× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62e36c696c8bff15ba6a1b58774485ca4f18c704af9410495b4b7d24fe437901
File name: ca4b79a33ea6e311eafa59a6c3fffee2
Detection ratio: 36 / 44
Analysis date: 2012-10-23 03:41:08 UTC ( 1 year, 5 months ago )
Antivirus Result Update
AVG PSW.Generic7.CCUA 20121023
Agnitum Trojan.PWS.Zbot!LxEIs3O3XIg 20121022
AhnLab-V3 Trojan/Win32.Katusha 20121022
AntiVir TR/Crypt.ZPACK.Gen 20121023
Avast Win32:Malware-gen 20121022
BitDefender Trojan.Generic.3587980 20121023
ClamAV Trojan.Zbot-19938 20121023
Commtouch W32/MalwareS.UHM 20121023
Comodo TrojWare.Win32.TrojanSpy.Zbot.Gen 20121023
DrWeb Trojan.PWS.Panda.171 20121022
ESET-NOD32 a variant of Win32/Kryptik.CXF 20121022
Emsisoft Trojan.Generic.3587980 (B) 20121023
F-Prot W32/MalwareS.UHM 20121023
F-Secure Trojan.Generic.3587980 20121023
Fortinet W32/Zbot.AIVX!tr 20121022
GData Trojan.Generic.3587980 20121023
Ikarus Packed.Win32.Katusha 20121023
Jiangmin Packed.Krap.bsuj 20121022
K7AntiVirus Riskware 20121022
Kaspersky Packed.Win32.Katusha.o 20121023
McAfee Artemis!CA4B79A33EA6 20121023
McAfee-GW-Edition Artemis!CA4B79A33EA6 20121023
MicroWorld-eScan Trojan.Generic.3587980 20121023
Microsoft PWS:Win32/Zbot.gen!R 20121023
Norman W32/Suspicious_Gen2.KEUED 20121022
PCTools Trojan.Gen 20121022
Panda Generic Trojan 20121022
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert[Rn] 20121023
Sophos Mal/FakeAV-CH 20121023
Symantec Trojan.Gen 20121023
TheHacker Trojan/Spy.Zbot.aivx 20121023
TrendMicro TROJ_ZBOT.COC 20121023
TrendMicro-HouseCall TROJ_ZBOT.COC 20121023
VBA32 TrojanSpy.Zbot.aivx 20121022
VIPRE Trojan.Win32.Generic!BT 20121023
nProtect Trojan.Generic.3587980 20121022
Antiy-AVL 20121023
ByteHero 20121022
CAT-QuickHeal 20121022
Kingsoft 20121008
Rising 20121022
TotalDefense 20121022
ViRobot 20121023
eSafe 20121017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher uSkaKINHG
Product uSkaKINHG
Original name uSkaKINHG.exe
Internal name uSkaKINHG.exe
File version 2.0.0.8
Description nUeyUTAPjIFe
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-28 13:09:20
Entry Point 0x0000BF9F
Number of sections 4
PE sections
PE imports
HeapAlloc
HeapFree
GetStdHandle
GetCPInfo
LoadLibraryW
WaitForSingleObject
GetCommandLineW
SetEvent
WriteFile
Sleep
CloseHandle
CreateFileA
GetCommandLineA
GetModuleFileNameA
GetProcessHeap
GetModuleHandleW
GetVersion
GetCurrentThread
_except_handler3
__p__fmode
_exit
__p__commode
__setusermatherr
fclose
memcpy
__p___initenv
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
memchr
__set_app_type
SendMessageTimeoutA
CreateMenu
DispatchMessageA
GetWindow
SetMenuItemBitmaps
PostQuitMessage
EnumWindows
SetUserObjectSecurity
RegisterWindowMessageA
CheckRadioButton
GetDlgCtrlID
TranslateMessage
CheckMenuRadioItem
GetUserObjectSecurity
LoadBitmapA
GetKeyState
Ord(23)
Ord(115)
Ord(116)
Number of PE resources by type
RT_MENU 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 3
ExifTool file metadata
CodeSize
45568

SubsystemVersion
4.0

InitializedDataSize
125952

ImageVersion
0.0

ProductName
uSkaKINHG

FileVersionNumber
2.0.0.6

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x001f

CharacterSet
Unicode

LinkerVersion
8.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
2.0.0.8

TimeStamp
2010:02:28 13:09:20+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
uSkaKINHG.exe

ProductVersion
2.0.0.8

FileDescription
nUeyUTAPjIFe

OSVersion
4.0

OriginalFilename
uSkaKINHG.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
uSkaKINHG

LegalTrademarks
nUeyUTAPjIFe

FileSubtype
0

ProductVersionNumber
2.0.0.6

EntryPoint
0xbf9f

ObjectFileType
Executable application

File identification
MD5 ca4b79a33ea6e311eafa59a6c3fffee2
SHA1 bcb7be2a6a5e4f916448d1eac97ec1c8c14c4a1d
SHA256 62e36c696c8bff15ba6a1b58774485ca4f18c704af9410495b4b7d24fe437901
ssdeep
6144:q74fcewi3wCTGeO58Rb24zh375kQv3i8oG5SCaNRZk6v8x+bVZ3FAPYw0PJV2ZVQ:vUfiACC758Rb20N7BK8NSNDk6EaYYz3Z

File size 341.5 KB ( 349696 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-03-30 07:41:55 UTC ( 3 years ago )
Last submission 2012-10-23 03:41:08 UTC ( 1 year, 5 months ago )
File names sdra64.exe
sdra64.ex_
ca4b79a33ea6e311eafa59a6c3fffee2
uSkaKINHG.exe
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!