× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5fb7c948994b5bd3aa5a1272eb5c4798d8f44d915b90b88b6fafe0d0884d17f6
File name: RZiJnPLNuA.exe?ShV5TdrkLRL16u=751ae&h=16
Detection ratio: 42 / 55
Analysis date: 2014-09-28 15:00:50 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.88516 20140928
Yandex Trojan.Caphaw!RArPGPxQwlw 20140927
AhnLab-V3 Backdoor/Win32.Caphaw 20140928
Antiy-AVL Trojan/Win32.SGeneric 20140928
Avast Win32:Malware-gen 20140928
AVG Crypt3.GVD 20140928
Avira (no cloud) TR/Agent.BYXK 20140928
AVware Backdoor.Win32.Caphaw 20140927
Baidu-International Trojan.Win32.Kryptik.BZDT 20140928
BitDefender Gen:Variant.Zusy.88516 20140928
CAT-QuickHeal Trojan.Yakes.r4 20140927
CMC Packed.Win32.FakeAV-Crypter.6!O 20140925
Comodo UnclassifiedMalware 20140928
Cyren W32/Trojan.TGBF-5631 20140928
DrWeb BackDoor.Caphaw.77 20140928
Emsisoft Gen:Variant.Zusy.88516 (B) 20140928
ESET-NOD32 a variant of Win32/Kryptik.BZDT 20140928
F-Secure Gen:Variant.Zusy.88516 20140928
Fortinet W32/Caphaw.I!tr 20140928
GData Gen:Variant.Zusy.88516 20140928
Ikarus Trojan.Crypt3 20140928
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20140926
K7GW Unwanted-Program ( 004a8e8a1 ) 20140926
Kaspersky Trojan.Win32.Yakes.eplf 20140928
Kingsoft Win32.Troj.Undef.(kcloud) 20140928
Malwarebytes Backdoor.Bot.ED 20140928
McAfee Trojan-FDYV!BEA729166145 20140928
McAfee-GW-Edition Trojan-FDYV!BEA729166145 20140927
Microsoft Backdoor:Win32/Caphaw.A 20140928
eScan Gen:Variant.Zusy.88516 20140928
NANO-Antivirus Trojan.Win32.Caphaw.cwgska 20140928
Norman Troj_Generic.TLIEZ 20140928
Panda Trj/CI.A 20140928
Qihoo-360 HEUR/Malware.QVM08.Gen 20140928
Rising PE:Trojan.Win32.Generic.16A865E0!380134880 20140927
Sophos AV Troj/Caphaw-BX 20140928
Symantec Trojan.Shylock!gen9 20140928
TrendMicro TROJ_GEN.R0CBC0CDB14 20140928
TrendMicro-HouseCall TROJ_GEN.R0CBC0CDB14 20140928
VBA32 Trojan.MTA.01011 20140926
VIPRE Backdoor.Win32.Caphaw 20140928
Zillya Trojan.Yakes.Win32.23445 20140928
AegisLab 20140928
Bkav 20140925
ByteHero 20140928
ClamAV 20140928
F-Prot 20140928
Jiangmin 20140927
nProtect 20140928
SUPERAntiSpyware 20140928
Tencent 20140928
TheHacker 20140924
TotalDefense 20140928
ViRobot 20140928
Zoner 20140925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-03 09:59:36
Entry Point 0x00001573
Number of sections 4
PE sections
PE imports
GetDeviceCaps
SelectObject
GetLastError
HeapFree
GetStdHandle
LCMapStringW
VirtualAllocEx
TerminateThread
GetOEMCP
GetEnvironmentStringsW
HeapDestroy
ExitProcess
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
SetHandleCount
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
GetSystemInfo
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
DeleteFileW
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
ResumeThread
LCMapStringA
HeapCreate
VirtualQuery
VirtualFree
Sleep
GetFileType
GetTickCount
HeapAlloc
GetCurrentThreadId
VirtualAlloc
VariantCopy
EnumProcessModules
PostMessageA
Number of PE resources by type
RT_ICON 8
RT_BITMAP 4
RT_DIALOG 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 16
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
589824

ImageVersion
0.0

FileVersionNumber
3.0.2.2

LanguageCode
Russian

FileFlagsMask
0x0017

CharacterSet
Unknown (34B2)

LinkerVersion
7.1

MIMEType
application/octet-stream

TimeStamp
2014:04:03 10:59:36+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:04:19 23:11:31+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:04:19 23:11:31+01:00

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

FileSubtype
0

ProductVersionNumber
3.0.2.2

EntryPoint
0x1573

ObjectFileType
Unknown

File identification
MD5 bea7291661450a1f85c27d7de62220a2
SHA1 acf9fda84896090796f5787d57e5a011e2bae838
SHA256 5fb7c948994b5bd3aa5a1272eb5c4798d8f44d915b90b88b6fafe0d0884d17f6
ssdeep
3072:puIzUcJD6HXMFWqXvNJ4A9WaF2nOduO+NIE8qWYPYPVnWlQD6J9Noar:Ec7yMMy7Rw6JINn8QYPVWlQPar

authentihash 296cdf1c0a9f912b9e9e7c92a0e9b28c24feca7879ddd73cfacc60f90fac7cfe
imphash eddc0bf89083128ce205d3c04871db7a
File size 604.0 KB ( 618496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-03 12:58:17 UTC ( 4 years, 11 months ago )
Last submission 2014-04-03 12:58:17 UTC ( 4 years, 11 months ago )
File names wwghovrqhviqlsxkrfd.exe
RZiJnPLNuA.exe?ShV5TdrkLRL16u=751ae&h=16
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
TCP connections
UDP communications