× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78c076664d94fbb6fecfc16e08e5155ffee947a5a8867f1bc2268be9e2c97faf
File name: 7EF60352E4076902E4817115125AB72F.exe
Detection ratio: 36 / 54
Analysis date: 2014-08-01 07:15:10 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1782822 20140801
Yandex TrojanSpy.Zbot!4+YPTwg6TMs 20140731
AntiVir TR/Crypt.Xpack.94591 20140801
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140801
Avast Win32:Malware-gen 20140801
AVG Crypt3.AHHK 20140801
AVware Trojan.Win32.Generic!BT 20140801
Baidu-International Trojan.Win32.Zbot.AOjD 20140731
BitDefender Trojan.GenericKD.1782822 20140801
CAT-QuickHeal TrojanSpy.Zbot.r5 20140801
Commtouch W32/Zbot.MBCW-9158 20140801
Comodo UnclassifiedMalware 20140731
Emsisoft Trojan.GenericKD.1782822 (B) 20140801
ESET-NOD32 a variant of Win32/Kryptik.CHQP 20140801
F-Prot W32/Zbot.CBT 20140801
F-Secure Trojan.GenericKD.1782822 20140801
Fortinet W32/Zbot.CHQP!tr 20140801
GData Trojan.GenericKD.1782822 20140801
Ikarus Trojan.Agent 20140801
K7AntiVirus Trojan ( 0001140e1 ) 20140731
K7GW Trojan ( 0001140e1 ) 20140731
Kaspersky Trojan-Spy.Win32.Zbot.tqgq 20140801
Malwarebytes Trojan.Agent.ED 20140801
McAfee RDN/Generic PWS.y!b2n 20140801
McAfee-GW-Edition RDN/Generic PWS.y!b2n 20140801
Microsoft Trojan:Win32/Malagent!gmb 20140801
eScan Trojan.GenericKD.1782822 20140801
NANO-Antivirus Trojan.Win32.Zbot.dczpyo 20140801
nProtect Trojan.GenericKD.1782822 20140801
Panda Trj/Chgt.C 20140731
Rising PE:Trojan.Win32.Generic.170D8E84!386764420 20140731
Sophos AV Mal/Generic-S 20140801
Symantec Trojan.Zbot 20140801
Tencent Win32.Trojan-spy.Zbot.Anqc 20140801
TrendMicro-HouseCall TROJ_GEN.R047H05GT14 20140801
VIPRE Trojan.Win32.Generic!BT 20140801
AegisLab 20140801
AhnLab-V3 20140731
Bkav 20140731
ByteHero 20140801
ClamAV 20140801
CMC 20140731
DrWeb 20140801
Jiangmin 20140801
Kingsoft 20140801
Norman 20140801
Qihoo-360 20140801
SUPERAntiSpyware 20140801
TheHacker 20140728
TotalDefense 20140731
TrendMicro 20140801
VBA32 20140731
ViRobot 20140801
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
D-Link Corp. All rights reserved.

Product D-ViewMonitor Main Console
Original name ConsoleControl
Internal name application-viewconsole
File version 1.0.1.21
Description D-ViewMonitor Main Console
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-25 15:41:11
Entry Point 0x00004808
Number of sections 5
PE sections
PE imports
GetDeviceCaps
GetObjectA
LineTo
DeleteDC
RestoreDC
SetBkMode
CreateFontA
CreatePen
SaveDC
CreateCompatibleBitmap
MoveToEx
ExtTextOutA
Polyline
SelectObject
SetBkColor
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
MulDiv
IsDebuggerPresent
ExitProcess
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetLocalTime
IsProcessorFeaturePresent
HeapAlloc
HeapSetInformation
GetCurrentProcess
FileTimeToLocalFileTime
GetConsoleMode
FreeEnvironmentStringsW
GetCurrentProcessId
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetFileInformationByHandle
DeleteFileW
GetProcAddress
GetStartupInfoW
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
FormatMessageA
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
GlobalMemoryStatusEx
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetProcessHeap
TerminateProcess
GetCPInfoExA
HeapCreate
SetLastError
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
InterlockedIncrement
GetFileSize
WriteConsoleW
LeaveCriticalSection
GradientFill
GetMessageA
SetDlgItemTextA
GetForegroundWindow
DrawEdge
EndDialog
CreateWindowExW
DefWindowProcW
FindWindowW
KillTimer
CopyRect
GetMenuItemInfoA
DefWindowProcA
ReleaseDC
DrawFrameControl
SendDlgItemMessageA
GetSystemMetrics
SendMessageW
InflateRect
EnableWindow
GetWindowLongA
GetMenuStringA
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
GetSysColor
SetActiveWindow
GetDC
RegisterClassExA
GetCursorPos
DrawTextA
MenuItemFromPoint
CheckMenuItem
GetMenu
EnumDisplayMonitors
ShowWindow
SendDlgItemMessageW
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
SetDlgItemTextW
GetMessagePos
UpdateWindow
SetRect
CreateDialogParamW
wsprintfA
SetTimer
LoadCursorA
LoadIconA
GetTopWindow
IsDlgButtonChecked
SetWindowTextW
CheckDlgButton
DispatchMessageA
CallWindowProcA
LoadIconW
GetWindowTextLengthW
GetMenuItemID
LoadAcceleratorsW
wsprintfW
GetSubMenu
IsDialogMessageA
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.1.21

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
173568

EntryPoint
0x4808

OriginalFileName
ConsoleControl

MIMEType
application/octet-stream

LegalCopyright
D-Link Corp. All rights reserved.

FileVersion
1.0.1.21

TimeStamp
2014:07:25 15:41:11+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
application-viewconsole

ProductVersion
1.0.1.21

FileDescription
D-ViewMonitor Main Console

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
D-Link Corp.

CodeSize
50176

ProductName
D-ViewMonitor Main Console

ProductVersionNumber
1.0.1.21

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7ef60352e4076902e4817115125ab72f
SHA1 7aefe999d958d432abc077e6c0c11186136f499e
SHA256 78c076664d94fbb6fecfc16e08e5155ffee947a5a8867f1bc2268be9e2c97faf
ssdeep
6144:Rzsh/TgIrL2PptgxnwMa8mU3+DhbvcXmguzH:RzWUIrL2PcRaXC8hbvcY

authentihash 3b2aa4f937aa2c4c3aef3f425e0a84f5ed9e4b1b37b8a23176bc959de00cf04a
imphash 92c20efd16d237530a9e0dd7dc3c1dd1
File size 219.5 KB ( 224768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-25 18:45:07 UTC ( 4 years, 7 months ago )
Last submission 2017-04-16 01:36:13 UTC ( 1 year, 11 months ago )
File names file.file
application-viewconsole
7EF60352E4076902E4817115125AB72F
vti-rescan
7aefe999d958d432abc077e6c0c11186136f499e
7EF60352E4076902E4817115125AB72F.exe
ConsoleControl
Rig-EK-malware-payload.exe
2014-07-25-Rig-EK-malware-payload.exe
index[1].php
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.