× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a81490e29ca3b0bcbe691d63d59c7db29eefa8241d9a5df250197a26ef181bc
File name: vt-upload-X8Nbc
Detection ratio: 23 / 49
Analysis date: 2014-03-06 17:42:20 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1591964 20140306
AhnLab-V3 Spyware/Win32.Zbot 20140306
AntiVir TR/Crypt.Xpack.59894 20140306
Antiy-AVL Trojan[Backdoor]/Win32.Symmi 20140306
Avast Win32:Downloader-VAN [Trj] 20140306
AVG Downloader.Generic13.BXZQ 20140306
BitDefender Trojan.GenericKD.1591964 20140306
DrWeb Trojan.PWS.Siggen1.22019 20140306
Emsisoft Trojan.GenericKD.1591964 (B) 20140306
ESET-NOD32 a variant of Win32/Injector.AZCG 20140306
F-Secure Trojan.GenericKD.1591964 20140306
GData Trojan.GenericKD.1591964 20140306
Kaspersky Backdoor.Win32.Symmi.pvu 20140306
Kingsoft Win32.Hack.Symmi.p.(kcloud) 20140306
Malwarebytes Trojan.Inject.ED 20140306
McAfee Downloader-FYH!790834C5618F 20140306
McAfee-GW-Edition Downloader-FYH!790834C5618F 20140306
Microsoft VirTool:Win32/CeeInject 20140306
eScan Trojan.GenericKD.1591964 20140306
Panda Trj/dtcontx.K 20140306
Qihoo-360 HEUR/Malware.QVM07.Gen 20140306
Sophos Mal/Generic-S 20140306
VIPRE Trojan.Win32.Generic!BT 20140306
Yandex 20140305
Baidu-International 20140306
Bkav 20140306
ByteHero 20140306
CAT-QuickHeal 20140306
ClamAV 20140305
CMC 20140228
Commtouch 20140306
Comodo 20140306
F-Prot 20140306
Fortinet 20140306
Ikarus 20140306
Jiangmin 20140306
K7AntiVirus 20140306
K7GW 20140306
NANO-Antivirus 20140306
Norman 20140306
nProtect 20140306
Rising 20140306
SUPERAntiSpyware 20140306
Symantec 20140306
TheHacker 20140305
TotalDefense 20140306
TrendMicro 20140306
TrendMicro-HouseCall 20140306
VBA32 20140306
ViRobot 20140306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-02 15:40:40
Entry Point 0x000077AA
Number of sections 4
PE sections
PE imports
CreatePen
CreateCompatibleBitmap
CreateSolidBrush
SetPixelV
CreateCompatibleDC
StretchBlt
Rectangle
GetModuleFileNameA
GetStartupInfoA
ExitProcess
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(4635)
Ord(1641)
Ord(3136)
Ord(6383)
Ord(665)
Ord(5440)
Ord(6375)
Ord(2515)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(2864)
Ord(4297)
Ord(1979)
Ord(4852)
Ord(815)
Ord(641)
Ord(5788)
Ord(1175)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4750)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(4627)
Ord(1168)
Ord(4716)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(5442)
Ord(5067)
Ord(4375)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(4229)
Ord(1727)
Ord(823)
Ord(5785)
Ord(2107)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(1834)
Ord(3262)
Ord(1576)
Ord(3573)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(858)
Ord(3693)
Ord(2396)
Ord(4608)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(2405)
Ord(4607)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(6394)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(3571)
Ord(4622)
Ord(561)
Ord(355)
Ord(1640)
Ord(4133)
Ord(5016)
Ord(2841)
Ord(4486)
Ord(4698)
Ord(613)
Ord(5163)
Ord(3452)
Ord(4834)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
__p__fmode
malloc
_acmdln
_ftol
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
__CxxFrameHandler
_adjust_fdiv
__getmainargs
_controlfp
_setmbcp
_initterm
_exit
_CIacos
__set_app_type
DrawDibClose
DrawDibOpen
GetSystemMetrics
IsIconic
LoadCursorA
LoadIconA
EnableWindow
DrawIcon
SendMessageA
CheckRadioButton
GetClientRect
GetSystemMenu
AppendMenuA
WindowFromDC
FrameRect
GetDC
SetCursor
Number of PE resources by type
RT_DIALOG 3
RT_STRING 1
Number of PE resources by language
CHINESE SIMPLIFIED 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:02 16:40:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

FileAccessDate
2014:03:06 18:40:33+01:00

EntryPoint
0x77aa

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:06 18:40:33+01:00

UninitializedDataSize
0

File identification
MD5 790834c5618f047912851ef4fa41c113
SHA1 74732df1fcf44d6bb7b25632c918fcec88d4c29a
SHA256 7a81490e29ca3b0bcbe691d63d59c7db29eefa8241d9a5df250197a26ef181bc
ssdeep
6144:2U1NFdZGiSR9wKdf2nrU6+JZluYwhQw4dShcO:VFdZdo9tmo6+jeSSd

imphash 55cc33ecd1165d9fce961bd16ec85340
File size 212.4 KB ( 217448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-06 17:42:20 UTC ( 3 years, 1 month ago )
Last submission 2014-03-06 17:42:20 UTC ( 3 years, 1 month ago )
File names vt-upload-X8Nbc
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.