× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c7af33ae095b9d708a7e5aeb2a287b56c0db776d2cf24098b5f64caf92589c0
File name: crp.exe
Detection ratio: 22 / 51
Analysis date: 2014-06-07 08:51:53 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.391130 20140607
AntiVir TR/Kazy.391130 20140607
Avast Win32:Malware-gen 20140607
AVG Crypt3.VJI 20140607
BitDefender Gen:Variant.Kazy.391130 20140607
Bkav HW32.CDB.A5d6 20140606
Emsisoft Gen:Variant.Kazy.391130 (B) 20140607
ESET-NOD32 a variant of Win32/Kryptik.CDSA 20140607
F-Secure Gen:Variant.Kazy.391130 20140607
Fortinet W32/Zbot.AAU!tr 20140607
GData Gen:Variant.Kazy.391130 20140607
Kaspersky Trojan-Spy.Win32.Zbot.tefg 20140607
Malwarebytes Spyware.Zbot.VXGen 20140607
McAfee Artemis!B919FD32A50A 20140607
McAfee-GW-Edition Artemis!B919FD32A50A 20140606
eScan Gen:Variant.Kazy.391130 20140607
Norman Suspicious_Gen5.AQYPO 20140607
Panda Trj/CI.A 20140606
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140606
Sophos AV Mal/Generic-S 20140607
TrendMicro-HouseCall TROJ_GEN.F47V0606 20140607
VIPRE Trojan.Win32.Generic!BT 20140607
AegisLab 20140607
Yandex 20140606
AhnLab-V3 20140606
Antiy-AVL 20140607
Baidu-International 20140607
ByteHero 20140607
CAT-QuickHeal 20140606
ClamAV 20140607
CMC 20140606
Commtouch 20140607
Comodo 20140607
DrWeb 20140607
F-Prot 20140607
Ikarus 20140607
K7AntiVirus 20140606
K7GW 20140606
Kingsoft 20140607
Microsoft 20140607
NANO-Antivirus 20140607
nProtect 20140605
Qihoo-360 20140607
SUPERAntiSpyware 20140607
Symantec 20140607
Tencent 20140607
TheHacker 20140606
TotalDefense 20140607
TrendMicro 20140607
VBA32 20140606
ViRobot 20140607
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
 1997

Publisher Brick Bt. - Hungary
Product Bipeci
Original name Abvvju.exe
Internal name Inivul
File version 9, 6, 7
Description Nuk Ciki Ubaq
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-14 01:45:42
Entry Point 0x0001A435
Number of sections 5
PE sections
PE imports
CertEnumCertificatesInStore
CryptHashMessage
CryptAcquireCertificatePrivateKey
CryptHashToBeSigned
CryptMsgVerifyCountersignatureEncoded
CertEnumCRLsInStore
CryptEnumOIDFunction
CertCreateContext
CryptMsgDuplicate
CryptGetKeyIdentifierProperty
CryptExportPublicKeyInfoEx
CertRemoveEnhancedKeyUsageIdentifier
CertFindExtension
CryptMsgOpenToDecode
CryptSignAndEncodeCertificate
CertNameToStrA
CertFreeCertificateChain
CertEnumCTLsInStore
CryptSIPLoad
CertOpenSystemStoreW
CertOpenSystemStoreA
CertCompareCertificateName
CryptRegisterOIDFunction
CryptFormatObject
CryptMsgVerifyCountersignatureEncodedEx
CryptProtectData
CryptMsgClose
CertGetPublicKeyLength
PFXExportCertStoreEx
CertCreateCRLContext
PlayEnhMetaFileRecord
TextOutW
GetCurrentPositionEx
SetDeviceGammaRamp
EndPath
GetClipBox
GetBitmapBits
GetCharABCWidthsI
PolyPolyline
RestoreDC
GetTextExtentPointA
GetEnhMetaFileDescriptionA
GetTextExtentExPointI
SetMiterLimit
GetCharacterPlacementA
CreateHatchBrush
GetLogColorSpaceA
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
GetDIBits
GetLogColorSpaceW
StrokeAndFillPath
GetFontUnicodeRanges
LineDDA
SetFontEnumeration
EnumEnhMetaFile
CreatePolyPolygonRgn
DeleteObject
GetTempFileNameW
GetPrivateProfileSectionNamesA
GetLogicalDrives
EnumDateFormatsExA
SetFileTime
CallNamedPipeA
acmFormatDetailsW
acmStreamClose
acmDriverID
acmFormatEnumW
acmFilterTagEnumA
acmFormatEnumA
acmFormatDetailsA
acmFilterTagEnumW
acmFilterTagDetailsW
acmFormatTagDetailsA
acmDriverMessage
acmDriverClose
acmStreamMessage
acmFormatTagDetailsW
XRegThunkEntry
acmFormatTagEnumW
acmFormatChooseW
acmMessage32
acmFormatChooseA
acmStreamOpen
acmDriverDetailsA
acmDriverAddA
acmGetVersion
acmDriverOpen
acmStreamSize
GetAcceptExSockaddrs
GetAddressByNameA
GetTypeByNameW
GetNameByTypeW
AcceptEx
sethostname
SetServiceA
TransmitFile
rresvport
NPLoadNameSpaces
dn_expand
rexec
GetTypeByNameA
rcmd
GetAddressByNameW
MigrateWinsockConfiguration
WSARecvEx
EnumProtocolsA
ZwAccessCheckByTypeAndAuditAlarm
RtlCreateUserProcess
RtlSubAuthoritySid
RtlTraceDatabaseUnlock
ZwSetSystemPowerState
ZwEnumerateKey
ZwUnlockVirtualMemory
RtlAcquireResourceShared
RtlUnicodeToMultiByteN
ZwRequestWaitReplyPort
RtlDestroyEnvironment
LdrEnumResources
RtlPrefixUnicodeString
RtlxUnicodeStringToOemSize
NtFindAtom
RtlLengthRequiredSid
ZwCreateProcess
RtlDetermineDosPathNameType_U
ZwSetLowWaitHighEventPair
RtlSetCriticalSectionSpinCount
NtSetEaFile
NtQueryDirectoryFile
NtReleaseMutant
NtAccessCheckByTypeAndAuditAlarm
ZwAccessCheck
ZwSetVolumeInformationFile
RtlSelfRelativeToAbsoluteSD
NtQuerySystemTime
CsrIdentifyAlertableThread
NtInitiatePowerAction
ResUtilGetAllProperties
ResUtilAddUnknownProperties
ResUtilGetDwordProperty
ResUtilGetEnvironmentWithNetName
ResUtilVerifyPropertyTable
ResUtilSetDwordValue
ResUtilEnumProperties
ResUtilSetPropertyParameterBlock
ClusWorkerStart
ClusWorkerCreate
ResUtilGetResourceDependency
ResUtilFindExpandedSzProperty
ResUtilIsPathValid
ResUtilFindLongProperty
ResUtilVerifyResourceService
ResUtilEnumPrivateProperties
ResUtilGetSzProperty
ResUtilGetProperty
ResUtilIsResourceClassEqual
ResUtilResourcesEqual
ResUtilExpandEnvironmentStrings
ResUtilGetProperties
ResUtilDupString
SamAddMultipleMembersToAlias
SamTestPrivateFunctionsUser
SamiChangePasswordUser
SamiChangePasswordUser2
SamLookupDomainInSamServer
SamQueryInformationUser
SamEnumerateUsersInDomain
SamCloseHandle
SamOpenGroup
SamGetGroupsForUser
SamGetDisplayEnumerationIndex
SamGetMembersInGroup
SamCreateUserInDomain
SamRemoveMemberFromAlias
SamQueryInformationDomain
SamSetMemberAttributesOfGroup
SamEnumerateAliasesInDomain
SamTestPrivateFunctionsDomain
SamLookupIdsInDomain
SamConnectWithCreds
SamSetInformationUser
SamiLmChangePasswordUser
SamChangePasswordUser
SamQueryDisplayInformation
GetUserNameExW
AcceptSecurityContext
SealMessage
LsaUnregisterPolicyChangeNotification
FreeContextBuffer
AddSecurityPackageA
SaslGetProfilePackageW
LsaCallAuthenticationPackage
AddCredentialsW
QuerySecurityPackageInfoA
LsaLookupAuthenticationPackage
LsaLogonUser
DeleteSecurityPackageA
AddCredentialsA
ExportSecurityContext
ApplyControlToken
TranslateNameW
SaslIdentifyPackageW
EnumerateSecurityPackagesW
DecryptMessage
ImportSecurityContextA
CompleteAuthToken
AcquireCredentialsHandleA
GetComputerObjectNameA
LsaFreeReturnBuffer
GetParent
MapDialogRect
GetInputState
SetClassLongW
FindWindowW
RemovePropA
SetMenuContextHelpId
FindWindowA
WaitMessage
FlashWindowEx
IsCharAlphaW
SetDlgItemTextA
OemToCharBuffW
LoadKeyboardLayoutA
IMPSetIMEA
SetScrollInfo
DdeUnaccessData
GetProcessDefaultLayout
GetClipCursor
SetClipboardData
IsZoomed
DdeGetLastError
SystemParametersInfoW
SetScrollPos
DdeClientTransaction
FillRect
MonitorFromWindow
SetDlgItemInt
EnumClipboardFormats
GetDialogBaseUnits
InsertMenuW
PlayGdiScriptOnPrinterIC
SetDefaultPrinterA
EnumPortsW
DeletePrinterDriverA
GetPrinterDataA
SetFormA
SetPrinterW
DocumentPropertySheets
AddJobW
EnumFormsA
GetPrintProcessorDirectoryA
CommitSpoolData
DeleteMonitorW
SpoolerPrinterEvent
ADVANCEDSETUPDIALOG
SetPortA
ScheduleJob
EnumMonitorsW
ResetPrinterA
ConvertUnicodeDevModeToAnsiDevmode
DeletePrinterDriverW
EnumMonitorsA
EnumPrintProcessorDatatypesA
EnumPrinterKeyW
AddFormA
DeletePrinterDriverExW
StartDocDlgW
QueryColorProfile
GetPrinterDriverA
ConvertAnsiDevModeToUnicodeDevmode
htonl
WSAConnect
WSAAddressToStringW
WSCInstallNameSpace
WSAInstallServiceClassW
WSCGetProviderPath
WSCInstallProvider
WSAAddressToStringA
htons
WSAGetLastError
getsockopt
WSAAsyncGetHostByName
WSACloseEvent
WSAHtons
WSASend
select
WSARecvDisconnect
WSAGetServiceClassNameByClassIdW
WSAEnumProtocolsW
WSANtohl
WSCUnInstallNameSpace
WSAGetOverlappedResult
getpeername
WSCWriteNameSpaceOrder
WSANtohs
WSASetEvent
socket
listen
WSACreateEvent
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:04:14 02:45:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
7.1

FileAccessDate
2014:12:07 22:51:24+01:00

EntryPoint
0x1a435

InitializedDataSize
380928

SubsystemVersion
4.0

ImageVersion
9.0

OSVersion
4.0

FileCreateDate
2014:12:07 22:51:24+01:00

UninitializedDataSize
0

File identification
MD5 b919fd32a50af0c53dd4f255b7eaaca6
SHA1 00338b4901f8a26819642271333b7c17cf5b4f21
SHA256 5c7af33ae095b9d708a7e5aeb2a287b56c0db776d2cf24098b5f64caf92589c0
ssdeep
6144:xx4hGCZqFsoHeec1rZ6fzgtf1Jvc+ZyZylNv5jJHCXAY09:sNqFsSorZmcPpyZyvv9pSq

authentihash e6348fcc083d3e4ccfc5d9c6f535c0d6ef9a71a5a595cb08b4d195b8d307526c
imphash 74ff8a223de5facf7041fba838cdac09
File size 207.5 KB ( 212480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-06 15:09:26 UTC ( 4 years, 9 months ago )
Last submission 2014-06-07 08:51:53 UTC ( 4 years, 9 months ago )
File names crp.exe
Inivul
jxsISxj5X.gz
Abvvju.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.