× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d51b105de734b1023ce96c4b61743400d3a0a3b7d135b569b2da728cbd8b407
File name: 2.exe
Detection ratio: 2 / 46
Analysis date: 2013-08-01 20:37:48 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Spy.Zbot.AAU 20130801
Kaspersky UDS:DangerousObject.Multi.Generic 20130801
AVG 20130801
Agnitum 20130801
AhnLab-V3 20130801
AntiVir 20130801
Antiy-AVL 20130801
Avast 20130801
BitDefender 20130801
ByteHero 20130724
CAT-QuickHeal 20130801
ClamAV 20130801
Commtouch 20130801
Comodo 20130801
DrWeb 20130801
Emsisoft 20130801
F-Prot 20130801
F-Secure 20130801
Fortinet 20130801
GData 20130801
Ikarus 20130801
Jiangmin 20130801
K7AntiVirus 20130801
K7GW 20130801
Kingsoft 20130723
Malwarebytes 20130801
McAfee 20130801
McAfee-GW-Edition 20130801
MicroWorld-eScan 20130801
Microsoft 20130801
NANO-Antivirus 20130801
Norman 20130801
PCTools 20130801
Panda 20130801
Rising 20130801
SUPERAntiSpyware 20130801
Sophos 20130801
Symantec 20130801
TheHacker 20130801
TotalDefense 20130801
TrendMicro 20130801
TrendMicro-HouseCall 20130801
VBA32 20130801
VIPRE 20130801
ViRobot 20130801
nProtect 20130801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright Olnlkgk

Publisher Olnlkgk
Product Vzzm Wqkkt Kmzryeehl
Original name Vzzm.exe
Internal name Vzzm
File version 1.9.4009.50225
Description VzzmKldyft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-10 03:23:50
Link date 4:23 AM 1/10/2001
Entry Point 0x00047B43
Number of sections 5
PE sections
PE imports
LdapControlsFree
LdapGetSchemaObjectCount
LdapGetValues
SchemaAddRef
LdapGetSyntaxOfAttributeOnServer
LdapParseResult
?GetNextToken@CLexer@@QAEJPAGPAK@Z
LdapTypeFreeLdapObjects
ADsGetNextColumnName
LdapReadAttribute2
UnMarshallLDAPToLDAPSynID
GetLDAPTypeName
ADsDeleteClassDefinition
LdapRenameExtS
LdapFirstEntry
?SetAtDisabler@CLexer@@QAEXH@Z
LdapSearchAbandonPage
DllGetClassObject
CAUpdateCertType
CACloseCertType
CAGetCertTypeExpiration
CAGetCAExpiration
CAEnumNextCertType
CAFindByIssuerDN
CASetCAExpiration
CASetCertTypeProperty
CACreateAutoEnrollmentObjectEx
CASetCertTypeKeySpec
CACloseCA
DllCanUnloadNow
CACreateNewCA
CAAddCACertificateType
CAGetCertTypeExtensions
CASetCAProperty
CASetCAFlags
CAFreeCertTypeExtensions
CAFindCertTypeByName
?GetFile@CIniW@@QBEPBGXZ
SzToWz
?SetEntryFromIdx@CIniW@@QAEXK@Z
?GPPS@CIniW@@QBEPAGPBG00@Z
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
??0CRandom@@QAE@I@Z
CmStrchrW
?SetEntry@CIniW@@QAEXPBG@Z
?GetPrimaryFile@CIniW@@QBEPBGXZ
?GetFile@CIniA@@QBEPBDXZ
CmStrtokA
GetOSBuildNumber
CmLoadStringW
CmStripFileNameW
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
CmLoadImageW
??_FCIniA@@QAEXXZ
?SetEntryFromIdx@CIniA@@QAEXK@Z
CmFmtMsgW
DnsApiHeapReset
DnsFlushResolverCache
DnsGetPrimaryDomainName_A
DnsModifyRecordsInSet_W
DnsExtractRecordsFromMessage_UTF8
GetCurrentTimeInSeconds
DnsRecordBuild_W
DnsRecordBuild_UTF8
DnsDowncaseDnsNameLabel
DnsModifyRecordsInSet_UTF8
DnsMapRcodeToStatus
DnsReplaceRecordSetUTF8
DnsUtf8ToUnicode
DnsIsAMailboxType
DnsWriteReverseNameStringForIpAddress
DnsQueryConfig
DnsNameCompareEx_UTF8
DnsReplaceRecordSetA
DnsUpdateTest_A
DnsValidateName_W
DnsIsStringCountValidForTextType
DnsFindAuthoritativeZone
DnsValidateName_A
HidD_FlushQueue
HidP_GetButtonCaps
HidD_GetSerialNumberString
HidD_GetConfiguration
HidD_FreePreparsedData
HidD_GetFeature
HidD_GetAttributes
HidD_GetNumInputBuffers
HidP_MaxUsageListLength
HidP_GetCaps
HidP_GetLinkCollectionNodes
HidP_SetUsageValue
HidP_UsageListDifference
HidP_SetData
HidD_GetPhysicalDescriptor
GetSystemTime
lstrlenA
GetFileAttributesA
GlobalFree
CopyFileA
GetThreadLocale
GetVersionExA
GetFileAttributesW
GetCompressedFileSizeW
lstrlenW
GetLocalTime
GetConsoleTitleW
GetCommandLineW
GetStartupInfoW
GetConsoleTitleA
GetCommandLineA
lstrcmpA
ReadFile
WriteFile
CloseHandle
GetCompressedFileSizeA
lstrcmpW
TerminateProcess
FindFirstVolumeMountPointW
GetConsoleWindow
VirtualFree
CreateFileA
GetVersion
VirtualAlloc
InvokeControlPanel
drvSetDefaultCommConfigA
drvCommConfigDialogW
drvGetDefaultCommConfigA
UnimodemDevConfigDialog
ModemCplDlgProc
drvSetDefaultCommConfigW
UnimodemGetDefaultCommConfig
UnimodemGetExtendedCaps
drvGetDefaultCommConfigW
ModemPropPagesProvider
drvCommConfigDialogA
FBuildTempPath
OpenFileStream
DeleteTempFile
HrStreamSeekBegin
CreateDataObject
PszScanToCharA
BrowseForFolder
HrCopyStreamCB
MessageBoxInstW
HrDecodeObject
FIsHTMLFileW
HrSetDirtyFlagImpl
HrCopyStreamToByte
FIsSpaceA
FBuildTempPathW
HrBSTRToLPSZ
OpenFileStreamW
HrSafeGetStreamSize
PszDupW
HrGetCertificateParam
ReplaceChars
IVoidPtrList_CreateInstance
PVGetCertificateParam
StrToUintA
PszSkipWhiteA
HrStreamSeekCur
FIsEmptyW
CreateSystemHandleName
StrToUintW
ClickedOnRAT
RatingCustomAddRatingHelper
VerifySupervisorPassword
RatingInit
RatingObtainCancel
RatingObtainQuery
ClickedOnPRF
RatingCustomSetUserOptions
RatingAccessDeniedDialog2
RatingEnabledQuery
RatingCustomAddRatingSystem
ChangeSupervisorPassword
__vbaVarFix
rtcDateAdd
__vbaFreeVarList
__vbaCVarAryUdt
__vbaVarEqv
__vbaAryLock
__vbaHresultCheckObj
GetMem4
rtcCVErrFromVar
rtcPackTime
__vbaVarLateMemCallLdRf
__vbaFpR4
rtcLeftBstr
PutMemNewObj
__vbaVargObj
__vbaExitEachColl
strncmp
malloc
fread
_time64
_wchdir
fgets
_mbcjistojms
_wspawnle
_wstrtime
raise
puts
_utime64
qsort
_getws
_wfindnext64
_cabs
__p__mbctype
wcscmp
__crtCompareStringA
wcsncpy
free
_safe_fdivr
sinh
fwprintf
_mbclen
_ltoa
__CxxLongjmpUnwind
__argc
__mb_cur_max
AccProvHandleIsObjectAccessible
AccProvHandleGetAllRights
AccProvGetAllRights
AccProvRevokeAuditRights
AccProvHandleGetAccessInfoPerObjectType
AccProvRevokeAccessRights
AccLookupAccountSid
AccProvHandleGrantAccessRights
AccRewriteGetHandleRights
AccProvHandleGetTrusteesAccess
AccProvHandleIsAccessAudited
AccRewriteSetEntriesInAcl
AccConvertAccessMaskToActrlAccess
AccProvGrantAccessRights
AccConvertAccessToSD
AccConvertSDToAccess
AccProvHandleRevokeAccessRights
AccProvGetOperationResults
AccLookupAccountName
SQLCloseCursor
SQLExecute
SQLTransact
SQLRowCount
SQLNativeSql
SQLGetStmtAttr
SQLSetScrollOptions
SQLPutData
SQLSetDescRec
ReleaseCLStmtResources
SQLSetConnectOption
SQLGetStmtOption
SQLGetDescRec
SQLSetPos
SQLFetch
SQLGetInfo
SQLFreeHandle
SQLMoreResults
SQLSetStmtAttr
SQLEndTran
DeviceEnum
DeviceConnect
PortSetIoCompletionPort
DeviceGetInfo
DeviceDone
PortClearStatistics
PortGetIOHandle
PortInit
PortSetInfo
PortSend
GetZeroDeviceInfo
GetConnectInfo
AddPorts
DeviceListen
PortGetInfo
SetCommSettings
DeviceWork
EnableDeviceForDialIn
RastapiGetCalledID
DeviceSetDevConfig
PortDisconnect
PortGetStatistics
PortOpen
PortReceiveComplete
RastapiSetCalledID
PortGetPortState
PortTestSignalState
InitSecurityInterfaceA
QueryContextAttributesW
SealMessage
ImpersonateSecurityContext
AddSecurityPackageA
QueryContextAttributesA
InitSecurityInterfaceW
InitializeSecurityContextA
DeleteSecurityContext
QuerySecurityPackageInfoA
ImportSecurityContextA
DeleteSecurityPackageA
InitializeSecurityContextW
VerifySignature
ExportSecurityContext
QueryCredentialsAttributesA
ApplyControlToken
EnumerateSecurityPackagesA
ImportSecurityContextW
DecryptMessage
QuerySecurityContextToken
MakeSignature
CompleteAuthToken
AcquireCredentialsHandleA
RevertSecurityContext
FreeContextBuffer
UnsealMessage
FreeCredentialsHandle
PathFindNextComponentW
StrChrW
SHRegQueryInfoUSKeyW
PathMakePrettyW
wnsprintfW
SHOpenRegStreamW
StrStrIW
SHStrDupA
StrSpnA
SHDeleteKeyA
StrRetToStrW
StrCmpIW
SHRegDeleteEmptyUSKeyW
SHRegEnumUSKeyA
StrToIntW
StrRStrIW
SoftpubLoadMessage
SoftpubCleanup
DriverCleanupPolicy
SoftpubCheckCert
SoftpubInitialize
SoftpubLoadSignature
SoftpubDefCertInit
SoftpubFreeDefUsageCallData
DriverInitializePolicy
FindCertsByIssuer
OfficeInitializePolicy
SoftpubAuthenticode
OfficeCleanupPolicy
DriverFinalPolicy
DllUnregisterServer
OpenPersonalTrustDBDialog
HTTPSFinalProv
GenericChainCertificateTrust
SoftpubLoadDefUsageCallData
SoftpubDumpStructure
DllRegisterServer
BCP_colptr
BCP_readfmt
BCP_control
SQLBulkOperations
BCP_columns
SQLRowCount
SQLStatisticsW
SQLConnectW
SQLSetPos
SQLSetCursorNameW
SQLSetConnectOptionW
BCP_collen
TTIsEmbeddingEnabledForFacename
TTGetEmbeddingType
TTEmbedFontFromFileA
_TTEmbedFont@44
_TTEnableEmbeddingForFacename@8
TTIsEmbeddingEnabled
TTDeleteEmbeddedFont
_TTGetEmbeddedFontInfo@28
TTGetEmbeddedFontInfo
_TTRunValidationTests@8
TTEnableEmbeddingForFacename
_TTEmbedFontFromFileA@52
_TTDeleteEmbeddedFont@12
_TTCharToUnicode@24
TTRunValidationTests
TTCharToUnicode
_TTGetEmbeddingType@8
_TTIsEmbeddingEnabled@8
_TTLoadEmbeddedFont@40
_TTIsEmbeddingEnabledForFacename@8
TTEmbedFont
TTLoadEmbeddedFont
ChildWindowFromPointEx
SendMessageTimeoutA
DlgDirSelectExA
CountClipboardFormats
GetWindowRect
DdeReconnect
FlashWindow
LoadStringW
UnregisterClassA
EmptyClipboard
DialogBoxIndirectParamW
DdeInitializeW
SetWindowStationUser
MsgWaitForMultipleObjects
SendDlgItemMessageW
RegisterDeviceNotificationW
IsCharLowerW
GetKeyboardType
GetTabbedTextExtentW
TransmitFile
GetTypeByNameW
gethostname
GetServiceA
s_perror
bind
ntohl
accept
WSAStartup
WSAGetLastError
connect
shutdown
htonl
EnumProtocolsA
WSASetLastError
select
SetServiceW
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 6
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
6144

ImageVersion
5.0

ProductName
Vzzm Wqkkt Kmzryeehl

FileVersionNumber
0.54234.0.10

UninitializedDataSize
270848

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.9.4009.50225

TimeStamp
2001:01:10 03:23:50+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Vzzm

ProductVersion
1.9.4009.50225

FileDescription
VzzmKldyft

OSVersion
5.1

OriginalFilename
Vzzm.exe

LegalCopyright
Copyright Olnlkgk

MachineType
Intel 386 or later, and compatibles

CompanyName
Olnlkgk

CodeSize
5120

FileSubtype
0

ProductVersionNumber
0.54234.0.10

EntryPoint
0x47b43

ObjectFileType
Executable application

File identification
MD5 8c8d43c8cfacf6d5c04e6f6ac7d4ff54
SHA1 d3fa2d4c31bba96ce79a6b6d3cff403d050cef32
SHA256 5d51b105de734b1023ce96c4b61743400d3a0a3b7d135b569b2da728cbd8b407
ssdeep
6144:N7sY2OvqQOPMKuQZQ7rowFVYrQQHFqVw:NWOv2PhQAUYrQQHFqVw

File size 275.5 KB ( 282112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (67.3%)
Win32 Executable MS Visual C++ (generic) (25.6%)
Win32 Executable (generic) (3.7%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-01 13:47:53 UTC ( 8 months, 3 weeks ago )
Last submission 2013-08-02 20:07:54 UTC ( 8 months, 3 weeks ago )
File names Vzzm.exe
2.exe
vti-rescan
contacts (2).exe
malekal_8c8d43c8cfacf6d5c04e6f6ac7d4ff54
contacts.exe
2.exe
Vzzm
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!