× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c23c04a3ca8cd09d1d5c1eaba154e8eb97be2e099b407ce363e21294c25f320
File name: vt-upload-voDzd
Detection ratio: 22 / 54
Analysis date: 2014-09-25 15:08:54 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.11813939 20140925
AhnLab-V3 Trojan/Win32.Zbot 20140924
Avast Win32:Dropper-gen [Drp] 20140925
AVG Zbot.OHD 20140925
Avira (no cloud) TR/Crypt.Xpack.90628 20140925
AVware Trojan.Win32.Generic!BT 20140925
BitDefender Trojan.Generic.11813939 20140925
Emsisoft Trojan.Generic.11813939 (B) 20140925
F-Secure Trojan.Generic.11813939 20140925
GData Trojan.Generic.11813939 20140925
Kaspersky Trojan-Spy.Win32.Zbot.ufxo 20140925
Malwarebytes Spyware.Zbot.ED 20140925
McAfee RDN/Generic PWS.y!bb3 20140925
McAfee-GW-Edition BehavesLike.Win32.Packed.dc 20140924
Microsoft PWS:Win32/Zbot 20140925
eScan Trojan.Generic.11813939 20140925
nProtect Trojan.Generic.11813939 20140925
Sophos AV Mal/Generic-S 20140925
Symantec WS.Reputation.1 20140925
TrendMicro TROJ_FORUCON.BMC 20140925
TrendMicro-HouseCall TROJ_FORUCON.BMC 20140925
VIPRE Trojan.Win32.Generic!BT 20140925
AegisLab 20140925
Yandex 20140924
Antiy-AVL 20140925
Baidu-International 20140925
Bkav 20140925
ByteHero 20140925
CAT-QuickHeal 20140925
ClamAV 20140925
CMC 20140925
Comodo 20140925
Cyren 20140925
DrWeb 20140925
F-Prot 20140925
Fortinet 20140925
Ikarus 20140925
Jiangmin 20140924
K7AntiVirus 20140925
K7GW 20140925
Kingsoft 20140925
NANO-Antivirus 20140925
Norman 20140925
Panda 20140925
Qihoo-360 20140925
Rising 20140925
SUPERAntiSpyware 20140925
Tencent 20140925
TheHacker 20140924
TotalDefense 20140925
VBA32 20140925
ViRobot 20140925
Zillya 20140925
Zoner 20140925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2014 AI Internet Solutions LLC

Publisher AI Internet Solutions LLC
Product CSE HTML Validator Lite
Original name CSE HTML Validator Lite Setup
Internal name Lite v14.0
File version 1.4.0.2
Description CSE HTML Validator Lite Setup
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-23 12:17:54
Entry Point 0x00004FB9
Number of sections 5
PE sections
PE imports
GetTokenInformation
InitializeAcl
OpenProcessToken
InitializeSecurityDescriptor
CreateToolbarEx
ImageList_Create
PropertySheetA
ImageList_Draw
ImageList_Add
GetOpenFileNameA
GetOpenFileNameW
CreateMetaFileA
CreatePen
SaveDC
TextOutA
EnumFontsA
Rectangle
GetDeviceCaps
ExcludeClipRect
DeleteDC
RestoreDC
StretchBlt
SetWindowOrgEx
CreateDCW
CloseMetaFile
CreateDIBSection
RealizePalette
SetTextColor
BitBlt
GetStockObject
CreateDIBitmap
SelectPalette
UnrealizeObject
CreateCompatibleDC
CreateFontW
SelectObject
AbortDoc
SetWindowExtEx
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
RaiseException
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetCurrentDirectoryA
GetConsoleMode
DecodePointer
GetCurrentProcessId
lstrcatA
CreateIoCompletionPort
WideCharToMultiByte
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetFileType
SetStdHandle
HeapSetInformation
IsBadReadPtr
lstrcmpiA
UnhandledExceptionFilter
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
GetQueuedCompletionStatus
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetProcessHeap
TerminateProcess
ResetEvent
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
GlobalAlloc
GlobalLock
GetPrivateProfileStringA
FindClose
TlsGetValue
Sleep
WriteConsoleW
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
AlphaBlend
wglDeleteContext
wglMakeCurrent
wglCreateContext
SHGetPathFromIDListW
SHBrowseForFolderW
SetFocus
EmptyClipboard
GetParent
SetPropA
EndDialog
BeginPaint
GetScrollPos
PostQuitMessage
DefWindowProcA
ShowWindow
GetPropA
LoadBitmapA
SendDlgItemMessageA
GetSystemMetrics
SetScrollPos
IsWindow
GetWindowRect
EndPaint
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
DialogBoxParamA
GetWindow
CheckDlgButton
SetScrollInfo
GetKeyState
ReleaseDC
RemovePropA
SetWindowTextA
SetClipboardData
IsWindowVisible
SendMessageA
IsWindowEnabled
GetClientRect
GetDlgItem
SetScrollRange
GetDC
InvalidateRect
GetWindowLongA
CreateWindowExA
FillRect
GetSysColorBrush
CallWindowProcA
CreateWindowExW
CloseClipboard
OpenClipboard
DestroyWindow
midiStreamOpen
inet_addr
GdiplusShutdown
GdipCreateFromHDC
GdipFree
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
Number of PE resources by type
RT_DIALOG 4
RT_ICON 2
Struct(240) 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
182272

ImageVersion
0.0

ProductName
CSE HTML Validator Lite

FileVersionNumber
1.4.0.2

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
CSE HTML Validator Lite Setup

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
CSE HTML Validator Lite Setup

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.4.0.2

TimeStamp
2014:09:23 13:17:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Lite v14.0

FileAccessDate
2014:10:10 12:08:00+01:00

ProductVersion
1.4.0.2

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:10:10 12:08:00+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1997-2014 AI Internet Solutions LLC

MachineType
Intel 386 or later, and compatibles

CompanyName
AI Internet Solutions LLC

CodeSize
60416

FileSubtype
0

ProductVersionNumber
1.4.0.2

EntryPoint
0x4fb9

ObjectFileType
Executable application

File identification
MD5 e8c82e2471c8a77f63cbe2b246229abf
SHA1 ecf57eed8c57c25962c1bcc25d73dfcba1f55a87
SHA256 6c23c04a3ca8cd09d1d5c1eaba154e8eb97be2e099b407ce363e21294c25f320
ssdeep
3072:9mSXv31eWdbPXN4IUCFsG9GA/qPShdMmtAs+DuFjvMSsfLbzN3U2QGdDOcxN8Zlc:LeWdjXNSPShig0SR0S25DPdd/

authentihash 42eecfe860764aaa144a6a1af9658c9133b7f23a9f2f3253b9471d4aa272d4dd
imphash d40b2941c90e065ad7ab998af0a30107
File size 238.0 KB ( 243712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-25 15:08:54 UTC ( 4 years, 5 months ago )
Last submission 2014-09-25 15:08:54 UTC ( 4 years, 5 months ago )
File names vt-upload-voDzd
6c23c04a3ca8cd09d1d5c1eaba154e8eb97be2e099b407ce363e21294c25f320.exe
Lite v14.0
CSE HTML Validator Lite Setup
fbc6.tmp.exe
Behaviour characterization
Zemana
screen-capture

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications