× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 64d18e40abb37d7bdf1d5b5eb49f409f4919a1013a7a8c322daa73173ea66bd3
File name: vt-upload-NNrX2
Detection ratio: 25 / 53
Analysis date: 2014-05-22 20:49:47 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.142264 20140522
Yandex TrojanSpy.Zbot!eGqia6umdPM 20140522
Antiy-AVL Trojan/Win32.SGeneric 20140522
Avast Win32:Zbot-TUF [Trj] 20140522
BitDefender Gen:Variant.Graftor.142264 20140522
DrWeb Trojan.Siggen6.17292 20140522
Emsisoft Gen:Variant.Graftor.142264 (B) 20140522
ESET-NOD32 a variant of Win32/Injector.BECS 20140522
F-Secure Gen:Variant.Graftor.142264 20140522
GData Gen:Variant.Graftor.142264 20140522
Jiangmin Trojan/Badur.ctt 20140522
K7AntiVirus Trojan ( 0049a74a1 ) 20140522
K7GW Trojan ( 0049a74a1 ) 20140522
Kaspersky Trojan-Spy.Win32.Zbot.svzk 20140522
Malwarebytes Spyware.Zbot.ED 20140522
McAfee Artemis!843046EB1404 20140522
McAfee-GW-Edition Artemis!843046EB1404 20140522
Microsoft VirTool:Win32/CeeInject.gen!KK 20140522
eScan Gen:Variant.Graftor.142264 20140522
NANO-Antivirus Trojan.Win32.Badur.cykrld 20140522
Panda Trj/CI.A 20140522
Qihoo-360 HEUR/Malware.QVM19.Gen 20140522
Sophos AV Mal/Generic-S 20140522
SUPERAntiSpyware Trojan.Agent/Gen-Krytpik 20140522
VIPRE Trojan.Win32.Generic!BT 20140522
AegisLab 20140522
AhnLab-V3 20140522
AntiVir 20140522
AVG 20140522
Baidu-International 20140522
Bkav 20140521
ByteHero 20140522
CAT-QuickHeal 20140522
ClamAV 20140522
CMC 20140521
Commtouch 20140522
Comodo 20140522
F-Prot 20140522
Fortinet 20140522
Ikarus 20140522
Kingsoft 20140522
Norman 20140522
nProtect 20140522
Rising 20140522
Symantec 20140522
Tencent 20140522
TheHacker 20140522
TotalDefense 20140522
TrendMicro 20140522
TrendMicro-HouseCall 20140522
VBA32 20140522
ViRobot 20140522
Zillya 20140522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
???? (C) 2007

Product Jjb ????
Original name Jjb.EXE
Internal name Jjb
File version 1, 0, 0, 1
Packers identified
F-PROT 7Z, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-02 20:37:21
Entry Point 0x00005724
Number of sections 4
PE sections
PE imports
SetPixel
Ellipse
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameW
CreateFileW
CreateFileA
GetModuleFileNameA
VirtualAlloc
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(4545)
Ord(3136)
Ord(4524)
Ord(554)
Ord(5012)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(540)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5105)
Ord(5301)
Ord(4297)
Ord(4163)
Ord(1979)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4245)
Ord(3869)
Ord(4529)
Ord(354)
Ord(4531)
Ord(815)
Ord(2723)
Ord(641)
Ord(2494)
Ord(3403)
Ord(3351)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(2379)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1945)
Ord(1859)
Ord(6376)
Ord(4246)
Ord(4614)
Ord(2117)
Ord(401)
Ord(1727)
Ord(823)
Ord(5186)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4303)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(6000)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(4615)
Ord(1726)
Ord(560)
Ord(5101)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(2880)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3346)
Ord(4152)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(289)
Ord(2364)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(4238)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(2383)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(976)
Ord(2818)
Ord(4376)
Ord(6055)
Ord(1776)
Ord(2878)
Ord(2621)
Ord(4623)
Ord(324)
Ord(296)
Ord(2391)
Ord(3830)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(402)
Ord(3079)
Ord(4899)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(4468)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(4428)
Ord(807)
Ord(4622)
Ord(561)
Ord(1746)
Ord(411)
Ord(5102)
Ord(4543)
Ord(4133)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5254)
Ord(613)
Ord(5163)
Ord(2626)
Ord(5265)
Ord(4858)
Ord(4153)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(5731)
Ord(3318)
_except_handler3
__p__fmode
malloc
_XcptFilter
_acmdln
__CxxFrameHandler
_ftol
__p__commode
__dllonexit
_setmbcp
_controlfp
exit
_exit
__getmainargs
_initterm
__setusermatherr
_onexit
_adjust_fdiv
__set_app_type
EnableWindow
GetClientRect
UpdateWindow
InvalidateRect
Number of PE resources by type
RT_STRING 14
Struct(144) 5
RT_MENU 2
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 25
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:01:02 21:37:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
86016

LinkerVersion
8.0

FileAccessDate
2014:05:22 21:51:16+01:00

EntryPoint
0x5724

InitializedDataSize
20480

SubsystemVersion
4.144

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:05:22 21:51:16+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 843046eb1404a49910ab433424d64c6b
SHA1 47ccc45002962c7189274ac3c6e8e0326469f3f7
SHA256 64d18e40abb37d7bdf1d5b5eb49f409f4919a1013a7a8c322daa73173ea66bd3
ssdeep
6144:Fswql5lKfVLQHkTzwYBEJe00CMcADG0z38b0pi:FgPQB8cwMkebjc

imphash a2955b14e9d1ade5f4624afcc2605923
File size 227.3 KB ( 232761 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-22 20:49:47 UTC ( 4 years, 10 months ago )
Last submission 2014-05-22 20:49:47 UTC ( 4 years, 10 months ago )
File names Jjb.EXE
vt-upload-NNrX2
Jjb
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!