× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 740fe58819953b42871f9fea9a2c9951b294f83166b532d5c4edd1bfe38ca6d1
File name: jyityvbx.exe
Detection ratio: 49 / 57
Analysis date: 2015-04-24 13:59:44 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Agent.ABHW 20150424
Yandex Trojan.Kryptik!2KhajVvOffQ 20150423
AhnLab-V3 Win-Trojan/Bamital.Gen 20150424
ALYac Backdoor.Agent.ABHW 20150424
Antiy-AVL Trojan/Win32.Pakes 20150424
Avast Win32:Ramnit-AN 20150424
AVG Generic22.BPCM 20150424
Avira (no cloud) TR/Krypt.lkfna 20150424
AVware Trojan.Win32.Encpk.aak (v) 20150424
Baidu-International Trojan.W32.Autorun.BMC 20150421
BitDefender Backdoor.Agent.ABHW 20150424
CAT-QuickHeal Trojan.Quolko.A 20150424
ClamAV WIN.Ransom.Lockscreen 20150424
Comodo Virus.Win32.Virut.Ce 20150424
Cyren W32/Bamital.N.gen!Eldorado 20150424
DrWeb Trojan.MulDrop3.45645 20150424
Emsisoft Backdoor.Agent.ABHW (B) 20150424
ESET-NOD32 Win32/Ramnit.AY 20150424
F-Prot W32/Bamital.N.gen!Eldorado 20150424
F-Secure Backdoor.Agent.ABHW 20150424
Fortinet W32/Drooptroop.SMY!tr 20150423
GData Backdoor.Agent.ABHW 20150424
Ikarus Trojan-Ransom.Win32.PornoBlocker 20150424
Jiangmin Trojan/PornoBlocker.aua 20150423
K7AntiVirus Trojan ( 0038b1be1 ) 20150424
K7GW Trojan ( 0038b1be1 ) 20150424
Kaspersky Trojan.Win32.Pakes.tyi 20150424
Kingsoft Win32.Troj.Undef.(kcloud) 20150424
Malwarebytes Backdoor.IRCBot 20150424
McAfee Generic BackDoor.ya 20150424
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cm 20150423
Microsoft Trojan:Win32/Ramnit.A 20150424
eScan Backdoor.Agent.ABHW 20150424
NANO-Antivirus Trojan.Win32.PornoBlocker.ebkls 20150424
Norman Ramnit.O 20150424
nProtect Trojan/W32.Agent.156672.JJ 20150424
Panda Trj/Bamital.E 20150424
Qihoo-360 Malware.Radar02.Gen 20150424
Rising PE:Trojan.Win32.Generic.1288BDE6!310951398 20150424
Sophos AV W32/Ramnit-A 20150424
SUPERAntiSpyware Trojan.Agent/Gen-Ransom 20150424
Symantec Trojan.Bamital!gen2 20150424
Tencent Trojan.Win32.Pakes.aac 20150424
TheHacker Trojan/Pakes.tyi 20150423
TrendMicro TROJ_DYER.BMC 20150424
TrendMicro-HouseCall TROJ_FAKEAV.SMUP 20150424
VBA32 Trojan.Pakes 20150424
VIPRE Trojan.Win32.Encpk.aak (v) 20150424
Zoner Win32.Ramnit.AY 20150424
AegisLab 20150424
Alibaba 20150424
Bkav 20150423
ByteHero 20150424
CMC 20150423
TotalDefense 20150424
ViRobot 20150424
Zillya 20150424
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2083-08-12 19:43:46
Entry Point 0x0004D240
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetWindowTextA
Number of PE resources by type
RT_ICON 12
RT_DIALOG 2
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2083:08:12 20:43:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
7.4

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4d240

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
7.2

OSVersion
5.0

UninitializedDataSize
237568

Execution parents
File identification
MD5 16131fdc5093db54f60f124e36c3942a
SHA1 87f2136409b958fb57d26bb9fa0a94e8294399dd
SHA256 740fe58819953b42871f9fea9a2c9951b294f83166b532d5c4edd1bfe38ca6d1
ssdeep
3072:KwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8x2:KMzzILGFkzhr0pGj9o

authentihash fe0eb26ddddd060a55258429be0a43d81e141be3d3ad1b790c415ecad44c3b2c
imphash 7197d8f25970cc6df2d2b302df40eb11
File size 153.0 KB ( 156672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-04-25 04:48:23 UTC ( 6 years, 10 months ago )
Last submission 2018-09-04 12:20:22 UTC ( 5 months, 2 weeks ago )
File names SVCHOSTMGR.EXE
jyityvbx.exe
c11493c45d3cd46c393ead9739ac5fb96d5d5b994fd56316238306b6647e8d6ec943cdd42b914708ea04b85a0fc142473bd60ce41433fb686212f8e4e4fe6de8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications