× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 772c2b56c486ab240dbdd6f425aa865bce802bf11a4a97e0a9d62aeb61ea0906
File name: vt-upload-2Ear8
Detection ratio: 22 / 47
Analysis date: 2013-05-31 01:47:44 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Yandex TrojanSpy.Zbot!9oLnoZ6y71E 20130530
AntiVir TR/Kazy.175094 20130531
Avast Win32:MalPack-G [Trj] 20130531
AVG Agent 20130531
BitDefender Gen:Variant.Kazy.175094 20130531
ByteHero Trojan.Malware.Obscu.Gen.002 20130529
Emsisoft Gen:Variant.Kazy.175094 (B) 20130531
ESET-NOD32 a variant of Win32/Kryptik.BATO 20130530
F-Secure Gen:Variant.Kazy.175094 20130531
Fortinet W32/Zbot.AOV!tr 20130531
GData Gen:Variant.Kazy.175094 20130531
K7AntiVirus EmailWorm 20130530
K7GW EmailWorm 20130530
Kaspersky Trojan-Spy.Win32.Zbot.lncf 20130531
McAfee PWS-Zbot-FAXR!56BE28AE21B2 20130531
McAfee-GW-Edition PWS-Zbot-FAXR!56BE28AE21B2 20130531
eScan Gen:Variant.Kazy.175094 20130531
Norman ZBot.JEQX 20130530
Symantec WS.Reputation.1 20130531
TrendMicro TROJ_GEN.R21CPET13 20130531
TrendMicro-HouseCall TROJ_GEN.R21CPET13 20130531
VIPRE Trojan.Win32.Zbot.fdm (v) 20130531
AhnLab-V3 20130530
Antiy-AVL 20130530
CAT-QuickHeal 20130530
ClamAV 20130530
Commtouch 20130531
Comodo 20130531
DrWeb 20130531
eSafe 20130530
F-Prot 20130531
Ikarus 20130531
Jiangmin 20130530
Kingsoft 20130506
Malwarebytes 20130531
Microsoft 20130531
NANO-Antivirus 20130531
nProtect 20130530
Panda 20130530
PCTools 20130521
Rising 20130530
Sophos 20130531
SUPERAntiSpyware 20130531
TheHacker 20130528
TotalDefense 20130530
VBA32 20130530
ViRobot 20130530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2002 Ylet Xyhi. Agujobu Vate Kipofa.

Publisher Silitek Corp.
Product Zevipy
Version 4, 4
Original name Jcq2tpo6s.exe
Internal name Zifukyx
Description Rizy Yrik Wocejaj
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-02 06:31:17
Entry Point 0x00013443
Number of sections 5
PE sections
PE imports
GetPrivateProfileSectionNamesA
SetEvent
BindIoCompletionCallback
CreateHardLinkA
ReplaceFileW
GetVolumeNameForVolumeMountPointA
GetCommMask
GlobalUnlock
SetLocalTime
DisconnectNamedPipe
LockFileEx
lstrcatA
FreeResource
FoldStringW
CreateDirectoryW
GetCompressedFileSizeA
FlushInstructionCache
EnumTimeFormatsA
GetComputerNameExA
CreateWaitableTimerW
CompareStringW
GlobalAddAtomW
CreateDirectoryExW
TlsFree
InterlockedExchange
GetTempFileNameA
CreateFileMappingA
IsValidLocale
DeleteVolumeMountPointA
SetHandleInformation
SetThreadExecutionState
WaitForMultipleObjectsEx
IsBadHugeWritePtr
CreateEventA
LocalShrink
ExtractIconA
SetFocus
EmptyClipboard
SendMessageCallbackA
OpenInputDesktop
GetCursorInfo
IMPGetIMEA
SetMenuItemBitmaps
SetClassLongW
BroadcastSystemMessageA
GetKeyboardLayoutNameW
GetClassInfoExA
MapVirtualKeyW
SetSystemCursor
GetMessageW
GetCaretPos
SetWindowsHookA
MapWindowPoints
SetWindowWord
GetSystemMetrics
SetWindowLongW
MessageBoxW
EnableWindow
SetWindowPlacement
MoveWindow
CharUpperBuffA
LoadKeyboardLayoutW
DrawIcon
LoadKeyboardLayoutA
SetActiveWindow
GetMenuBarInfo
DdeUnaccessData
WaitMessage
SendMessageW
IsCharLowerA
IsZoomed
UnregisterClassW
SetWindowTextW
DrawMenuBar
GetWindowInfo
BringWindowToTop
UnhookWinEvent
CharPrevExA
MonitorFromRect
TabbedTextOutA
LoadImageW
FindWindowExA
CallWindowProcW
OemToCharA
GetMenuStringA
TranslateAcceleratorA
ShowCursor
IsDlgButtonChecked
OemToCharBuffA
DlgDirListW
GetDialogBaseUnits
LoadIconW
DdeClientTransaction
GetTopWindow
SetForegroundWindow
GetGUIThreadInfo
DeregisterShellHookWindow
Number of PE resources by type
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
KOREAN SYS DEFAULT 2
PE resources
ExifTool file metadata
CodeSize
89088

UninitializedDataSize
0

LinkerVersion
4.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
51200

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
2002 Ylet Xyhi. Agujobu Vate Kipofa.

TimeStamp
2011:06:02 07:31:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Zifukyx

SubsystemVersion
4.0

FileAccessDate
2013:05:31 02:47:53+01:00

ProductVersion
4, 4

FileDescription
Rizy Yrik Wocejaj

OSVersion
4.0

FileCreateDate
2013:05:31 02:47:53+01:00

OriginalFilename
Jcq2tpo6s.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Silitek Corp.

LegalTrademarks
Esixy Gicab Cam Miviwah Onog Osejato Erep Ojod

ProductName
Zevipy

ProductVersionNumber
4.4.0.0

EntryPoint
0x13443

ObjectFileType
Executable application

File identification
MD5 56be28ae21b2ae6503c94e8c014811a9
SHA1 7ed11341146fb6fa6091d09f066b610bf5869b05
SHA256 772c2b56c486ab240dbdd6f425aa865bce802bf11a4a97e0a9d62aeb61ea0906
ssdeep
3072:hgQSLXjT5vlx7Vr4Oa1wQnMgRyiSjFWNadNs+Z69BFMVtYrAE:hgQSLzNyBC24ZjIIdNkSYn

File size 138.5 KB ( 141824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (38.0%)
Generic Win/DOS Executable (11.7%)
DOS Executable Generic (11.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-31 01:47:44 UTC ( 3 years, 10 months ago )
Last submission 2013-05-31 01:47:44 UTC ( 3 years, 10 months ago )
File names Jcq2tpo6s.exe
Zifukyx
vt-upload-2Ear8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!