× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 806ce472cbdb8fd52d32dccc5fe6a149fdefc5370d092fe22e1e9d21a471dd08
File name: 806ce472cbdb8fd52d32dccc5fe6a149fdefc5370d092fe22e1e9d21a471dd08
Detection ratio: 53 / 59
Analysis date: 2017-03-03 09:41:11 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.Zygug.5 20170303
AegisLab Backdoor.W32.Androm.qir!c 20170303
AhnLab-V3 Backdoor/Win32.Androm.R67062 20170302
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20170303
Arcabit Trojan.Zygug.5 20170303
Avast Win32:Downloader-TIS [Trj] 20170303
AVG Agent 20170302
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20170303
AVware Trojan.Win32.Zbot.fdm (v) 20170303
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170303
BitDefender Gen:Heur.Zygug.5 20170303
Bkav W32.CukipeO.Trojan 20170302
CAT-QuickHeal TrojanPWS.Zbot.Gen 20170302
ClamAV Win.Trojan.Agent-1183725 20170303
Comodo UnclassifiedMalware 20170303
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/A-ca7634ff!Eldorado 20170303
DrWeb BackDoor.IRC.NgrBot.342 20170303
Emsisoft Gen:Heur.Zygug.5 (B) 20170303
Endgame malicious (high confidence) 20170222
ESET-NOD32 Win32/Dorkbot.B 20170303
F-Prot W32/A-ca7634ff!Eldorado 20170303
F-Secure Gen:Heur.Zygug.5 20170303
Fortinet W32/Zbot.AOV!tr 20170303
GData Gen:Heur.Zygug.5 20170303
Ikarus Trojan-Spy.Win32.Zbot 20170303
Sophos ML virus.win32.sality.am 20170203
Jiangmin Trojan/Generic.axdsq 20170301
K7AntiVirus EmailWorm ( 0040f4131 ) 20170303
K7GW EmailWorm ( 0040f4131 ) 20170303
Kaspersky HEUR:Trojan.Win32.Generic 20170303
Kingsoft Win32.Heur.KVMF4.hy.(kcloud) 20170303
Malwarebytes Spyware.Zbot.VXGen 20170303
McAfee PWS-Zbot-FBDR!EBA13769B20A 20170303
McAfee-GW-Edition BehavesLike.Win32.Ramnit.cc 20170303
Microsoft Worm:Win32/Dorkbot.I 20170303
eScan Gen:Heur.Zygug.5 20170303
NANO-Antivirus Trojan.Win32.NgrBot.bxpome 20170303
Panda Trj/Genetic.gen 20170302
Qihoo-360 Win32/Backdoor.4f3 20170303
Sophos AV W32/DorkBot-IP 20170303
SUPERAntiSpyware Trojan.Agent/Gen-Siggen 20170303
Symantec W32.IRCBot.NG 20170302
Tencent Win32.Worm.Dorkbot.Anfl 20170303
TheHacker Trojan/Dorkbot.b 20170302
TotalDefense Win32/Dorkbot.bQIPTW 20170303
TrendMicro WORM_DORKBOT.ON 20170303
TrendMicro-HouseCall WORM_DORKBOT.ON 20170303
VBA32 BScope.Trojan.MTA.0661 20170302
VIPRE Trojan.Win32.Zbot.fdm (v) 20170303
Webroot Malicious 20170303
Yandex Backdoor.Androm!VVvuUHuCRwM 20170225
Zillya Backdoor.Androm.Win32.726 20170302
Alibaba 20170228
ALYac 20170303
CMC 20170303
nProtect 20170303
Rising 20170302
Trustlook 20170303
ViRobot 20170303
WhiteArmor 20170303
Zoner 20170303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 1995 Igikiwo Ijegi. Zid Uhupof Symy.

Product Lumu
Original name Pohg3jrk.exe
Internal name Ugimi
File version 10, 4, 5
Description Tuxov Johiqox Xixot
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-02 05:17:33
Entry Point 0x0000F445
Number of sections 6
PE sections
PE imports
DeviceIoControl
CallNamedPipeA
CreateTimerQueue
GetTempPathA
RemoveDirectoryA
PostQueuedCompletionStatus
QueueUserAPC
VerifyVersionInfoW
GetVolumeInformationA
GetCPInfoExW
SetTapePosition
InterlockedDecrement
_llseek
lstrcatW
InterlockedCompareExchange
FlushInstructionCache
Process32FirstW
FindResourceExA
InterlockedExchangeAdd
GetFileSizeEx
MapViewOfFile
_lcreat
GetDiskFreeSpaceW
SetSystemPowerState
GlobalFix
CloseHandle
EnumResourceLanguagesA
GlobalWire
IsValidLanguageGroup
GetSystemTimeAdjustment
ConnectNamedPipe
CreateEventW
GetStringTypeExW
SearchPathA
TlsGetValue
IsBadReadPtr
GetEnvironmentVariableW
FindFirstVolumeW
GetLongPathNameA
GetModuleFileNameExA
GetDeviceDriverFileNameW
EmptyWorkingSet
RedrawWindow
UnregisterHotKey
SetUserObjectSecurity
EnableScrollBar
DestroyMenu
SetSystemCursor
PostQuitMessage
IsWindow
GetMessageTime
VkKeyScanW
DdeInitializeA
LockWorkStation
ToAscii
SetScrollPos
SetMessageExtraInfo
GetTopWindow
EnumPropsExW
PostThreadMessageW
ExcludeUpdateRgn
GetMenuItemCount
GetWindowTextA
GetMenuContextHelpId
PtInRect
AttachThreadInput
CallMsgFilterA
CreateCaret
DrawFrameControl
TranslateMDISysAccel
IMPSetIMEW
DdeKeepStringHandle
ChildWindowFromPoint
DdeEnableCallback
GetWindow
GetMenuBarInfo
EditWndProc
LoadStringA
GetMenuItemRect
LoadMenuIndirectW
IsZoomed
IsCharLowerW
IsIconic
InvertRect
EnumPropsA
UnhookWinEvent
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
IsWindowUnicode
RealChildWindowFromPoint
TabbedTextOutW
IsDialogMessageA
VkKeyScanExW
MapVirtualKeyA
OpenInputDesktop
BeginPaint
DefMDIChildProcW
MapVirtualKeyW
GetComboBoxInfo
RegisterClipboardFormatW
SendDlgItemMessageA
SetWindowLongW
InflateRect
ReleaseCapture
GetMessageExtraInfo
RegisterDeviceNotificationW
BroadcastSystemMessageA
WaitMessage
DdeGetLastError
FindWindowExA
CountClipboardFormats
DialogBoxIndirectParamW
GetMenuItemInfoA
IsDlgButtonChecked
LoadIconW
ReuseDDElParam
SetForegroundWindow
SetWindowContextHelpId
GetLastInputInfo
DdeUninitialize
FlashWindowEx
RegisterClipboardFormatA
GetMenuStringA
AppendMenuW
LookupIconIdFromDirectoryEx
GetClassWord
SetDlgItemTextW
SetScrollInfo
IsCharAlphaNumericA
GetProcessDefaultLayout
SetShellWindow
DestroyIcon
SubtractRect
GetKeyNameTextW
AnimateWindow
SendMessageTimeoutA
ChangeMenuW
GetAncestor
DdeFreeStringHandle
Number of PE resources by type
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:02:02 06:17:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
74752

LinkerVersion
4.0

Warning
Error processing PE data dictionary

EntryPoint
0xf445

InitializedDataSize
44544

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 eba13769b20aeef8f46d11f8b1e99ecd
SHA1 ee7c58cb099a734d3f695b5be4b9347431bae618
SHA256 806ce472cbdb8fd52d32dccc5fe6a149fdefc5370d092fe22e1e9d21a471dd08
ssdeep
3072:BlYHZhfiFXNHMgPnGfMSKvaV/E77Xj9Qxl:PYHWXNHMknGfQaV/EHXjix

authentihash 207f2a32b9fb70d4f9bf9a24f1462dbe06c5e6067ba6c6347f56f157ad88cf9d
imphash f1444a48217eeb6911cadc7e19304568
File size 117.5 KB ( 120320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-20 21:36:36 UTC ( 5 years, 6 months ago )
Last submission 2018-05-07 05:02:47 UTC ( 6 months, 2 weeks ago )
File names JBXQXZ.EXE._EE7C58CB099A734D3F695B5BE4B9347431BAE618
GoIUfBEmttLSaqa.exe
Pohg3jrk.exe
Ugimi
Xywawx.exe
b0d49151.pif
1111.exe
78b2.exe
screensaverpro.scr
sngags.exe
TmRzzOYMidiJLuv.exe
ScreenSaverPro.scr
eba13769b20aeef8f46d11f8b1e99ecd.ee7c58cb099a734d3f695b5be4b9347431bae618
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!