× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72cbbcf422479362d8dbd7cc01f5a8a663100fd010f8cfdcff3f967e91be9da2
File name: vt-upload-dh7da
Detection ratio: 26 / 53
Analysis date: 2014-07-29 10:38:14 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.100586 20140729
AntiVir TR/Crypt.ZPACK.89106 20140729
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140729
Avast Win32:Malware-gen 20140729
AVG Zbot.LXK 20140729
AVware Trojan.Win32.Generic!BT 20140729
BitDefender Gen:Variant.Zusy.100586 20140729
Bkav HW32.CDB.03aa 20140728
Emsisoft Gen:Variant.Zusy.100586 (B) 20140729
ESET-NOD32 Win32/Spy.Zbot.ABX 20140729
F-Secure Gen:Variant.Zusy.100586 20140729
Fortinet W32/Zbot.ABX!tr.spy 20140729
GData Gen:Variant.Zusy.100586 20140729
Kaspersky Trojan-Spy.Win32.Zbot.tqdd 20140729
Malwarebytes Backdoor.Skoob 20140729
McAfee Artemis!17527993FD62 20140729
McAfee-GW-Edition Artemis!17527993FD62 20140728
Microsoft PWS:Win32/Zbot 20140729
eScan Gen:Variant.Zusy.100586 20140729
Qihoo-360 HEUR/Malware.QVM10.Gen 20140729
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140729
Sophos AV Mal/Generic-S 20140729
Symantec Trojan.Gen.2 20140729
Tencent Win32.Trojan-spy.Zbot.Dxmw 20140729
TrendMicro-HouseCall TROJ_GEN.R0CBH01GQ14 20140729
VIPRE Trojan.Win32.Generic!BT 20140729
Yandex 20140727
AhnLab-V3 20140729
Baidu-International 20140729
ByteHero 20140729
CAT-QuickHeal 20140729
ClamAV 20140729
CMC 20140728
Commtouch 20140729
Comodo 20140729
DrWeb 20140729
F-Prot 20140729
Ikarus 20140729
Jiangmin 20140725
K7AntiVirus 20140728
K7GW 20140728
Kingsoft 20140729
NANO-Antivirus 20140729
Norman 20140729
nProtect 20140729
Panda 20140729
SUPERAntiSpyware 20140729
TheHacker 20140728
TotalDefense 20140728
TrendMicro 20140729
VBA32 20140728
ViRobot 20140729
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
D-Link Corp. All rights reserved.

Publisher D-Link Corp.
Product Viewer Backup System Control
Original name BackCtrl
Internal name application/viewerctrl
File version 1.0.1.19
Description Viewer Backup System
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-24 16:30:48
Entry Point 0x000059AE
Number of sections 4
PE sections
PE imports
ConvertStringSidToSidW
CreateWellKnownSid
LookupAccountSidW
SetMapMode
TextOutW
PatBlt
CreatePen
SaveDC
TextOutA
SetStretchBltMode
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
DeleteObject
BitBlt
SetTextColor
GetObjectA
CreateFontA
FrameRgn
MoveToEx
GetStockObject
CreateBrushIndirect
ExtTextOutA
GdiFlush
CreateCompatibleDC
SelectObject
SetDIBColorTable
CreateCompatibleBitmap
CreateSolidBrush
DPtoLP
SetBkColor
SetViewportExtEx
Ellipse
GetLastError
InitializeCriticalSectionAndSpinCount
SetConsoleScreenBufferSize
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
MulDiv
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
HeapFree
IsProcessorFeaturePresent
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
SetConsoleActiveScreenBuffer
GetStringTypeW
GetCurrentProcessId
lstrcatA
CreateIoCompletionPort
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
lstrcpyW
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetProcessHeap
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
lstrcpyA
SetConsoleWindowInfo
CreateProcessW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
LocalAlloc
SetLastError
InterlockedIncrement
GradientFill
SHAutoComplete
StrChrA
SetFocus
GetMessageA
GetParent
RedrawWindow
SetLayeredWindowAttributes
GetScrollInfo
BeginPaint
CreateWindowExW
DeferWindowPos
GetWindowTextW
PostQuitMessage
DefWindowProcA
ShowWindow
GetNextDlgGroupItem
SendDlgItemMessageA
BeginDeferWindowPos
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
UpdateWindow
MoveWindow
CallWindowProcA
PeekMessageA
SetWindowLongA
TranslateMessage
GetFocus
EndDialog
GetMenuItemID
RegisterClassExA
EndDeferWindowPos
ReleaseDC
SystemParametersInfoA
GetDlgCtrlID
LoadStringA
SendDlgItemMessageW
SendMessageA
GetClientRect
GetDlgItem
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
GetTopWindow
IsDlgButtonChecked
CharNextA
WaitForInputIdle
SetDlgItemTextW
GetDesktopWindow
IsWindowUnicode
LoadIconW
GetWindowTextLengthW
GetDC
MsgWaitForMultipleObjects
FillRect
GetWindowTextA
GetClassNameW
IsDialogMessageA
CharToOemA
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.1.19

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
27136

EntryPoint
0x59ae

OriginalFileName
BackCtrl

MIMEType
application/octet-stream

LegalCopyright
D-Link Corp. All rights reserved.

FileVersion
1.0.1.19

TimeStamp
2014:07:24 17:30:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
application/viewerctrl

ProductVersion
1.0.1.19

FileDescription
Viewer Backup System

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
D-Link Corp.

CodeSize
206336

ProductName
Viewer Backup System Control

ProductVersionNumber
1.0.1.19

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 17527993fd627c730f8d7fd79a0ccc07
SHA1 070b02809f4920425b57c7c20e07e1aa4b3ce716
SHA256 72cbbcf422479362d8dbd7cc01f5a8a663100fd010f8cfdcff3f967e91be9da2
ssdeep
6144:y0VSmVy/wOIuf285Z8LRf+eczNjaxIWoDc+:AmV6bfl5Z8Vf/6axCF

authentihash 06552bb26dc806913d10a237cd36290c2dd79cfb47a87bcaef7030d2e4fa2c43
imphash 30daafd5192a2d99933527f04d70f836
File size 229.0 KB ( 234496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-29 10:38:14 UTC ( 4 years, 7 months ago )
Last submission 2014-07-29 10:38:14 UTC ( 4 years, 7 months ago )
File names vt-upload-dh7da
BackCtrl
viewerctrl
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.