× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62534fd166961ae02cb891649944ea404b4fac0837ffacb5d595b6abb70237e1
File name: vt-upload-avRYW
Detection ratio: 28 / 51
Analysis date: 2014-06-06 08:02:38 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BDGI 20140606
Yandex TrojanSpy.Zbot!1KLoB5b2bxU 20140605
AhnLab-V3 Dropper/Win32.Necurs 20140605
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140606
Avast Win32:FakeAV-FKB [Trj] 20140606
AVG ScreenLocker_s.AHF 20140606
Baidu-International Trojan.Win32.Injector.bBEWB 20140606
BitDefender Trojan.Agent.BDGI 20140606
DrWeb Trojan.DownLoad3.32895 20140606
Emsisoft Trojan.Agent.BDGI (B) 20140606
ESET-NOD32 Win32/Injector.BEWB 20140606
F-Secure Trojan.Agent.BDGI 20140606
GData Trojan.Agent.BDGI 20140606
K7AntiVirus Trojan ( 0049af141 ) 20140605
K7GW Trojan ( 0049af141 ) 20140605
Kaspersky Trojan-Spy.Win32.Zbot.tccf 20140606
Kingsoft Win32.Troj.Undef.(kcloud) 20140606
Malwarebytes Spyware.Zbot.ED 20140606
McAfee BackDoor-FAVN!B9BFF6E91B83 20140606
McAfee-GW-Edition BackDoor-FAVN!B9BFF6E91B83 20140606
Microsoft VirTool:Win32/CeeInject.gen!KK 20140606
eScan Trojan.Agent.BDGI 20140606
NANO-Antivirus Trojan.Win32.Xpack.cztkne 20140606
Sophos Troj/Agent-AHHA 20140606
Symantec Trojan.Gen 20140606
TrendMicro-HouseCall TROJ_ROVNIX.SMW 20140606
VBA32 TrojanSpy.Zbot 20140606
VIPRE Trojan.Win32.Generic!BT 20140606
AegisLab 20140606
AntiVir 20140606
Bkav 20140604
ByteHero 20140606
CAT-QuickHeal 20140606
ClamAV 20140606
CMC 20140605
Commtouch 20140606
Comodo 20140606
F-Prot 20140606
Fortinet 20140606
Ikarus 20140606
Norman 20140606
nProtect 20140605
Panda 20140605
Qihoo-360 20140606
Rising 20140605
SUPERAntiSpyware 20140606
Tencent 20140606
TheHacker 20140606
TotalDefense 20140605
TrendMicro 20140606
ViRobot 20140606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-28 16:21:42
Entry Point 0x00002330
Number of sections 5
PE sections
PE imports
GetStartupInfoA
GetModuleFileNameW
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(2120)
Ord(3136)
Ord(4524)
Ord(554)
Ord(5012)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(2124)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4890)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5105)
Ord(5301)
Ord(2383)
Ord(4163)
Ord(4246)
Ord(4964)
Ord(6215)
Ord(4245)
Ord(3869)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(641)
Ord(2494)
Ord(4428)
Ord(3351)
Ord(4353)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(796)
Ord(4823)
Ord(1746)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1945)
Ord(1859)
Ord(6376)
Ord(4614)
Ord(2117)
Ord(401)
Ord(1727)
Ord(823)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(6375)
Ord(5283)
Ord(2621)
Ord(1726)
Ord(4077)
Ord(5101)
Ord(6336)
Ord(4238)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(2880)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(807)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(976)
Ord(4376)
Ord(2626)
Ord(1776)
Ord(402)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(2391)
Ord(3830)
Ord(2385)
Ord(4613)
Ord(5871)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(2399)
Ord(4468)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4615)
Ord(4622)
Ord(561)
Ord(2390)
Ord(411)
Ord(5102)
Ord(4543)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(560)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5254)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4152)
Ord(4858)
Ord(4153)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(5731)
__p__fmode
_wfopen
fread
fclose
__dllonexit
__p__acmdln
fopen
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
__CxxFrameHandler
_adjust_fdiv
__getmainargs
_exit
_setmbcp
_initterm
_controlfp
__set_app_type
EnableWindow
UpdateWindow
Number of PE resources by type
RT_STRING 13
RT_MENU 2
RT_DIALOG 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:28 16:21:42+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6144

LinkerVersion
5.0

FileAccessDate
2014:06:06 08:04:36+00:00

EntryPoint
0x2330

InitializedDataSize
14336

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:06:06 08:04:36+00:00

UninitializedDataSize
0

File identification
MD5 b9bff6e91b835e4c723eb626a63afaa7
SHA1 99a2c661a0e1b31069b877b607597cda2e84b791
SHA256 62534fd166961ae02cb891649944ea404b4fac0837ffacb5d595b6abb70237e1
ssdeep
3072:2CBztO0v1eFRNVKzSTIs7YCxTCH2DO2u9dZL5IHQOPjJqsLKsXrBhjU3Cg:2WwKOTIsMCxTCWDMftsQOPjJqSdh4

imphash 5e8b3e396afbcf0bc6c8179d05f90b92
File size 187.0 KB ( 191496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe installshield

VirusTotal metadata
First submission 2014-06-06 08:02:38 UTC ( 2 years, 10 months ago )
Last submission 2014-06-06 08:02:38 UTC ( 2 years, 10 months ago )
File names vt-upload-avRYW
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests