× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5fad8271341ccf1ce3447ec12378421f9f8f10fb4f6cc679cb2ade1e751bb3af
File name: hisa.exe
Detection ratio: 24 / 42
Analysis date: 2012-10-02 06:53:00 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20121001
AntiVir TR/Spy.ZBot.plc.1 20121001
Avast Win32:Zbot-PLC [Trj] 20121001
AVG Win32/Cryptor 20121001
BitDefender Trojan.Generic.KDV.732391 20121001
DrWeb Trojan.PWS.Panda.2005 20121001
eScan Trojan.Generic.KDV.732391 20121001
ESET-NOD32 Win32/Spy.Zbot.AAO 20121001
F-Secure Trojan.Generic.KDV.732391 20121001
GData Trojan.Generic.KDV.732391 20121001
Ikarus Virus.Win32.Cryptor 20121001
Jiangmin TrojanSpy.Zbot.cfls 20121001
K7AntiVirus Spyware 20121001
Kaspersky Trojan-Spy.Win32.Zbot.ewpv 20121001
McAfee PWS-Zbot.gen.ame 20121001
McAfee-GW-Edition PWS-Zbot.gen.ame 20121001
Microsoft PWS:Win32/Zbot 20121001
nProtect Trojan/W32.Agent.159744.AVM 20121001
Panda Trj/Genetic.gen 20121001
PCTools Trojan-PSW.Generic!rem 20121001
Sophos AV Mal/EncPk-AGT 20121001
Symantec Infostealer 20121001
TheHacker Trojan/Spy.Zbot.ewpv 20121001
VIPRE Trojan.Win32.Generic!BT 20121001
Antiy-AVL 20121001
ByteHero 20121001
CAT-QuickHeal 20121001
ClamAV 20121001
Commtouch 20121001
Comodo 20121001
Emsisoft 20120919
eSafe 20120927
F-Prot 20120926
Fortinet 20121001
Norman 20121001
Rising 20120928
SUPERAntiSpyware 20120911
TotalDefense 20121001
TrendMicro 20121001
TrendMicro-HouseCall 20121001
VBA32 20121001
ViRobot 20121001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product FmBeR5pM0l3qgewbDJEDTK0zRx1Au6CzRqjmdqtUc0v
Original name cyh75lMlEqeLbXV.exe
File version 3.51.899.75
Description Ft4215opMXkGADiKCRGSMAj6y10
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-21 00:47:26
Entry Point 0x00005E30
Number of sections 4
PE sections
Overlays
MD5 a9cc6a77b11fe9698abb8fe99a8298a9
File type data
Offset 158720
Size 1024
Entropy 7.79
PE imports
GetLastError
HeapFree
VirtualAllocEx
FileTimeToSystemTime
GetThreadPriorityBoost
EnumResourceLanguagesA
ScrollConsoleScreenBufferA
GetOEMCP
GlobalFindAtomA
GetTickCount
GetCommMask
GlobalUnfix
WaitForSingleObjectEx
SetConsoleScreenBufferSize
IsDBCSLeadByte
CreateRemoteThread
FreeEnvironmentStringsA
GetQueuedCompletionStatus
FindFirstFileExW
UnlockFile
GetLogicalDriveStringsW
GetLocaleInfoA
GetFileSizeEx
GetCalendarInfoW
SetConsoleCursor
SetHandleCount
SetProcessAffinityMask
CopyFileExW
GetConsoleScreenBufferInfo
lstrcpyA
AddAtomW
EnumResourceTypesA
GetProfileStringW
lstrlenA
CreateSemaphoreA
CreateThread
DeleteVolumeMountPointW
GetModuleHandleA
IsSystemResumeAutomatic
GetCommTimeouts
GetExitCodeThread
ReadConsoleOutputCharacterW
WriteFile
FindNextVolumeMountPointW
HeapValidate
MapUserPhysicalPagesScatter
IsProcessorFeaturePresent
DeleteTimerQueueTimer
ExitThread
GetDiskFreeSpaceA
SetThreadExecutionState
SetVolumeLabelW
GetCompressedFileSizeA
MoveFileA
IsBadHugeWritePtr
CreateProcessA
RemoveDirectoryA
SetCommConfig
RtlFillMemory
GetEnvironmentVariableA
FindResourceW
RtlMoveMemory
AllocConsole
GetConsoleDisplayMode
WriteProfileSectionW
IsBadStringPtrA
QueueUserWorkItem
OpenEventA
GetStartupInfoA
WriteConsoleW
CreateHardLinkW
_wexecl
_mbsncpy
_sleep
__p__fmode
wcstoul
_spawnl
_wgetdcwd
_aligned_offset_realloc
_ultow
strtoul
_ismbcl2
_getch
_wfullpath
_wexecvp
feof
_wspawnle
strchr
_creat
raise
_wfindnext
_sys_nerr
_chdir
__p__commode
sqrt
_heapwalk
_get_osfhandle
_adj_fdivr_m16i
_chgsign
abs
exit
_XcptFilter
_mbsnbcnt
_safe_fprem
_spawnvp
_utime
_mbsspnp
_acmdln
_wunlink
_aligned_malloc
__set_app_type
_exit
_adjust_fdiv
__setusermatherr
_ismbbkalnum
gmtime
_splitpath
_strupr
iswxdigit
_cgets
_putw
_aligned_offset_malloc
sinh
__getmainargs
_wgetcwd
setbuf
_write
_callnewh
_locking
_wstati64
_fputchar
_except_handler3
_wremove
_resetstkoflw
_aexit_rtn
_mbctombb
_setjmp
_wmkdir
strcpy
_findnext64
_findnexti64
_initterm
_controlfp
isupper
strftime
_iob
CharPrevA
GetMonitorInfoW
GetClassInfoExW
DdeConnect
GetKeyboardLayoutNameA
IntersectRect
GetScrollInfo
EqualRect
EnumWindows
EndDialog
SetLastErrorEx
ValidateRgn
ShowWindowAsync
GetMessageW
LockSetForegroundWindow
wvsprintfW
EnumDisplayMonitors
DdeDisconnect
DdeCreateStringHandleA
GetLastInputInfo
InflateRect
LookupIconIdFromDirectory
RegisterClipboardFormatA
IsRectEmpty
CharUpperBuffA
LoadKeyboardLayoutW
ChangeMenuW
CharToOemBuffW
SetProcessWindowStation
mouse_event
LoadCursorFromFileW
MsgWaitForMultipleObjectsEx
SwapMouseButton
GetMenuItemID
GetAsyncKeyState
DdeQueryNextServer
SetClassWord
wvsprintfA
EnumDisplayDevicesA
MessageBoxExW
GetWindowPlacement
SendDlgItemMessageW
UnpackDDElParam
DefWindowProcW
GetInputDesktop
GetDC
UpdateWindow
LoadImageW
DrawFrame
SetCaretBlinkTime
CharNextA
DeferWindowPos
EnumClipboardFormats
IsWindowUnicode
LoadIconW
EnumPropsW
GetTabbedTextExtentW
CloseClipboard
CreateAcceleratorTableA
ReplyMessage
DialogBoxIndirectParamA
Number of PE resources by type
RT_DIALOG 4
RT_BITMAP 3
RT_STRING 2
RT_MENU 2
kE 1
RT_VERSION 1
Struct(285) 1
Number of PE resources by language
RUSSIAN 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.51.899.75

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ft4215opMXkGADiKCRGSMAj6y10

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
163840

EntryPoint
0x5e30

OriginalFileName
cyh75lMlEqeLbXV.exe

MIMEType
application/octet-stream

FileVersion
3.51.899.75

TimeStamp
2005:05:21 01:47:26+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.51.899.75

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
78336

ProductName
FmBeR5pM0l3qgewbDJEDTK0zRx1Au6CzRqjmdqtUc0v

ProductVersionNumber
3.51.899.75

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 43fc74fcd1db42bcbedddac215a69c26
SHA1 fd40db5d50e14a0b0ad1fd9e65ed2e230a412994
SHA256 5fad8271341ccf1ce3447ec12378421f9f8f10fb4f6cc679cb2ade1e751bb3af
ssdeep
3072:e+5I4aBc53rhiC9pdTvfqRPEnKZxuxtcl7DD3BtQC1e:eIrxvRfqRPESutu7DDxt34

authentihash 37b3d10477ae76f24c62096a33136ec42e993321c7f34247822a244a8ea95f7b
imphash ef164725c79a111354648c4675051085
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-10-02 06:53:00 UTC ( 6 years, 5 months ago )
Last submission 2019-01-28 06:24:25 UTC ( 1 month, 3 weeks ago )
File names 5fad8271341ccf1ce3447ec12378421f9f8f10fb4f6cc679cb2ade1e751bb3af.bin
43FC74FCD1DB42BCBEDDDAC215A69C26.exe
1349380570.hisa.exe
hisa.exe
5fad8271341ccf1ce3447ec12378421f9f8f10fb4f6cc679cb2ade1e751bb3af.vir
cyh75lMlEqeLbXV.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.