× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8710ba76461b3627deb85aac0b0c1729c0ce58af1d77806fa1bfa3eae3de7268
File name: ADP_QabtyY.exe
Detection ratio: 44 / 54
Analysis date: 2014-09-03 21:27:49 UTC ( 7 months, 3 weeks ago )
Antivirus Result Update
AVG Crypt_s.ATF 20140903
AVware VirTool.Win32.Obfuscator.da!j (v) 20140903
Ad-Aware Trojan.FakeAV.NKH 20140903
AhnLab-V3 Trojan/Win32.Tepfer 20140903
Avast Win32:Malware-gen 20140903
Avira TR/PSW.Tepfer.EB.35 20140903
Baidu-International Trojan.Win32.Zbot.aD 20140903
BitDefender Trojan.FakeAV.NKH 20140903
Bkav W32.Clod8a7.Trojan.b83e 20140903
CAT-QuickHeal Trojan.Urausy.C 20140903
Comodo TrojWare.Win32.Kryptik.AYL 20140903
Cyren W32/SuspPack.EX.gen!Eldorado 20140903
DrWeb Trojan.Packed.24465 20140903
ESET-NOD32 a variant of Win32/Kryptik.AXQC 20140903
Emsisoft Trojan.FakeAV.NKH (B) 20140903
F-Prot W32/SuspPack.EX.gen!Eldorado 20140903
F-Secure Trojan.FakeAV.NKH 20140903
Fortinet W32/Kryptik.X!tr 20140903
GData Trojan.FakeAV.NKH 20140903
Ikarus Trojan.Crypt_s 20140903
K7AntiVirus Trojan ( 0040f0941 ) 20140903
K7GW Trojan ( 0040f0941 ) 20140903
Kaspersky HEUR:Trojan.Win32.Generic 20140903
Kingsoft Win32.Troj.Zbot.jw.(kcloud) 20140903
Malwarebytes Trojan.LameShield 20140903
McAfee BackDoor-FJW 20140903
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fc 20140903
MicroWorld-eScan Trojan.FakeAV.NKH 20140903
Microsoft PWS:Win32/Zbot.gen!GO 20140903
NANO-Antivirus Trojan.Win32.Packed.cranmp 20140903
Norman Kryptik.CBUG 20140903
Panda Trj/Genetic.gen 20140903
Qihoo-360 Malware.QVM20.Gen 20140903
Rising PE:Trojan.Win32.Generic.1489A992!344566162 20140903
SUPERAntiSpyware Trojan.Agent/Gen-FakeAV 20140903
Sophos Mal/Zbot-KR 20140903
Symantec Packed.Generic.402 20140903
Tencent Win32.Trojan-Spy.Zbot.hog 20140903
TotalDefense Win32/Winwebsec.AM!generic 20140903
TrendMicro TSPY_TEPFER.SMAM 20140903
TrendMicro-HouseCall TSPY_TEPFER.SMAM 20140903
VBA32 OScope.Trojan.Hlux.01733 20140903
VIPRE VirTool.Win32.Obfuscator.da!j (v) 20140903
nProtect Trojan-Spy/W32.ZBot.316928.Z 20140903
AegisLab 20140903
Agnitum 20140903
ByteHero 20140903
CMC 20140901
ClamAV 20140903
Jiangmin 20140903
TheHacker 20140903
ViRobot 20140903
Zillya 20140903
Zoner 20140901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:06:24
Link date 7:06 PM 1/23/2013
Entry Point 0x000010FB
Number of sections 4
PE sections
PE imports
IsValidSid
DllGetClassObject
DirectXFileCreate
DllCanUnloadNow
GetConsoleAliasA
GetFileAttributesA
GetDriveTypeA
HeapDestroy
VirtualProtect
GetModuleFileNameA
GetLocalTime
GetConsoleMode
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GlobalLock
CancelIo
GetProcessHeap
GetFileTime
GetModuleHandleA
InterlockedExchange
LocalFree
FindClose
ReadConsoleW
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetWindowLongA
LoadCursorA
wsprintfA
DispatchMessageA
IsZoomed
GetWindowTextA
MessageBoxA
PeekMessageA
GetWindowDC
IsWindowEnabled
GetSysColor
GetKeyState
Number of PE resources by type
RT_ICON 2
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:23 18:06:24+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5120

LinkerVersion
7.0

EntryPoint
0x10fb

InitializedDataSize
310784

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 13eeca375585322c676812cf9e2e9789
SHA1 df68da0a7893e2520028e8ddaafa2a2305534afa
SHA256 8710ba76461b3627deb85aac0b0c1729c0ce58af1d77806fa1bfa3eae3de7268
ssdeep
6144:TdOKU2I3k2fxQbSyqeiLfR73M2GceOoQdY3sejmDADVjIBZSZ4NdG:BxIU2ZQbSydS5vGcT/ojmSVMj+X

imphash 87c2c908ae333380535ed62928d70628
File size 309.5 KB ( 316928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-22 11:34:16 UTC ( 2 years, 1 month ago )
Last submission 2013-03-22 11:35:34 UTC ( 2 years, 1 month ago )
File names ADP_QabtyY.exe
ADP_cx5oMi.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications