× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 658817f5f7722506868d9f717ee19b276fcab0d0ecac071d5d92a4178fdeb5b3
File name: b437274492e215c25f96711d04b44050
Detection ratio: 25 / 42
Analysis date: 2012-08-17 13:48:50 UTC ( 1 year, 8 months ago )
Antivirus Result Update
AVG Crypt_s.JM 20120817
AhnLab-V3 Backdoor/Win32.ZAccess 20120816
AntiVir TR/Sirefef.P.38 20120817
Avast Win32:ZAccess-HW [Trj] 20120816
BitDefender Gen:Variant.Kazy.86664 20120817
DrWeb BackDoor.Maxplus.5454 20120817
ESET-NOD32 Win32/Sirefef.EV 20120817
Emsisoft Backdoor.Win32.ZAccess!IK 20120817
F-Secure Gen:Variant.Kazy.86664 20120817
Fortinet W32/ZeroAccess.FE!tr 20120817
GData Gen:Variant.Kazy.86664 20120817
Ikarus Backdoor.Win32.ZAccess 20120817
Jiangmin Backdoor/ZAccess.eje 20120817
K7AntiVirus Backdoor 20120816
Kaspersky Backdoor.Win32.ZAccess.xsc 20120817
McAfee ZeroAccess.fe 20120817
McAfee-GW-Edition Artemis!B437274492E2 20120817
Microsoft Trojan:Win32/Sirefef.P 20120817
Norman W32/Troj_Generic.DKYSO 20120817
PCTools Trojan.Zeroaccess 20120817
Sophos Mal/EncPk-ACO 20120817
Symantec Trojan.Zeroaccess.C 20120817
TrendMicro-HouseCall TROJ_GEN.RCBH2HG 20120817
VIPRE Trojan.Win32.Generic!BT 20120817
ViRobot Backdoor.Win32.A.ZAccess.184320.G 20120817
Antiy-AVL 20120817
ByteHero 20120817
CAT-QuickHeal 20120817
ClamAV 20120817
Commtouch 20120817
Comodo 20120817
F-Prot 20120817
Panda 20120817
Rising 20120817
SUPERAntiSpyware 20120817
TheHacker 20120817
TotalDefense 20120816
TrendMicro 20120817
VBA32 20120817
VirusBuster 20120816
eSafe 20120816
nProtect 20120816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-02 15:56:26
Entry Point 0x00002E27
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
CreateICA
SetMapMode
TextOutW
PatBlt
SetWindowOrgEx
CreatePen
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
FillRgn
CreateRectRgnIndirect
EnumMetaFile
CombineRgn
GetClipBox
PlayMetaFile
EnumFontsA
GetBitmapBits
Rectangle
Polygon
GetObjectA
CloseMetaFile
LineTo
DeleteDC
RestoreDC
SetBkMode
SetMapperFlags
GetCharWidthW
Arc
BitBlt
GetCharWidthA
SetTextColor
CreatePatternBrush
GetDeviceCaps
SelectObject
CreateFontA
ExtTextOutW
CreateBitmap
MoveToEx
GetStockObject
CreateMetaFileA
ExtTextOutA
PtVisible
SetTextAlign
SelectClipRgn
EnumFontFamiliesExA
StretchBlt
GetTextFaceA
SetStretchBltMode
CreateCompatibleDC
GetMetaFileBitsEx
SetROP2
CreateRectRgn
Escape
DeleteObject
GetTextExtentPoint32A
Ellipse
GetCharWidth32W
SetRectRgn
SetWindowExtEx
CreateSolidBrush
GetMapMode
SetBkColor
CopyMetaFileA
GetCharWidth32A
SetViewportExtEx
CreateCompatibleBitmap
DeleteMetaFile
RectVisible
GetStdHandle
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
_llseek
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
MoveFileA
LoadResource
GlobalHandle
OutputDebugStringA
GetSystemTime
LocalLock
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
_lclose
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
HeapFree
SetHandleCount
lstrcmpiA
CreateMailslotW
GetOEMCP
GetTickCount
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetWindowsDirectoryA
GlobalLock
_lread
CompareStringW
GlobalReAlloc
lstrcmpA
lstrcpyA
GetProfileStringA
CompareStringA
GetProcAddress
GetTimeZoneInformation
GetFileType
CreateFileA
HeapAlloc
LocalUnlock
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
WinExec
OpenFile
_lwrite
GetEnvironmentStrings
LockResource
WideCharToMultiByte
GetCommandLineA
GetSystemDefaultLangID
RaiseException
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
FreeResource
GetSystemTimeAdjustment
SizeofResource
