× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d42075325fabf7a66f8c9aaf091f1ac003ffc270ab7e313ec3002e494fd84c7
File name: 965975116597615312c16427ad877275
Detection ratio: 32 / 56
Analysis date: 2015-02-05 04:59:17 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.12595824 20150205
AhnLab-V3 Trojan/Win32.Agent 20150204
ALYac Trojan.Generic.12595824 20150205
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150205
Avast Win32:Agent-AUWP [Trj] 20150205
AVG Crypt3.BTQS 20150205
AVware Trojan.Win32.Generic!BT 20150205
Baidu-International Trojan.Win32.Zbot.aci 20150204
BitDefender Trojan.Generic.12595824 20150205
DrWeb Trojan.Siggen6.29198 20150205
Emsisoft Trojan.Generic.12595824 (B) 20150205
ESET-NOD32 a variant of Win32/Kryptik.CVUW 20150205
F-Secure Trojan.Generic.12595824 20150205
Fortinet W32/Kryptik.CVSS!tr 20150205
GData Trojan.Generic.12595824 20150205
Ikarus Trojan.Win32.Crypt 20150205
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20150205
K7GW DoS-Trojan ( 200acb151 ) 20150205
Kaspersky Trojan-Spy.Win32.Zbot.uvys 20150205
Malwarebytes Trojan.Agent.ED 20150205
McAfee GenericR-CVM!965975116597 20150205
McAfee-GW-Edition BehavesLike.Win32.Autorun.fc 20150205
eScan Trojan.Generic.12595824 20150205
NANO-Antivirus Trojan.Win32.Zbot.dmytur 20150205
nProtect Trojan.Generic.12595824 20150204
Panda Trj/Chgt.O 20150204
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150204
Sophos AV Mal/Generic-S 20150205
Symantec Trojan.Gen 20150205
TheHacker Trojan/Kryptik.cvuw 20150205
TrendMicro-HouseCall TROJ_GEN.R02EB01AT15 20150205
VIPRE Trojan.Win32.Generic!BT 20150205
AegisLab 20150205
Yandex 20150202
Alibaba 20150205
Avira (no cloud) 20150205
Bkav 20150205
ByteHero 20150205
CAT-QuickHeal 20150204
ClamAV 20150205
CMC 20150205
Comodo 20150205
Cyren 20150205
F-Prot 20150205
Kingsoft 20150205
Microsoft 20150205
Norman 20150204
Qihoo-360 20150205
SUPERAntiSpyware 20150205
Tencent 20150205
TotalDefense 20150205
TrendMicro 20150205
VBA32 20150204
ViRobot 20150205
Zillya 20150204
Zoner 20150202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014 SWGSoft

Product jeta-aaalogo Application
Internal name jeta-aaalogo
File version 1.0.0.4
Description jeta-aaalogo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-20 11:55:27
Entry Point 0x000041D8
Number of sections 5
PE sections
PE imports
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
ImageList_GetDragImage
FindTextW
CertGetNameStringA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetTempFileNameA
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
WaitForSingleObject
GetModuleHandleW
GetExitCodeProcess
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
FreeEnvironmentStringsA
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetEnvironmentStrings
GetFileType
GetConsoleMode
DecodePointer
LocalAlloc
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
FormatMessageA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GlobalLock
GetOEMCP
LocalFree
TerminateProcess
GetConsoleCP
IsValidCodePage
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
SetLastError
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
GetCurrentProcessId
WriteConsoleW
InterlockedIncrement
StrStrW
SetFocus
GetForegroundWindow
GetParent
EndDialog
keybd_event
PostQuitMessage
DefWindowProcA
FindWindowA
GetClipboardData
GetWindowThreadProcessId
GetSystemMetrics
GetWindowTextLengthA
CloseClipboard
SetWindowLongA
GetCursorPos
SetWindowTextA
GetMenu
ShowWindow
FindWindowExA
SendMessageA
GetWindowTextA
GetClientRect
SetWindowPos
IsIconic
ScreenToClient
InvalidateRect
GetWindowLongA
IsClipboardFormatAvailable
CreateWindowExA
GetMenuItemInfoA
GetDialogBaseUnits
SetForegroundWindow
OpenClipboard
DestroyWindow
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
Number of PE resources by type
RT_BITMAP 11
RT_ICON 9
RT_STRING 8
RT_RCDATA 7
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 39
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
249344

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014 SWGSoft

FileVersion
1.0.0.4

TimeStamp
2015:01:20 11:55:27+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
jeta-aaalogo

ProductVersion
1.0.0.4

FileDescription
jeta-aaalogo

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
146432

ProductName
jeta-aaalogo Application

ProductVersionNumber
1.0.0.4

EntryPoint
0x41d8

ObjectFileType
Executable application

File identification
MD5 965975116597615312c16427ad877275
SHA1 825c8c99b64eadc291681631dfb2fa898107cb85
SHA256 7d42075325fabf7a66f8c9aaf091f1ac003ffc270ab7e313ec3002e494fd84c7
ssdeep
6144:YHmQmr+26GK/wKLgl7ci+5ZUHsnUTHeJWKZYg/F818KkaBEXAOuzW:bQd2nt9l4i+jh/JW2KxsEzW

authentihash fd416222b1e680bfc0be798b0fb2ef3127893eb2801d9740f873fa575a3990d6
imphash 49d9731369b944166627a41777ddd344
File size 387.5 KB ( 396800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (74.0%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-05 04:59:17 UTC ( 4 years, 1 month ago )
Last submission 2015-03-04 10:25:15 UTC ( 4 years ago )
File names 965975116597615312c16427ad877275
jeta-aaalogo
form.php.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.