ikarus Trojan.Win32.Kryptik 20140705
K7AntiVirus Trojan ( 0049c89e1 ) 20140704
K7GW Trojan ( 0049c89e1 ) 20140704
Kaspersky Trojan-Spy.Win32.Zbot.tkgm 20140704
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140705
Malwarebytes Spyware.Zbot.VXGen 20140705
McAfee RDN/Generic.dx!dd3 20140705
McAfee-GW-Edition RDN/Generic.dx!dd3 20140704
Microsoft PWS:Win32/Zbot 20140705
eScan Gen:Variant.Kazy.402256 20140705
NANO-Antivirus Trojan.Win32.ZPACK.dbxxqq 20140705
Norman Troj_Generic.UTWKD 20140704
Panda Trj/Dtcontx.M 20140704
Qihoo-360 HEUR/Malware.QVM20.Gen 20140705
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140704
Sophos AV Troj/Agent-AHQI 20140705
Symantec WS.Reputation.1 20140705
Tencent Win32.Trojan-spy.Zbot.Hryu 20140705
TrendMicro-HouseCall Suspicious_GEN.F47V0701 20140705
VIPRE Trojan.Win32.Generic!BT 20140705
AegisLab 20140705
Yandex 20140704
AhnLab-V3 20140704
Antiy-AVL 20140703
Baidu-International 20140704
ByteHero 20140705
CAT-QuickHeal 20140704
ClamAV 20140705
CMC 20140704
Commtouch 20140705
DrWeb 20140705
F-Prot 20140705
Jiangmin 20140705
nProtect 20140704
SUPERAntiSpyware 20140704
TheHacker 20140704
TotalDefense 20140704
TrendMicro 20140705
VBA32 20140704
ViRobot 20140705
Zillya 20140703
Zoner 20140704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
 2004

Publisher SmartFTP GmbH
Product Taniv
Original name Pgxsfqt.exe
Internal name Bakadu
File version 1, 7, 2
Description Upajum Dakyla Uloxa
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-15 02:32:19
Entry Point 0x0001F96A
Number of sections 4
PE sections
PE imports
CreateTraceInstanceId
GetServiceKeyNameW
AccessCheckByTypeResultListAndAuditAlarmA
DestroyPrivateObjectSecurity
LookupAccountSidW
AccessCheckByTypeAndAuditAlarmW
RegOverridePredefKey
ControlTraceW
RegDeleteKeyW
ConvertSDToStringSDRootDomainW
RegReplaceKeyA
GetSidSubAuthority
LsaCreateSecret
SystemFunction031
OpenEventLogW
SetThreadToken
OpenTraceA
RegQueryMultipleValuesA
EncryptFileA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
RegisterServiceCtrlHandlerExA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertAccessToSecurityDescriptorW
CryptSignHashW
StartServiceCtrlDispatcherW
DuplicateEncryptionInfoFile
RegUnLoadKeyW
ElfClearEventLogFileW
EnumServiceGroupW
SetNamedSecurityInfoW
EnumDependentServicesA
FormatMessageW
ExitProcess
CreateSemaphoreA
DsFreeNameResultA
DsReplicaUpdateRefsW
DsGetSpnW
DsUnquoteRdnValueW
DsBindA
DsMakeSpnW
DsGetDomainControllerInfoA
DsListServersInSiteW
DsReplicaGetInfoW
DsBindWithSpnA
DsFreeSchemaGuidMapA
DsServerRegisterSpnW
DsBindWithCredW
DsUnBindW
DsReplicaModifyW
DsFreeSpnArrayW
DsQuoteRdnValueA
DsBindWithCredA
DsReplicaAddW
DsReplicaSyncAllW
DsCrackSpnW
DsListDomainsInSiteA
DsReplicaSyncAllA
RasSetEntryPropertiesA
RasGetSubEntryHandleA
RasGetSubEntryPropertiesW
RasGetEntryPropertiesA
RasAutodialEntryToNetwork
RasEditPhonebookEntryA
RasSetAutodialParamA
RasEnumAutodialAddressesW
RasGetCredentialsW
RasGetLinkStatistics
RasGetSubEntryPropertiesA
RasGetErrorStringA
RasGetSubEntryHandleW
RasDeleteEntryA
RasSetEntryPropertiesW
RasSetEntryDialParamsW
RasEditPhonebookEntryW
RasGetEapUserIdentityA
ResUtilSetPropertyParameterBlockEx
ResUtilGetPropertySize
ResUtilFindMultiSzProperty
ResUtilAddUnknownProperties
ResUtilGetDwordValue
ResUtilStartResourceService
ResUtilDupParameterBlock
ResUtilSetPropertyTableEx
ResUtilVerifyPropertyTable
ResUtilFindExpandedSzProperty
ResUtilGetSzValue
ResUtilStopService
ResUtilGetPropertiesToParameterBlock
ResUtilFindDwordProperty
ResUtilFindBinaryProperty
ResUtilGetResourceDependentIPAddressProps
ResUtilFindExpandSzProperty
ResUtilStopResourceService
ResUtilGetSzProperty
ClusWorkerStart
ClusWorkerCheckTerminate
ResUtilIsResourceClassEqual
ResUtilResourcesEqual
ResUtilFindLongProperty
ResUtilGetBinaryValue
ResUtilGetPrivateProperties
ResUtilEnumResources
ResUtilGetResourceDependencyByClass
ResUtilSetExpandSzValue
ResUtilGetResourceDependencyByName
ResUtilPropertyListFromParameterBlock
SetupAddToSourceListW
SetupQueueCopyIndirectA
InstallHinfSectionW
SetupGetBinaryField
SetupDestroyDiskSpaceList
SetupDiOpenDeviceInfoW
CM_Get_Class_Name_ExA
SetupSetFileQueueAlternatePlatformW
SetupDecompressOrCopyFileA
SetupDiGetDriverInfoDetailW
SetupDiGetClassImageListExW
SetupCopyErrorA
SetupCopyErrorW
SetupGetInfFileListA
SetupDiBuildClassInfoListExA
SetupQuerySourceListA
SetupOpenLog
CM_Get_Device_ID_ListA
SetupDiGetClassImageIndex
SetupDiOpenDeviceInterfaceRegKey
CM_Reenumerate_DevNode_Ex
SetupDefaultQueueCallbackW
SetupSetPlatformPathOverrideA
CM_Set_HW_Prof_FlagsW
SetupDiGetClassDevsExA
CM_Detect_Resource_Conflict_Ex
CM_Get_Parent_Ex
CM_Get_Version
CM_Register_Device_Driver_Ex
SetupDiDestroyDriverInfoList
CM_Get_HW_Prof_FlagsA
SHDeleteOrphanKeyW
StrFormatKBSizeA
StrCmpNIW
wvnsprintfA
PathParseIconLocationA
PathRemoveBackslashA
PathFindExtensionA
PathIsPrefixW
UrlApplySchemeA
PathIsRootW
StrCSpnIW
StrChrW
PathIsLFNFileSpecA
ColorRGBToHLS
StrChrIW
PathAddBackslashW
StrCatW
StrCSpnIA
PathFileExistsA
SHRegCreateUSKeyW
SHEnumKeyExA
StrStrW
SHSkipJunction
PathIsDirectoryEmptyW
PathIsUNCServerShareW
SHGetThreadRef
PathBuildRootW
PathSkipRootW
SHDeleteEmptyKeyA
PathGetArgsW
URLOpenStreamW
IsLoggingEnabledW
URLOpenStreamA
CreateFormatEnumerator
URLDownloadA
RevokeFormatEnumerator
CoInternetGetSecurityUrl
URLDownloadW
CoInternetCreateSecurityManager
CopyBindInfo
CoInternetGetSession
URLDownloadToCacheFileW
URLOpenBlockingStreamA
URLOpenPullStreamW
BindAsyncMoniker
IsValidURL
CoInternetCompareUrl
SetSoftwareUpdateAdvertisementState
UrlMkBuildVersion
GetClassFileOrMime
UrlMkSetSessionOption
WriteHitLogging
FindMimeFromData
URLDownloadToFileW
DdeCmpStringHandles
Number of PE resources by type
RT_RCDATA 11
Struct(13) 11
RT_DIALOG 9
RT_STRING 6
Struct(15) 5
Struct(18) 5
RT_DLGINCLUDE 5
RT_FONTDIR 4
RT_ACCELERATOR 4
RT_MESSAGETABLE 3
RT_FONT 3
RT_MENU 3
RT_VXD 3
RT_ANICURSOR 3
RT_ICON 2
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
GERMAN 52
ENGLISH AUS 28
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:02:15 03:32:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
147456

LinkerVersion
9.0

FileAccessDate
2014:07:05 20:28:40+01:00

EntryPoint
0x1f96a

InitializedDataSize
372736

SubsystemVersion
4.0

ImageVersion
8.1

OSVersion
4.0

FileCreateDate
2014:07:05 20:28:40+01:00

UninitializedDataSize
0

File identification
MD5 2e202421f204fc0c543604530d30acca
SHA1 8bcee8a63db4379a56734e5ac173d593993049bd
SHA256 59342876ccd04fc1c9ccc22215e6f9124150b1c1cdb084a13c941b9c63a57916
ssdeep
3072:BvSQugqD3yLKcrl7cG96/64xnDSKA/1upgz8+6ZNAINWaguq840wcza:QQufD3yBB7cS6Vxn9npQUZNJW+qzTc

imphash 6ba27fc9a385a0c671c8b4ae922fabc2
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-01 13:14:01 UTC ( 4 years, 8 months ago )
Last submission 2014-07-05 19:27:17 UTC ( 4 years, 8 months ago )
File names upd.exe
Pgxsfqt.exe
Bakadu
FvBN.mht
6f74b6a5f192549da73aa4ef070a14961c1e6a85
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections