× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 894045263110e25fc6427c21e227adf812f1d3f26cdc77177fe13aa7d8af94a7
File name: 2f435add884e086ea699814fd4d3ccff
Detection ratio: 38 / 56
Analysis date: 2015-11-28 07:00:37 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.400837 20151128
Yandex TrojanSpy.Zbot!9E/YjF7faIg 20151127
AhnLab-V3 Trojan/Win32.Kazy 20151127
ALYac Gen:Variant.Kazy.400837 20151128
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151128
Arcabit Trojan.Kazy.D61DC5 20151128
Avast Win32:Malware-gen 20151128
AVG Zbot.LAF 20151128
Avira (no cloud) TR/Crypt.ZPACK.Gen7 20151128
AVware Trojan.Win32.Generic!BT 20151128
Baidu-International Trojan.Win32.Zbot.ABS 20151127
BitDefender Gen:Variant.Kazy.400837 20151128
Comodo TrojWare.Win32.Agent.BDQY 20151128
Cyren W32/Zbot.JC2.gen!Eldorado 20151128
DrWeb Trojan.PWS.Panda.7498 20151128
Emsisoft Gen:Variant.Kazy.400837 (B) 20151128
ESET-NOD32 Win32/Spy.Zbot.ABS 20151128
F-Prot W32/Zbot.JC2.gen!Eldorado 20151128
F-Secure Gen:Variant.Kazy.400837 20151128
Fortinet W32/Asprox.AYMJ!tr 20151128
GData Gen:Variant.Kazy.400837 20151128
Kaspersky HEUR:Trojan.Win32.Generic 20151128
Malwarebytes Trojan.Zbot 20151128
McAfee Packed-APIXOR!2F435ADD884E 20151128
McAfee-GW-Edition BehavesLike.Win32.Expiro.fm 20151128
Microsoft PWS:Win32/Zbot 20151128
eScan Gen:Variant.Kazy.400837 20151128
nProtect Trojan-Spy/W32.ZBot.341504.AG 20151127
Panda Trj/Genetic.gen 20151127
Qihoo-360 QVM20.1.Malware.Gen 20151128
Sophos AV Mal/Zbot-SC 20151128
SUPERAntiSpyware Trojan.Agent/Gen-Kazy 20151128
Symantec Packed.Generic.459 20151127
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20151128
TrendMicro TROJ_SPNR.0BGA14 20151128
TrendMicro-HouseCall TROJ_SPNR.0BGA14 20151128
VIPRE Trojan.Win32.Generic!BT 20151128
Zillya Trojan.Zbot.Win32.159226 20151127
AegisLab 20151128
Alibaba 20151127
Bkav 20151127
ByteHero 20151128
CAT-QuickHeal 20151126
ClamAV 20151128
CMC 20151127
Ikarus 20151128
Jiangmin 20151127
K7AntiVirus 20151128
K7GW 20151128
NANO-Antivirus 20151128
Rising 20151127
TheHacker 20151127
TotalDefense 20151128
VBA32 20151126
ViRobot 20151128
Zoner 20151128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name ServiceModelReg.exe
Internal name ServiceModelReg.exe
File version 3.0.4506.4926 (NetFXw7.030729-4900)
Description .NET Framework
Comments Flavor=Retail
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-26 13:10:59
Entry Point 0x0004B530
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
ReadEncryptedFileRaw
WriteEncryptedFileRaw
LookupAccountSidW
RegQueryValueExA
RegEnumValueW
FreeSid
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
GetAce
RegRestoreKeyW
RegCloseKey
InitializeSecurityDescriptor
DecryptFileW
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
RegFlushKey
RegisterEventSourceW
OpenProcessToken
QueryServiceStatus
RegConnectRegistryW
AddAccessAllowedAce
RegOpenKeyExW
SetFileSecurityW
CloseEncryptedFileRaw
RegReplaceKeyW
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
GetUserNameW
GetSecurityDescriptorDacl
RegEnumKeyExW
OpenThreadToken
EncryptFileW
RegLoadKeyW
OpenEncryptedFileRawW
DeleteAce
SetEntriesInAclW
StartServiceW
RegSetValueExW
RegDeleteValueW
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
CheckTokenMembership
RegSaveKeyW
EqualSid
RegUnLoadKeyW
EnumDependentServicesW
LookupPrivilegeValueW
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
AddFontResourceA
PathToRegion
CreateFontIndirectW
PatBlt
SaveDC
GetEnhMetaFileW
CombineRgn
UpdateColors
Rectangle
Polygon
GetMapMode
GetTextColor
CreateBitmap
FillPath
BitBlt
RealizePalette
CreatePatternBrush
CreateMetaFileA
GetObjectW
GetColorSpace
GetTextExtentPoint32W
GetDCPenColor
CreateCompatibleDC
CreateRectRgn
SelectObject
GetSystemPaletteUse
GetStretchBltMode
DeleteObject
CreateCompatibleBitmap
GetVolumePathNameW
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
SetTapePosition
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
GetTapeParameters
DeleteCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetErrorMode
GetFileInformationByHandle
GetTapePosition
GetLocaleInfoW
WideCharToMultiByte
WriteFile
FindNextVolumeMountPointW
GetSystemTimeAsFileTime
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindFirstVolumeMountPointW
GetLogicalDriveStringsW
FindClose
SetFileAttributesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
HeapAlloc
VerSetConditionMask
SetFileShortNameW
GetVolumeInformationW
MultiByteToWideChar
VerifyVersionInfoW
GetPrivateProfileStringW
GetModuleHandleA
EraseTape
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
GetVolumeNameForVolumeMountPointW
ExitThread
TerminateProcess
CreateSemaphoreW
SetCurrentDirectoryW
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
CreateEventW
SetEndOfFile
BackupSeek
GetCurrentThreadId
GetNumberFormatW
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
SetTapeParameters
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LoadLibraryA
GetWindowsDirectoryW
GetFileSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
FindVolumeMountPointClose
GetProcAddress
GetProcessHeap
GetComputerNameW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
BackupWrite
CreateHardLinkW
DeleteFileW
FindFirstFileW
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
PrepareTape
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalFree
GetTapeStatus
CompareStringW
LockFile
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCompressedFileSizeW
GetCurrentDirectoryA
BackupRead
GetCommandLineA
WritePrivateProfileStringW
WriteTapemark
ReleaseSemaphore
SetFilePointer
ReadFile
CloseHandle
GetLocalTime
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
SHGetFolderPathW
SHGetPathFromIDListW
ExtractIconExW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
GetMessagePos
LoadBitmapW
PostQuitMessage
GetWindowContextHelpId
LockSetForegroundWindow
SetWindowPos
GetClipboardViewer
IsWindow
ClientToScreen
WindowFromPoint
SetActiveWindow
GetMenuItemID
GetAsyncKeyState
MapDialogRect
SendMessageW
UnregisterClassW
GetClientRect
CallNextHookEx
LoadImageW
GetActiveWindow
GetWindowTextW
GetWindowTextLengthW
InvalidateRgn
DestroyWindow
GetParent
UpdateWindow
SetClassLongW
ShowWindow
GetNextDlgGroupItem
IsCharAlphaW
PeekMessageW
CreateIconFromResource
EnableWindow
ChildWindowFromPoint
IsWindowEnabled
GetWindow
GetIconInfo
SetParent
LoadStringW
CloseWindow
IsIconic
DrawFocusRect
SetTimer
FlashWindow
CopyRect
GetWindowLongW
GetMonitorInfoW
SystemParametersInfoW
DefWindowProcW
KillTimer
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CreatePopupMenu
GetSubMenu
SetWindowTextW
GetDlgItem
BringWindowToTop
ScreenToClient
LoadIconA
CountClipboardFormats
GetMenuItemCount
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
GetDC
ExitWindowsEx
GetCursorPos
GetCaretBlinkTime
ReleaseDC
CreateIconIndirect
GetCapture
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
GetMenu
DestroyIcon
UnhookWindowsHookEx
LoadCursorFromFileA
AppendMenuW
GetSysColor
GetKeyState
wvsprintfW
EnableMenuItem
IsWindowVisible
IsCharAlphaNumericW
MonitorFromWindow
DeleteMenu
InvalidateRect
CloseDesktop
GetFocus
wsprintfW
CloseClipboard
SetCursor
_purecall
__p__fmode
malloc
_putenv
__wgetmainargs
wprintf
_wfopen
memset
_wcsnicmp
__dllonexit
_open_osfhandle
_snwprintf
fread
_CxxThrowException
_wcsupr
fflush
_onexit
_vsnwprintf
_cexit
wcslen
_c_exit
wcscpy
clearerr
wcscmp
_errno
_tzset
fseek
__p__commode
_mbslen
fclose
_getpid
_wcsdup
mktime
ftell
isalpha
exit
_XcptFilter
_ftol
wcsncat
__setusermatherr
_local_unwind2
wcsncpy
_wcmdln
__CxxFrameHandler
_mbscpy
_wcsicmp
wcspbrk
_fdopen
_exit
_adjust_fdiv
time
_wcsrev
_filelength
swprintf
wcscat
wcsncmp
free
_except_handler3
calloc
realloc
memcpy
_wcslwr
memmove
localtime
isspace
swscanf
wcsrchr
wcschr
wcstok
fwrite
wcsstr
_initterm
_controlfp
_wtoi
__set_app_type
CoInitializeEx
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CLSIDFromString
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Flavor=Retail

InitializedDataSize
34304

ImageVersion
0.0

ProductName
Microsoft .NET Framework

FileVersionNumber
3.0.4506.4926

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
DDBLD145

FileTypeExtension
exe

OriginalFileName
ServiceModelReg.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0.4506.4926 (NetFXw7.030729-4900)

TimeStamp
2014:06:26 14:10:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ServiceModelReg.exe

ProductVersion
3.0.4506.4926

FileDescription
.NET Framework

OSVersion
5.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
306688

FileSubtype
0

ProductVersionNumber
3.0.4506.4926

EntryPoint
0x4b530

ObjectFileType
Executable application

File identification
MD5 2f435add884e086ea699814fd4d3ccff
SHA1 88c2ebe73a70754e21d10cdb3c0334d5740ea7c5
SHA256 894045263110e25fc6427c21e227adf812f1d3f26cdc77177fe13aa7d8af94a7
ssdeep
6144:FftVCZTxVBnbTN8qcHGCRD6POjMBDMDq1b+zR:RWTTBbTqq+Gs62jMBDZat

authentihash d72ddf124abef27f64a55c9712feb8da259f3e762150c88fb2ab3193c74d1074
imphash 09a1fda096f710242cffeade56836ff1
File size 333.5 KB ( 341504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-28 07:00:37 UTC ( 3 years, 3 months ago )
Last submission 2015-11-28 07:00:37 UTC ( 3 years, 3 months ago )
File names ServiceModelReg.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs