× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 752ca74f8058148a7b745cded76609a2e839b7002367cef2869f4f32cdd938b6
File name: vt-upload-KxqUI
Detection ratio: 35 / 50
Analysis date: 2014-03-13 20:59:16 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39120 20140313
Yandex Trojan.Inject!TaUXKG12/HY 20140313
AhnLab-V3 Spyware/Win32.Zbot 20140313
AntiVir TR/Crypt.XPACK.Gen7 20140313
Antiy-AVL Trojan/Win32.Inject 20140311
Avast Win32:Zbot-SSJ [Trj] 20140313
AVG Inject2.TUC 20140312
BitDefender Gen:Variant.Symmi.39120 20140313
Bkav W32.FexgasLTAA.Trojan 20140313
DrWeb BackDoor.Andromeda.267 20140313
Emsisoft Gen:Variant.Symmi.39120 (B) 20140313
ESET-NOD32 a variant of Win32/Injector.AYJT 20140313
F-Secure Gen:Variant.Symmi.39120 20140313
Fortinet W32/Inject.HQVN!tr 20140313
GData Gen:Variant.Symmi.39120 20140313
Ikarus Trojan-Downloader.Small 20140313
Jiangmin TrojanSpy.Zbot.gzrk 20140313
K7AntiVirus Trojan ( 00495bf21 ) 20140313
K7GW Trojan ( 00495bf21 ) 20140313
Kaspersky Trojan.Win32.Inject.hqvn 20140313
Malwarebytes Trojan.Agent.ED 20140313
McAfee PWSZbot-FSA!474ECEAD1807 20140313
McAfee-GW-Edition PWSZbot-FSA!474ECEAD1807 20140313
Microsoft VirTool:Win32/CeeInject 20140313
eScan Gen:Variant.Symmi.39120 20140313
NANO-Antivirus Trojan.Win32.Inject.ctunft 20140313
Panda Trj/CI.A 20140313
Qihoo-360 HEUR/Malware.QVM20.Gen 20140313
Rising PE:Spyware.Zbot!6.14FB 20140313
Sophos AV Mal/Napolar-B 20140313
Symantec Trojan.Gen 20140313
TrendMicro TROJ_GEN.R0C1C0PC114 20140313
TrendMicro-HouseCall TROJ_GEN.R0C1C0PC114 20140313
VBA32 Trojan.Inject.hqvn 20140313
VIPRE Trojan.Win32.Generic!BT 20140313
Baidu-International 20140313
ByteHero 20140313
CAT-QuickHeal 20140313
ClamAV 20140312
CMC 20140313
Commtouch 20140313
Comodo 20140313
F-Prot 20140313
Kingsoft 20140313
Norman 20140313
nProtect 20140313
SUPERAntiSpyware 20140313
TheHacker 20140313
TotalDefense 20140313
ViRobot 20140313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-11 17:17:43
Entry Point 0x00010ABF
Number of sections 4
PE sections
PE imports
GetDeviceCaps
CreateFontA
GetProcAddress
GetStartupInfoA
lstrlenA
GetModuleHandleA
Ord(6197)
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(3495)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(4303)
Ord(5577)
Ord(3350)
Ord(5575)
Ord(1949)
Ord(6375)
Ord(4273)
Ord(3626)
Ord(4224)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(4413)
Ord(1665)
Ord(2446)
Ord(4615)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(3402)
Ord(6215)
Ord(6625)
Ord(4953)
Ord(839)
Ord(4033)
Ord(4529)
Ord(4531)
Ord(3811)
Ord(2723)
Ord(366)
Ord(1099)
Ord(641)
Ord(2494)
Ord(796)
Ord(5277)
Ord(2514)
Ord(6379)
Ord(4425)
Ord(3454)
Ord(4353)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(5265)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2011)
Ord(2982)
Ord(617)
Ord(3172)
Ord(6093)
Ord(2688)
Ord(4526)
Ord(4234)
Ord(5290)
Ord(825)
Ord(2135)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(6209)
Ord(1746)
Ord(567)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(4464)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(3528)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(5981)
Ord(5472)
Ord(4376)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4823)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(465)
Ord(3147)
Ord(2124)
Ord(535)
Ord(2370)
Ord(924)
Ord(1726)
Ord(4077)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4299)
Ord(813)
Ord(2393)
Ord(3748)
Ord(5065)
Ord(2800)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(5214)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2367)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(2140)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6052)
Ord(2818)
Ord(1269)
Ord(5252)
Ord(2626)
Ord(1776)
Ord(818)
Ord(6094)
Ord(6000)
Ord(4623)
Ord(324)
Ord(4341)
Ord(4238)
Ord(3005)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3619)
Ord(4589)
Ord(464)
Ord(3079)
Ord(4899)
Ord(433)
Ord(652)
Ord(986)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(815)
Ord(5241)
Ord(520)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3525)
Ord(3403)
Ord(5740)
Ord(2820)
Ord(4622)
Ord(561)
Ord(2390)
Ord(434)
Ord(4543)
Ord(4610)
Ord(4961)
Ord(1572)
Ord(2879)
Ord(4486)
Ord(560)
Ord(2535)
Ord(529)
Ord(4698)
Ord(4696)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(296)
Ord(4034)
Ord(857)
Ord(4858)
Ord(4432)
Ord(6069)
Ord(5302)
Ord(1825)
Ord(860)
Ord(5731)
__p__fmode
malloc
__CxxFrameHandler
_ftol
__getmainargs
fclose
__dllonexit
??1type_info@@UAE@XZ
fopen
_except_handler3
fseek
_mbscmp
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
_acmdln
fread
_adjust_fdiv
_wfopen
_exit
_setmbcp
_initterm
_controlfp
__set_app_type
VariantClear
SetTimer
UpdateWindow
EnableWindow
SendMessageA
ClientToScreen
GetDC
CLSIDFromProgID
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:02:11 18:17:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
6.0

FileAccessDate
2014:03:13 21:58:52+01:00

Warning
Error processing PE data dictionary

EntryPoint
0x10abf

InitializedDataSize
28672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:13 21:58:52+01:00

UninitializedDataSize
0

File identification
MD5 474ecead1807582793ac34eafa85bdbb
SHA1 ac69e2400cebaa5c6ef2a5552f79f3e7308dc649
SHA256 752ca74f8058148a7b745cded76609a2e839b7002367cef2869f4f32cdd938b6
ssdeep
6144:uuYhbnI7Q0qiidWsALXRDha/7RdDYsQSPixDnhOvtp0j11q7WVKe4:9YhbckK7ajvwSqxo7Kq7WV2

imphash c83d47784173aa1d45266d4595fa3754
File size 343.3 KB ( 351545 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-13 20:59:16 UTC ( 4 years, 8 months ago )
Last submission 2014-03-13 20:59:16 UTC ( 4 years, 8 months ago )
File names vt-upload-KxqUI
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!