× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5afbab91fad6fe32cfba043576118223625716dad193d53aba9878efdf76b867
File name: vt-upload-ypS1V
Detection ratio: 25 / 53
Analysis date: 2014-07-26 16:41:46 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.98475 20140726
AntiVir TR/Zusy.98594.5 20140726
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140726
AVG Win32/Cryptor 20140726
Baidu-International Trojan.Win32.Kryptik.BCGFO 20140726
BitDefender Gen:Variant.Zusy.98475 20140726
Bkav HW32.CDB.75d3 20140725
Emsisoft Gen:Variant.Zusy.98475 (B) 20140726
ESET-NOD32 a variant of Win32/Kryptik.CGFO 20140726
F-Secure Gen:Variant.Zusy.98475 20140726
Fortinet W32/Zbot.TLHI!tr 20140726
GData Gen:Variant.Zusy.98475 20140726
K7GW Trojan ( 050000001 ) 20140725
Kaspersky Trojan-Spy.Win32.Zbot.tlhi 20140726
Kingsoft Win32.Troj.Zbot.tl.(kcloud) 20140726
Malwarebytes Spyware.Zbot.VXGen 20140726
McAfee RDN/Generic PWS.y!b2m 20140726
McAfee-GW-Edition Artemis!159E45F4B652 20140725
eScan Gen:Variant.Zusy.98475 20140726
NANO-Antivirus Trojan.Win32.Zbot.dchela 20140726
Panda Trj/CI.A 20140726
Rising PE:Trojan.Win32.Generic.16FED023!385798179 20140726
Sophos AV Mal/Generic-S 20140726
TrendMicro-HouseCall TROJ_GEN.R021H07GO14 20140726
VIPRE Trojan.Win32.Generic!BT 20140726
AegisLab 20140726
Yandex 20140725
AhnLab-V3 20140726
Avast 20140726
ByteHero 20140726
CAT-QuickHeal 20140726
ClamAV 20140726
CMC 20140724
Commtouch 20140726
Comodo 20140726
DrWeb 20140726
F-Prot 20140726
Ikarus 20140726
Jiangmin 20140725
K7AntiVirus 20140725
Microsoft 20140726
Norman 20140726
nProtect 20140725
Qihoo-360 20140726
SUPERAntiSpyware 20140726
Symantec 20140726
Tencent 20140726
TheHacker 20140722
TotalDefense 20140726
TrendMicro 20140726
VBA32 20140725
ViRobot 20140726
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
MetaQuotes Software Corp. All rights reserved.

Publisher MetaQuotes Software Corp.
Product fgraphic tick
Original name MT Symbol Graphic Tick
Internal name MT Symbol
File version 1.0.6.4
Description MT Symbol Graphic Tick
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-04 19:55:11
Entry Point 0x0000392D
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
Polygon
CreateFontIndirectW
CreatePen
CombineRgn
SetStretchBltMode
GetDeviceCaps
CreateDCA
DeleteDC
EndDoc
StartPage
ChoosePixelFormat
CreateBitmapIndirect
SetTextColor
GetObjectA
CreateEllipticRgn
GetStockObject
CreateCompatibleDC
CreateFontW
EndPage
CreateRectRgn
SelectObject
StartDocA
Polyline
SetBkColor
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryW
GetStringTypeW
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
ExitProcess
InitializeCriticalSection
GetCPInfo
LoadLibraryW
TlsFree
GetModuleHandleA
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetProfileStringA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetProcessHeap
TerminateProcess
SearchPathW
IsValidCodePage
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
GetFileType
SetConsoleCursorPosition
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
GetFileSize
SetLastError
InterlockedIncrement
Shell_NotifyIconA
PathFileExistsW
PathIsRelativeW
MapWindowPoints
GetMessageA
DrawEdge
BeginPaint
SetWindowTextW
DefWindowProcW
EnumWindowStationsW
PostQuitMessage
DefWindowProcA
ShowWindow
GetClipboardData
FindWindowA
GetSysColorBrush
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
UpdateWindow
DialogBoxParamW
MessageBoxA
LoadIconW
SetWindowPos
TranslateMessage
GetSysColor
GetDC
GetCursorPos
DrawTextA
CheckMenuItem
GetMenu
RegisterClassW
SendMessageA
CloseClipboard
GetClientRect
GetDlgItem
SystemParametersInfoW
MessageBoxW
InvalidateRect
GetWindowLongA
CreateMenu
LoadCursorA
TrackPopupMenu
CopyRect
GetMenuState
IsMenu
CreateWindowExW
SetForegroundWindow
OpenClipboard
AppendMenuW
DestroyWindow
IsAppThemed
CoTaskMemAlloc
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
159232

ImageVersion
0.0

ProductName
fgraphic tick

FileVersionNumber
1.0.6.4

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
MT Symbol Graphic Tick

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
MT Symbol Graphic Tick

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.6.4

TimeStamp
2014:07:04 20:55:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MT Symbol

FileAccessDate
2014:07:26 17:37:21+01:00

ProductVersion
1.0.6.4

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:07:26 17:37:21+01:00

FileOS
Windows NT 32-bit

LegalCopyright
MetaQuotes Software Corp. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
MetaQuotes Software Corp.

CodeSize
34304

FileSubtype
0

ProductVersionNumber
1.0.6.4

EntryPoint
0x392d

ObjectFileType
Executable application

File identification
MD5 159e45f4b652574f421ccc44d30978ed
SHA1 8dd19731212df45b0c316123f8073eedda2122d8
SHA256 5afbab91fad6fe32cfba043576118223625716dad193d53aba9878efdf76b867
ssdeep
3072:akm4uIMow5RjORcj8qo/lFSfWmFtGUTE0xndMF+0mag9HFnsy4p/u:akmFvRqqo/lFSbLdMFqfnw

imphash 111beb04d1a3f5dc820a1d9ecd4d8172
File size 190.0 KB ( 194560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-26 16:41:46 UTC ( 4 years, 8 months ago )
Last submission 2014-07-26 16:41:46 UTC ( 4 years, 8 months ago )
File names MT Symbol
MT Symbol Graphic Tick
vt-upload-ypS1V
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.