HeapCreate
IsBadReadPtr
FindResourceA
SysReAllocStringLen
SafeArraySetRecordInfo
GetErrorInfo
VariantChangeTypeEx
DragAcceptFiles
SetFocus
SetDlgItemTextA
GetMessagePos
MoveWindow
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
EndPaint
VkKeyScanA
GetMessageTime
DispatchMessageW
GetAsyncKeyState
DrawTextA
GetClassInfoA
GetMenu
CreateWindowExA
SendMessageA
GetClientRect
SetScrollPos
IsClipboardFormatAvailable
ClientToScreen
GetActiveWindow
ShowCursor
GetMenuStringA
GetWindowTextA
InvalidateRgn
PtInRect
GetMessageA
RegisterClassA
GetParent
UpdateWindow
EqualRect
CheckRadioButton
GetMessageW
ShowWindow
GetMenuState
EnableWindow
GetDlgItemTextA
PeekMessageA
ScrollDC
TranslateMessage
ActivateKeyboardLayout
RegisterClassW
LoadStringA
SetParent
SetClipboardData
IsZoomed
GetKeyboardLayoutList
DrawMenuBar
EnableMenuItem
InvertRect
GetSubMenu
SetTimer
GetKeyboardLayout
FillRect
CopyRect
IsWindowUnicode
GetCursorPos
DestroyWindow
IsDialogMessageA
MapWindowPoints
PostMessageA
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
DefWindowProcA
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetRectEmpty
SetCapture
ReleaseCapture
IntersectRect
SetWindowLongA
CheckDlgButton
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetClassLongW
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
CreateDialogParamA
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
LoadCursorA
LoadIconA
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
GetSystemMenu
GetMenuItemID
SetForegroundWindow
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
ReleaseDC
GetScrollRange
EndDialog
LoadMenuA
FindWindowA
MessageBeep
RemoveMenu
HiliteMenuItem
AppendMenuA
SetMenu
RegisterClipboardFormatA
GetDialogBaseUnits
MessageBoxA
GetWindowDC
DialogBoxParamA
LoadKeyboardLayoutA
GetSysColor
GetKeyState
GetDoubleClickTime
IsWindowVisible
WinHelpA
UnionRect
GetDC
SetRect
DeleteMenu
InvalidateRect
wsprintfA
IsRectEmpty
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
SetCursor
OleUninitialize
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleFlushClipboard
ReleaseStgMedium
GetHGlobalFromILockBytes
CoRegisterMessageFilter
OleGetClipboard
OleDuplicateData
CreateOleAdviseHolder
CreateILockBytesOnHGlobal
CoRegisterClassObject
OleInitialize
CoLockObjectExternal
OleRegEnumFormatEtc
CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
CoRevokeClassObject
GetRunningObjectTable
OleCreateMenuDescriptor
WriteClassStg
CoDisconnectObject
CoGetMalloc
OleSetClipboard
WriteFmtUserTypeStg
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:04:02 17:56:26+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
138091

LinkerVersion
7.0

EntryPoint
0x2e27

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
4096

File identification
MD5 b437274492e215c25f96711d04b44050
SHA1 6297367a8cba085cf01191e4ce8810bb37131c68
SHA256 658817f5f7722506868d9f717ee19b276fcab0d0ecac071d5d92a4178fdeb5b3
ssdeep
3072:ufimO4AYcpO4D2rdUz419nkz/XFm7cMW5Mz5OiqdwsnWJ/sLb5mFggyqWBOB80lv:ufiL4AYcp/EIzfXMeBdwsW1s3Mgfq+O6

File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (51.6%)
Windows Screen Saver (17.9%)
Win32 Executable Generic (11.6%)
Win32 Dynamic Link Library (generic) (10.3%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-14 12:41:21 UTC ( 1 year, 8 months ago )
Last submission 2012-08-17 13:48:50 UTC ( 1 year, 8 months ago )
File names 1344968547.184320.soft3.exe
b437274492e215c25f96711d04b44050
soft3.exe
184320_b437274492e215c25f96711d04b44050.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications