× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68971172e5d1cf5d82776280f67218ba0cf233731e583dfde342afa7ee25ccdd
File name: jzasexyk.exe
Detection ratio: 40 / 53
Analysis date: 2015-12-10 03:55:22 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.56222 20151210
Yandex Backdoor.Androm!p3EKtN1kFl8 20151209
AhnLab-V3 Trojan/Win32.Cryptolocker 20151209
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20151210
Arcabit Trojan.Symmi.DDB9E 20151210
Avast Win32:Malware-gen 20151210
AVG Agent5.AFFZ 20151209
Avira (no cloud) TR/Crypt.ZPACK.181114 20151210
AVware Win32.Malware!Drop 20151210
Baidu-International Backdoor.Win32.Androm.iecs 20151209
BitDefender Gen:Variant.Symmi.56222 20151210
CAT-QuickHeal Ransom.TeslaCrypt.WR4 20151209
Cyren W32/Trojan.XSUR-6026 20151210
DrWeb Trojan.Encoder.761 20151210
Emsisoft Trojan.Win32.Filecoder (A) 20151210
ESET-NOD32 Win32/Filecoder.DI 20151210
F-Secure Trojan:W32/TeslaCrypt.A 20151210
Fortinet W32/CRYPTLOCK.C!tr 20151210
GData Gen:Variant.Symmi.56222 20151210
Ikarus Trojan.Win32.Filecoder 20151210
Jiangmin Backdoor/Androm.szh 20151209
K7AntiVirus Trojan ( 004b8b881 ) 20151209
K7GW Trojan ( 004b8b881 ) 20151210
Kaspersky Backdoor.Win32.Androm.iecs 20151210
McAfee RDN/Generic BackDoor 20151210
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.jh 20151210
Microsoft Ransom:Win32/Teerac.A 20151210
eScan Gen:Variant.Symmi.56222 20151210
NANO-Antivirus Trojan.Win32.Androm.dwtlzo 20151210
nProtect Backdoor/W32.Androm.640706 20151209
Panda Trj/Genetic.gen 20151209
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151210
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20151209
Symantec Trojan.Cryptolocker.H 20151208
TrendMicro TROJ_CRYPTLOCK.C 20151210
TrendMicro-HouseCall TROJ_CRYPTLOCK.C 20151210
VBA32 Backdoor.Androm 20151209
VIPRE Win32.Malware!Drop 20151210
ViRobot Trojan.Win32.Upatre.640706[h] 20151209
Zillya Backdoor.Androm.Win32.26707 20151208
AegisLab 20151209
Alibaba 20151208
Bkav 20151209
ByteHero 20151210
ClamAV 20151209
CMC 20151210
Comodo 20151208
F-Prot 20151210
Malwarebytes 20151210
SUPERAntiSpyware 20151210
TheHacker 20151209
TotalDefense 20151208
Zoner 20151210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-02-13 15:18:13
Entry Point 0x0000F7E6
Number of sections 4
PE sections
Overlays
MD5 4f5263d19db89fad0b7188da737c73cb
File type data
Offset 466944
Size 173762
Entropy 7.95
PE imports
SetSecurityDescriptorOwner
MakeSelfRelativeSD
OpenServiceA
GetExplicitEntriesFromAclW
RegQueryValueExA
OpenBackupEventLogW
AccessCheck
GetAce
AdjustTokenPrivileges
ControlService
RegSetKeySecurity
LsaDeleteTrustedDomain
RegCreateKeyExA
DeleteService
OpenBackupEventLogA
DecryptFileW
RegQueryValueExW
EqualPrefixSid
LookupAccountNameA
RegReplaceKeyA
GetSidSubAuthority
RegisterEventSourceW
RegConnectRegistryW
AddAccessAllowedAce
SetSecurityInfo
IsValidSid
RegReplaceKeyW
RegOpenKeyW
RegEnumKeyA
CloseEventLog
PrivilegedServiceAuditAlarmW
ChangeServiceConfig2A
LsaQueryTrustedDomainInfoByName
BuildTrusteeWithNameW
LsaLookupNames
SetServiceStatus
LsaQueryTrustedDomainInfo
GetSidIdentifierAuthority
RegisterServiceCtrlHandlerW
ObjectCloseAuditAlarmW
RegOpenKeyExA
BuildExplicitAccessWithNameW
CreateRestrictedToken
RegLoadKeyW
BuildTrusteeWithNameA
LsaEnumerateTrustedDomains
RegOverridePredefKey
ObjectPrivilegeAuditAlarmA
LsaRetrievePrivateData
LsaQueryInformationPolicy
RegEnumValueW
RegSaveKeyA
EnumServicesStatusA
RegSetValueExW
SetSecurityDescriptorGroup
GetSidLengthRequired
OpenSCManagerW
RegOpenKeyA
BackupEventLogA
QueryServiceLockStatusW
SetEntriesInAclA
EnumDependentServicesW
BackupEventLogW
GetKernelObjectSecurity
ReportEventA
AddAce
FlatSB_GetScrollRange
ImageList_Copy
InitializeFlatSB
ImageList_Remove
FlatSB_SetScrollRange
Ord(8)
ImageList_Draw
ImageList_Create
PropertySheetA
ImageList_Merge
Ord(6)
ImageList_DrawEx
FlatSB_SetScrollPos
CreatePropertySheetPageA
Ord(5)
ImageList_LoadImageW
ImageList_SetDragCursorImage
GetPrivateProfileSectionW
GetStartupInfoA
BuildCommDCBAndTimeoutsA
GetModuleHandleA
LoadLibraryW
GetProcessTimes
BackupWrite
AreFileApisANSI
LZSeek
Ord(324)
Ord(3825)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(5199)
Ord(4425)
Ord(4627)
Ord(1168)
Ord(3597)
Ord(3738)
Ord(4853)
Ord(6375)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(5241)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(4353)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(3081)
Ord(2648)
Ord(5714)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(5300)
Ord(6376)
Ord(561)
Ord(3831)
Ord(3346)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(2385)
Ord(2976)
Ord(2985)
Ord(815)
Ord(4486)
Ord(641)
Ord(4698)
Ord(4998)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(4673)
Ord(2554)
Ord(5163)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
_setmbcp
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
EnableWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerInstallFileA
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA
Number of PE resources by type
RT_DIALOG 10
RT_ICON 9
RT_MENU 7
RT_ACCELERATOR 6
RT_GROUP_ICON 4
RT_VERSION 1
Number of PE resources by language
ENGLISH ARABIC QATAR 15
SAAMI ARABIC LIBYA 11
SERBIAN ARABIC ALGERIA 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

FileOS
Win32

TimeStamp
2007:02:13 15:18:13+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
6.0

FileSubtype
0

ProductVersionNumber
0.194.70.134

FileTypeExtension
exe

InitializedDataSize
401408

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileVersionNumber
0.36.39.103

EntryPoint
0xf7e6

UninitializedDataSize
0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 09e54636eb4de5e782cc19a9b7dcf267
SHA1 92e439fc339a91500004ccf5e3c3009992daa3a3
SHA256 68971172e5d1cf5d82776280f67218ba0cf233731e583dfde342afa7ee25ccdd
ssdeep
12288:vSi4CrkQoIuWHDnauALpSqpmluQO6lKdtQwvyvSuYVGgL:vSiTYQT1jnaua0lujvDew

authentihash fbb28f8ab04f35ada9d9475c71b7189a0487f4c975f1c0f14d490e1dfe2a9ba0
imphash 5462ba9e2cb8ae5b4a4f6d535ba7d76a
File size 625.7 KB ( 640706 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-08 06:48:03 UTC ( 3 years, 4 months ago )
Last submission 2015-12-10 03:55:22 UTC ( 3 years, 1 month ago )
File names Adres_Degisikligi_Form.exe
jzasexyk.exe
68971172e5d1cf5d82776280f67218ba0cf233731e583dfde342afa7ee25ccdd.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs