× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ad744b38226ca8372ec9f21fa851adcc509edc90fcd496736355374df667df0
File name: vt-upload-fvRJn
Detection ratio: 17 / 54
Analysis date: 2014-06-27 05:46:07 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.400556 20140627
AntiVir TR/PSW.Zbot.17409 20140627
BitDefender Gen:Variant.Kazy.400556 20140627
Emsisoft Gen:Variant.Kazy.400556 (B) 20140627
F-Secure Gen:Variant.Kazy.400556 20140627
Fortinet W32/Malware_fam.NB 20140627
GData Gen:Variant.Kazy.400556 20140627
Kaspersky Hoax.Win32.ArchSMS.cbszj 20140627
McAfee RDN/Generic PWS.y!b2d 20140627
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!86 20140626
Microsoft PWS:Win32/Zbot 20140627
eScan Gen:Variant.Kazy.400556 20140627
Panda Trj/CI.A 20140626
Qihoo-360 HEUR/Malware.QVM19.Gen 20140627
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140623
Sophos AV Mal/EncPk-ZC 20140627
TrendMicro-HouseCall TROJ_GEN.R0C1H08FO14 20140627
AegisLab 20140627
Yandex 20140626
AhnLab-V3 20140626
Antiy-AVL 20140626
Avast 20140627
AVG 20140627
Baidu-International 20140626
Bkav 20140625
ByteHero 20140627
CAT-QuickHeal 20140626
ClamAV 20140626
CMC 20140624
Commtouch 20140627
Comodo 20140627
DrWeb 20140627
ESET-NOD32 20140627
F-Prot 20140627
Ikarus 20140627
Jiangmin 20140627
K7AntiVirus 20140626
K7GW 20140626
Kingsoft 20140627
Malwarebytes 20140627
NANO-Antivirus 20140627
Norman 20140626
nProtect 20140626
SUPERAntiSpyware 20140627
Symantec 20140627
Tencent 20140627
TheHacker 20140624
TotalDefense 20140626
TrendMicro 20140627
VBA32 20140626
VIPRE 20140627
ViRobot 20140627
Zillya 20140626
Zoner 20140626
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-08 02:43:28
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
CallNamedPipeW
GetUserDefaultUILanguage
Toolhelp32ReadProcessMemory
Heap32ListFirst
Process32First
GetSystemInfo
GetTapeStatus
GetDriveTypeA
GetTimeFormatW
GetTickCount
SetThreadPriorityBoost
VirtualProtect
lstrcmpiW
EndUpdateResourceA
FillConsoleOutputCharacterW
CreatePipe
GetCurrentProcess
FileTimeToDosDateTime
OpenProcess
ClearCommBreak
WritePrivateProfileSectionW
GetSystemDefaultLCID
MultiByteToWideChar
SetThreadExecutionState
WritePrivateProfileSectionA
GetCommandLineA
GetProcessHeap
GetProfileStringW
GetSystemDefaultLangID
QueryPerformanceFrequency
CreateDirectoryExW
lstrcmpA
GetModuleHandleA
LocalFlags
SetNamedPipeHandleState
GlobalAddAtomA
SetUnhandledExceptionFilter
lstrcpynA
GetACP
GetCommConfig
SetHandleInformation
GetBinaryTypeA
SetFileAttributesA
WriteProfileSectionA
GetProcessAffinityMask
GetProcessShutdownParameters
IsValidCodePage
GetStringTypeExW
AllocConsole
IsDebuggerPresent
Sleep
GetStringTypeExA
GetVersion
GetCurrentThread
GetClipboardFormatNameA
ChangeMenuA
mouse_event
HideCaret
PostQuitMessage
GetShellWindow
GetForegroundWindow
SetMenuItemInfoW
RemoveMenu
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:04:08 03:43:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
166400

LinkerVersion
1.64

FileAccessDate
2014:06:27 06:48:05+01:00

Warning
Error processing PE data dictionary

EntryPoint
0x1000

InitializedDataSize
42009

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
1.0

FileCreateDate
2014:06:27 06:48:05+01:00

UninitializedDataSize
0

File identification
MD5 1f268e0f881c3386bc94fd0c3a89e21a
SHA1 54eb34b83be8ab67ab80888e524f76fcab71cdc6
SHA256 7ad744b38226ca8372ec9f21fa851adcc509edc90fcd496736355374df667df0
ssdeep
3072:xKFXamZnC1KJvGPRT+EMbroFU7Ns2mFh8:xaDLNGP0lUU7V

imphash 81a70d1041dc5cc433da252ccba78e2a
File size 204.5 KB ( 209408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-27 05:46:07 UTC ( 4 years, 9 months ago )
Last submission 2014-06-27 05:46:07 UTC ( 4 years, 9 months ago )
File names vt-upload-fvRJn
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.