× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78eae1d3186fb976c0c41e090d40d5041daf5afda79b0b8bc9354062e7a3f5e1
File name: 355b352a0bdcf3ecf23cef7dc87012e3dc9c4bde
Detection ratio: 47 / 55
Analysis date: 2016-02-15 14:09:59 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.29982 20160215
AegisLab Troj.W32.Yakes!c 20160215
Yandex Trojan.Yakes!D1CJIbhYFVE 20160213
AhnLab-V3 Trojan/Win32.Miuref 20160215
ALYac Trojan.GenericKDZ.29982 20160215
Antiy-AVL Trojan/Win32.TSGeneric 20160215
Arcabit Trojan.Generic.D751E 20160215
Avast Win32:Malware-gen 20160215
AVG Generic_r.FQG 20160215
Avira (no cloud) TR/Crypt.Xpack.265542 20160215
Baidu-International Trojan.Win32.Yakes.ller 20160215
BitDefender Trojan.GenericKDZ.29982 20160215
CAT-QuickHeal TrojanPWS.Zbot.A4 20160215
Comodo TrojWare.Win32.Spy.Zbot.CHC 20160215
Cyren W32/Trojan.TEXG-4378 20160215
DrWeb Trojan.DownLoader13.46598 20160215
Emsisoft Trojan.GenericKDZ.29982 (B) 20160215
ESET-NOD32 a variant of Win32/Injector.CHAI 20160215
F-Prot W32/Trojan2.OVPE 20160215
F-Secure Trojan.GenericKDZ.29982 20160215
Fortinet W32/Filecoder.FJ!tr 20160215
GData Trojan.GenericKDZ.29982 20160215
Ikarus Trojan.Win32.Injector 20160215
Jiangmin TrojanDropper.Injector.ayyh 20160215
K7AntiVirus Trojan ( 004cd5831 ) 20160215
K7GW Trojan ( 004cd5831 ) 20160215
Kaspersky HEUR:Trojan.Win32.Generic 20160215
Malwarebytes Backdoor.Bot 20160215
McAfee RDN/PWSZbot-FAKV 20160215
McAfee-GW-Edition BehavesLike.Win32.Virut.cm 20160215
Microsoft Trojan:Win32/Bagsu!rfn 20160215
eScan Trojan.GenericKDZ.29982 20160215
NANO-Antivirus Trojan.Win32.Upatre.dvjzps 20160215
nProtect Trojan.GenericKDZ.29982 20160212
Panda Generic Suspicious 20160214
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160215
Rising PE:Malware.Obscure!1.9C59 [F] 20160215
Sophos AV Mal/Zbot-UH 20160215
Symantec Trojan.Gen 20160214
Tencent Win32.Trojan.Generic.Aiip 20160215
TheHacker Trojan/Injector.chai 20160213
TrendMicro TSPY_ZBOT.YUYAGR 20160215
TrendMicro-HouseCall TSPY_ZBOT.YUYAGR 20160215
VBA32 TrojanDropper.Injector 20160215
VIPRE Trojan-Downloader.Win32.Dofoil 20160215
ViRobot Trojan.Win32.Z.Agent.143360.EC[h] 20160215
Zillya Trojan.Injector.Win32.307130 20160213
Alibaba 20160215
Bkav 20160215
ByteHero 20160215
ClamAV 20160215
CMC 20160214
SUPERAntiSpyware 20160215
TotalDefense 20160215
Zoner 20160215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-14 15:50:45
Entry Point 0x00002A0A
Number of sections 6
PE sections
PE imports
RegOpenKeyW
GetCharacterPlacementW
ExtTextOutW
LocalLock
SetHandleCount
GetModuleFileNameW
FreeLibrary
GetEnvironmentStringsW
LoadLibraryA
GetModuleFileNameA
GetCurrentProcess
GetCurrentDirectoryW
MoveFileExA
LocalAlloc
DeleteFileA
GetDateFormatW
GetStartupInfoW
GetProcAddress
GetLocaleInfoW
GetModuleHandleA
GetSystemDirectoryW
GetTimeFormatA
GetSystemDirectoryA
GetStringTypeW
GetModuleHandleW
LocalFree
CreateFileW
CreateEventA
CreateFileA
LocalUnlock
GetFileSize
CloseHandle
Ord(3820)
Ord(2438)
Ord(4621)
Ord(537)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5257)
Ord(3733)
Ord(755)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(6370)
Ord(815)
Ord(3257)
Ord(922)
Ord(317)
Ord(3917)
Ord(2506)
Ord(2388)
Ord(567)
Ord(3076)
Ord(5175)
Ord(3142)
Ord(5285)
Ord(4667)
Ord(825)
Ord(2573)
Ord(5710)
Ord(641)
Ord(5276)
Ord(4401)
Ord(540)
Ord(4692)
Ord(1764)
Ord(2016)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(2047)
Ord(775)
Ord(5186)
Ord(2504)
Ord(268)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(1197)
Ord(4269)
Ord(324)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(1560)
Ord(4831)
Ord(858)
Ord(4992)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(6362)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(503)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(5273)
Ord(2405)
Ord(2971)
Ord(635)
Ord(4347)
Ord(535)
Ord(5296)
Ord(4214)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(2717)
Ord(561)
Ord(1143)
Ord(6372)
Ord(3131)
Ord(1970)
Ord(5059)
Ord(3397)
Ord(692)
Ord(4395)
Ord(4370)
Ord(3634)
Ord(5286)
Ord(860)
strchr
__CxxFrameHandler
strstr
__p__fmode
_except_handler3
__wgetmainargs
??1type_info@@UAE@XZ
_adjust_fdiv
__setusermatherr
__p__commode
__dllonexit
_onexit
exit
_XcptFilter
_ftol
_initterm
_controlfp
__set_app_type
_exit
_wcmdln
wsprintfA
GetSystemMetrics
ShowCaret
SendMessageW
EnableWindow
SetClipboardData
DrawIcon
GetClientRect
LoadIconW
MsgWaitForMultipleObjects
SetForegroundWindow
IsIconic
SetDlgItemTextW
MessageBoxA
Number of PE resources by type
55 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:08:14 15:50:45+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
118784

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x2a0a

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 72df865b6b7e610d507848b63d7ae8ee
SHA1 2cf5199be66da2fca0e4cc2d0276533c0b5a77f1
SHA256 78eae1d3186fb976c0c41e090d40d5041daf5afda79b0b8bc9354062e7a3f5e1
ssdeep
1536:UzXYcOviT+ggrChSklKTwbKloTveu2tunT3fAFAjge0LA5oya:UzIcOY+xr+rlKploqpqIKS

authentihash d5db8579fca1133812aef39e872183dc25f9382c12fe5813892572ceb491085e
imphash 9457c872942dd47d45b6631d828a26cb
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (36.3%)
Win64 Executable (generic) (32.1%)
Microsoft Visual C++ compiled executable (generic) (19.2%)
Win32 Executable (generic) (5.2%)
OS/2 Executable (generic) (2.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-18 11:19:37 UTC ( 3 years, 9 months ago )
Last submission 2019-04-04 21:09:17 UTC ( 1 month, 3 weeks ago )
File names xreuiuritycuitxyyyycmyuict.malware
355b352a0bdcf3ecf23cef7dc87012e3dc9c4bde
output.122227331.txt
xreuiuritycuitxyyyycmyuict.exe
xreuiuritycuitxyyyycmyuict.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs