× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e0cbbfb94a6775f3a017a8d636cdcc2ec6432de514b130b4347416c9e499328
File name: vt-upload-vKNK3
Detection ratio: 35 / 54
Analysis date: 2014-08-04 06:52:53 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.421912 20140804
AntiVir TR/Spy.ZBot.abv.11 20140804
Antiy-AVL HackTool[Hoax]/Win32.ArchSMS 20140804
Avast Win32:Malware-gen 20140804
AVG Zbot.LWQ 20140804
AVware Trojan.Win32.Generic!BT 20140804
BitDefender Gen:Variant.Kazy.421912 20140804
CMC Packed.Win32.Katusha.3!O 20140804
Comodo UnclassifiedMalware 20140804
DrWeb Trojan.Siggen6.21362 20140804
Emsisoft Gen:Variant.Kazy.421912 (B) 20140804
ESET-NOD32 Win32/Spy.Zbot.ABV 20140804
F-Secure Gen:Variant.Kazy.421912 20140803
Fortinet W32/Zbot.ABV!tr.spy 20140804
GData Gen:Variant.Kazy.421912 20140804
Ikarus Trojan.Win32.Spy 20140804
K7AntiVirus Spyware ( 0049b8aa1 ) 20140801
K7GW Spyware ( 0049b8aa1 ) 20140801
Kaspersky Hoax.Win32.ArchSMS.ccatg 20140804
Kingsoft Win32.Troj.Hoax.(kcloud) 20140804
Malwarebytes Trojan.Agent.ED 20140804
McAfee RDN/Generic PWS.y!b2n 20140804
McAfee-GW-Edition RDN/Generic PWS.y!b2n 20140803
Microsoft PWS:Win32/Zbot 20140804
eScan Gen:Variant.Kazy.421912 20140804
NANO-Antivirus Riskware.Win32.ArchSMS.dczaiq 20140804
Norman Troj_Generic.VCTLM 20140804
Panda Trj/Chgt.C 20140803
Qihoo-360 HEUR/Malware.QVM20.Gen 20140804
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140803
Sophos AV Mal/Generic-S 20140804
Symantec WS.Reputation.1 20140804
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140804
TrendMicro-HouseCall Suspicious_GEN.F47V0728 20140804
VIPRE Trojan.Win32.Generic!BT 20140804
AegisLab 20140804
Yandex 20140803
AhnLab-V3 20140803
Baidu-International 20140803
Bkav 20140802
ByteHero 20140804
CAT-QuickHeal 20140804
ClamAV 20140804
Commtouch 20140804
F-Prot 20140804
Jiangmin 20140804
nProtect 20140803
SUPERAntiSpyware 20140803
TheHacker 20140803
TotalDefense 20140803
TrendMicro 20140804
VBA32 20140801
ViRobot 20140804
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 3, 3, 6, 1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-26 18:39:53
Entry Point 0x0001D965
Number of sections 4
PE sections
PE imports
GetFileTitleW
GetTextMetricsW
Polygon
CreateFontIndirectW
CreatePen
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
CombineRgn
Rectangle
GetObjectA
TranslateCharsetInfo
LineTo
GetTextExtentExPointA
DeleteDC
SetBkMode
CreateFontW
GetTextExtentExPointW
IntersectClipRect
CreateBitmap
CreateDIBSection
SetTextColor
CreatePatternBrush
GetDeviceCaps
ExtTextOutW
GetObjectW
GetNearestColor
MoveToEx
CreatePalette
BitBlt
GetStockObject
ExtTextOutA
SetTextAlign
RoundRect
StretchBlt
GetBkColor
CreateRectRgn
GetTextExtentPoint32W
GetTextExtentPoint32A
CreateCompatibleBitmap
GetTextColor
CreateSolidBrush
DPtoLP
SelectObject
SetBkColor
DeleteObject
Ellipse
CreateCompatibleDC
SetThreadLocale
GetStdHandle
InterlockedPopEntrySList
DeactivateActCtx
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
MapViewOfFileEx
GetLocaleInfoW
SetStdHandle
IsDBCSLeadByteEx
GetCPInfo
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InterlockedPushEntrySList
InitializeCriticalSection
GetStringTypeExW
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
GetStringTypeExA
GetEnvironmentVariableW
SetLastError
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
lstrcmpiW
HeapSetInformation
LoadLibraryExA
EnumResourceLanguagesW
SetThreadPriority
ActivateActCtx
UnhandledExceptionFilter
MultiByteToWideChar
FlushInstructionCache
MoveFileExW
CreatePipe
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
FreeLibrary
GlobalSize
GetFileSize
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
lstrcpyW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
GetProcAddress
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
WideCharToMultiByte
InterlockedCompareExchange
lstrcpynW
RaiseException
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadUILanguage
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
VirtualAlloc
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysStringByteLen
VarBstrFromDate
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
SysAllocStringByteLen
VariantInit
SetFocus
RedrawWindow
LoadBitmapW
DestroyMenu
SetWindowPos
DdeDisconnect
IsWindow
EndPaint
DdeCreateStringHandleW
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
SendMessageW
UnregisterClassA
TranslateMessage
SendMessageA
GetClientRect
DdeInitializeW
DefWindowProcW
DrawTextW
GetNextDlgTabItem
IsClipboardFormatAvailable
LoadImageW
GetUpdateRgn
LockWindowUpdate
MsgWaitForMultipleObjects
DdeFreeStringHandle
GetKeyState
DestroyWindow
GetParent
UpdateWindow
CreateCaret
ShowWindow
SetPropW
PeekMessageW
EnableWindow
SetParent
GetWindow
DestroyCaret
GetIconInfo
GetQueueStatus
SetClipboardData
IsZoomed
DdeConnect
IsIconic
GetWindowLongA
CreateWindowExA
DdeClientTransaction
GetKeyboardLayout
FillRect
CopyRect
IsWindowUnicode
GetWindowLongW
PtInRect
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
PostMessageA
BeginPaint
OffsetRect
SetCaretPos
KillTimer
DefWindowProcA
DrawFocusRect
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
IsMenu
SetWindowLongA
PostMessageW
InvalidateRect
CreatePopupMenu
ShowCaret
GetSubMenu
GetClassLongW
SetTimer
ClientToScreen
LoadCursorA
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
GetDesktopWindow
LoadCursorW
LoadIconW
DispatchMessageW
InsertMenuW
SetForegroundWindow
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
ReleaseDC
IntersectRect
SetLayeredWindowAttributes
GetScrollInfo
HideCaret
CreateIconIndirect
ScreenToClient
MessageBeep
LoadMenuW
GetWindowThreadProcessId
DdeUninitialize
MonitorFromRect
RegisterClassExW
RegisterClipboardFormatA
SetRectEmpty
AppendMenuW
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
RegisterClassExA
SystemParametersInfoA
GetDoubleClickTime
DestroyIcon
IsWindowVisible
SystemParametersInfoW
GetDC
FrameRect
SetRect
DeleteMenu
AppendMenuA
CallWindowProcW
GetClassNameW
AdjustWindowRect
ModifyMenuW
CallWindowProcA
GetCursor
GetFocus
CloseClipboard
SetCursor
CreateStreamOnHGlobal
OleUninitialize
CLSIDFromProgID
CoTaskMemAlloc
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
DoDragDrop
RevokeDragDrop
StgCreateDocfile
OleDuplicateData
PropVariantClear
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_STRING 7
RT_ICON 5
RT_GROUP_ICON 5
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 19
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.0

ImageVersion
1.0

FileVersionNumber
3.3.6.1

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
120832

MIMEType
application/octet-stream

FileVersion
3, 3, 6, 1

TimeStamp
2014:03:26 19:39:53+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:08:04 08:08:14+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:08:04 08:08:14+01:00

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script: 3, 3, 6, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
190976

FileSubtype
0

ProductVersionNumber
3.3.6.1

EntryPoint
0x1d965

ObjectFileType
Unknown

File identification
MD5 1523c183bfc3ae1bca6010fe0c932ece
SHA1 f98e806c0c0bf87429ccd878c67644021930ed6b
SHA256 6e0cbbfb94a6775f3a017a8d636cdcc2ec6432de514b130b4347416c9e499328
ssdeep
6144:rONRoUCKimGf2ola9VopH2sRzEDaKojxQe7ce/wZ5:rOX8F72P/oN2sC2KojxQea5

imphash 398cadcaac7cf8461703ff392ea96bd4
File size 306.0 KB ( 313344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-28 10:17:13 UTC ( 4 years, 7 months ago )
Last submission 2014-07-28 10:17:13 UTC ( 4 years, 7 months ago )
File names vt-upload-vKNK3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests