× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7672228a8090019f1f193408d3e8065ccd1ec5dc8529b77f16a9260cfdd9676b
File name: klj15_1.exe
Detection ratio: 8 / 56
Analysis date: 2015-06-30 07:10:52 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.EPACK.1456 20150630
Baidu-International Trojan.Win32.Zbot.vqep 20150629
DrWeb Trojan.PWS.Panda.8087 20150630
ESET-NOD32 Win32/Spy.Zbot.ACB 20150630
Kaspersky Trojan-Spy.Win32.Zbot.vqep 20150630
Panda Generic Suspicious 20150629
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150630
Sophos AV Mal/Generic-S 20150630
Ad-Aware 20150630
AegisLab 20150629
Yandex 20150629
AhnLab-V3 20150630
Alibaba 20150629
ALYac 20150630
Antiy-AVL 20150630
Arcabit 20150630
Avast 20150630
AVG 20150630
AVware 20150630
BitDefender 20150630
Bkav 20150629
ByteHero 20150630
CAT-QuickHeal 20150630
ClamAV 20150630
Comodo 20150630
Cyren 20150630
Emsisoft 20150630
F-Prot 20150630
F-Secure 20150630
Fortinet 20150630
GData 20150630
Ikarus 20150630
Jiangmin 20150629
K7AntiVirus 20150630
K7GW 20150630
Kingsoft 20150630
Malwarebytes 20150630
McAfee 20150630
McAfee-GW-Edition 20150630
Microsoft 20150630
eScan 20150630
NANO-Antivirus 20150630
nProtect 20150629
Rising 20150628
SUPERAntiSpyware 20150630
Symantec 20150630
Tencent 20150630
TheHacker 20150630
TotalDefense 20150629
TrendMicro 20150630
TrendMicro-HouseCall 20150630
VBA32 20150629
VIPRE 20150630
ViRobot 20150630
Zillya 20150630
Zoner 20150630
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-03 01:12:31
Entry Point 0x00001000
Number of sections 14
PE sections
Overlays
MD5 c99a74c555371a433d121f551d6c6398
File type ASCII text
Offset 289792
Size 2048
Entropy 0.00
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
InitializeAcl
RegCreateKeyExA
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyW
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
RegSetValueExW
FreeSid
RegEnumValueW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
GetTextMetricsW
GetWindowOrgEx
SetICMMode
GetCharABCWidthsA
PlayMetaFile
GetEnhMetaFilePaletteEntries
GetPixel
GetObjectA
DeviceCapabilitiesExA
GetTextExtentPointA
EnumFontFamiliesW
CreateDiscardableBitmap
BitBlt
CreateBitmapIndirect
DescribePixelFormat
RectVisible
PolyPatBlt
GetLogColorSpaceW
SelectClipRgn
CreateCompatibleDC
ExtEscape
GetNearestPaletteIndex
CancelDC
SetDlgItemTextA
IsDialogMessageW
DdeReconnect
SetLayeredWindowAttributes
DdeAccessData
SetMenuDefaultItem
CallMsgFilterA
DefWindowProcW
CreateIconIndirect
CreateCaret
GetMonitorInfoA
MapVirtualKeyW
IMPQueryIMEA
PostQuitMessage
SetScrollPos
DrawTextExA
EnumDisplayMonitors
GetClipboardViewer
SetWindowLongW
ValidateRgn
AppendMenuA
MonitorFromRect
EnumClipboardFormats
LookupIconIdFromDirectory
OpenIcon
GetWindowWord
ChangeDisplaySettingsExA
CallNextHookEx
CascadeChildWindows
ChangeClipboardChain
RemovePropW
EnumThreadWindows
GetProcessWindowStation
GetMenuDefaultItem
ActivateKeyboardLayout
DdeCmpStringHandles
GetTabbedTextExtentW
CreateWindowExW
CreateDialogParamW
IsCharAlphaNumericA
EditWndProc
SetClassWord
LoadMenuIndirectA
RealGetWindowClassW
GetQueueStatus
OpenDesktopW
SetUserObjectSecurity
SendMessageA
GetWindowModuleFileNameW
UnregisterDeviceNotification
DrawMenuBar
PackDDElParam
CreateWindowStationW
BringWindowToTop
GetLastInputInfo
HideCaret
FindWindowW
CharPrevExA
GetAltTabInfoW
AnimateWindow
GetWindowLongA
CreateWindowExA
IsCharUpperA
GetKeyboardState
BlockInput
DrawFrame
SetDeskWallpaper
ImpersonateDdeClientWindow
MonitorFromPoint
EnableScrollBar
SetWindowsHookExW
CreateIconFromResourceEx
CreateIconFromResource
GetNextDlgTabItem
IsMenu
UserHandleGrantAccess
GetMenuBarInfo
TabbedTextOutW
GetWindowLongW
GetWindowInfo
DrawCaption
SendIMEMessageExW
DlgDirSelectComboBoxExA
DdeQueryStringA
CharToOemA
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:05:03 02:12:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
242176

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
34304

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 f31b04f63c4e53a900151fe9db519079
SHA1 6174c9166b32cf4ee3fac6760539983f4874da7a
SHA256 7672228a8090019f1f193408d3e8065ccd1ec5dc8529b77f16a9260cfdd9676b
ssdeep
3072:O6tPiFvFKOW6mAtHEhgRMabIz4pS/umLdeG:O6tPiFtvNtkEO4pS/umLde

authentihash 6348ab8c140aaa2da1c906a9647b63c9c40ad342abfcafd910a477b3f5e4196e
imphash ffa6daca7a57520316ad7d4284af6b0e
File size 285.0 KB ( 291840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.3%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
VXD Driver (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-29 11:50:16 UTC ( 3 years, 8 months ago )
Last submission 2015-06-29 11:50:16 UTC ( 3 years, 8 months ago )
File names klj15_1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs