× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 89ebf9a59eb91ea0af981e43ea8276da8d6922c0732ddf9df381441fdbfd7130
File name: vt-upload-uXev5
Detection ratio: 29 / 52
Analysis date: 2014-05-27 21:35:54 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.92596 20140527
AhnLab-V3 Spyware/Win32.Trojan Horse 20140527
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20140527
Avast Win32:Malware-gen 20140527
AVG Luhe.Fiha.A 20140527
BitDefender Gen:Variant.Zusy.92596 20140527
ClamAV BC.Heuristic.Trojan.SusPacked.BF-6.B 20140527
CMC Heur.Win32.Veebee.1!O 20140526
Commtouch W32/Trojan.KHST-0769 20140527
DrWeb Trojan.PWS.Stealer.1932 20140527
Emsisoft Gen:Variant.Zusy.92596 (B) 20140527
ESET-NOD32 Win32/Injector.BDXB 20140527
F-Secure Gen:Variant.Zusy.92596 20140527
Fortinet W32/Tepfer.BDXB!tr 20140527
GData Gen:Variant.Zusy.92596 20140527
Ikarus Trojan-Spy.Zbot 20140527
Kaspersky Trojan-PSW.Win32.Tepfer.tzfq 20140527
Kingsoft Win32.PSWTroj.Tepfer.tz.(kcloud) 20140527
Malwarebytes Trojan.Refroso 20140527
McAfee PWSZbot-FLO!890B9C2B4BE2 20140527
McAfee-GW-Edition Artemis!890B9C2B4BE2 20140527
eScan Gen:Variant.Zusy.92596 20140527
Panda Trj/CI.A 20140527
Rising PE:Malware.FakePDF@CV!1.6AB2 20140527
Sophos Troj/VB-HID 20140527
SUPERAntiSpyware Trojan.Agent/Gen-Dynamer 20140527
Symantec WS.Reputation.1 20140527
TrendMicro-HouseCall TROJ_GEN.F0D1H00EQ14 20140527
VIPRE Trojan.Win32.Generic.pak!cobra 20140527
AegisLab 20140527
Yandex 20140527
AntiVir 20140527
Baidu-International 20140527
ByteHero 20140527
CAT-QuickHeal 20140527
Comodo 20140527
F-Prot 20140527
Jiangmin 20140527
K7AntiVirus 20140527
K7GW 20140527
Microsoft 20140527
NANO-Antivirus 20140527
Norman 20140527
nProtect 20140527
Qihoo-360 20140527
Tencent 20140527
TheHacker 20140527
TotalDefense 20140527
TrendMicro 20140527
VBA32 20140527
ViRobot 20140527
Zillya 20140527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1998-2010 ICQ, LLC.

Publisher ICQ, LLC.
Product ICQ
Original name ICQ.exe
Internal name ICQ
File version 7.4.0.4629
Description ICQ
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-14 14:43:34
Entry Point 0x00001114
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(518)
Ord(648)
Ord(685)
Ord(617)
EVENT_SINK_AddRef
Ord(717)
Ord(666)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(578)
__vbaCopyBytes
Ord(589)
Ord(608)
Ord(519)
Ord(100)
Ord(526)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(644)
Ord(631)
Ord(588)
Ord(619)
Ord(698)
Number of PE resources by type
RT_VERSION 2
Struct(28) 1
RT_HTML 1
RT_ICON 1
Struct(26) 1
Struct(27) 1
RT_GROUP_ICON 1
Number of PE resources by language
VENDA DEFAULT 4
NEUTRAL 2
SPANISH MODERN 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:14 15:43:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
8.0

FileAccessDate
2014:05:27 22:35:53+01:00

Warning
Invalid Version Info block

EntryPoint
0x1114

InitializedDataSize
241664

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:05:27 22:35:53+01:00

UninitializedDataSize
0

File identification
MD5 890b9c2b4be2cfc7f1c30e313125ae63
SHA1 a12bb8a7502a97f1cc2e7b5837acab0c5279984a
SHA256 89ebf9a59eb91ea0af981e43ea8276da8d6922c0732ddf9df381441fdbfd7130
ssdeep
6144:9X4Pm6pk5JIUI4fyB6sz8wXz4lk1ZIR7KySE76cseRP:9oPm6pUJIifyRdXclk1ZgKEGcseRP

imphash 83d3ab2e9f79c4627db3b1977d5d74fb
File size 315.9 KB ( 323528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-27 21:35:54 UTC ( 3 years ago )
Last submission 2014-05-27 21:35:54 UTC ( 3 years ago )
File names ICQ.exe
ICQ
vt-upload-uXev5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Shell commands
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.