× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c55309adff2984a3bfaa6ee1db9fb3693e7f747072d66c3a6f4b260b8a07871
File name: f61f675dfce3817b3d3fef3824d38376
Detection ratio: 33 / 53
Analysis date: 2014-07-19 23:19:02 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.414724 20140719
AhnLab-V3 Trojan/Win32.Agent 20140719
AntiVir TR/Crypt.ZPACK.66036 20140719
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20140719
Avast Win32:Kryptik-OAP [Trj] 20140719
AVG Zbot.LMI 20140719
Baidu-International Trojan.Win32.Zbot.bABV 20140719
BitDefender Gen:Variant.Kazy.414724 20140719
Bkav HW32.CDB.105b 20140719
CMC Trojan.Win32.Krap.1!O 20140717
Commtouch W32/PWS.SBMS-3084 20140719
Comodo UnclassifiedMalware 20140719
Emsisoft Gen:Variant.Kazy.414724 (B) 20140719
ESET-NOD32 Win32/Spy.Zbot.ABV 20140719
F-Secure Gen:Variant.Kazy.414724 20140719
Fortinet W32/Foreign.ABV!tr 20140719
GData Gen:Variant.Kazy.414724 20140719
Kaspersky Trojan-Ransom.Win32.Foreign.kyxs 20140719
Malwarebytes Spyware.Zbot.VXGen 20140719
McAfee RDN/Generic PWS.y!b2i 20140720
McAfee-GW-Edition RDN/Generic PWS.y!b2i 20140719
Microsoft PWS:Win32/Zbot 20140719
eScan Gen:Variant.Kazy.414724 20140719
Panda Trj/CI.A 20140719
Qihoo-360 HEUR/Malware.QVM20.Gen 20140720
Rising PE:Trojan.Win32.Generic.16FCF92F!385677615 20140719
Sophos AV Mal/Generic-S 20140719
Symantec Trojan.Gen.2 20140719
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140720
TrendMicro TROJ_GEN.R0CBC0DGE14 20140719
TrendMicro-HouseCall BKDR_SHARIK.SMA3 20140719
VBA32 Hoax.Foreign 20140718
VIPRE Trojan.Win32.Generic!BT 20140720
AegisLab 20140720
Yandex 20140719
ByteHero 20140720
CAT-QuickHeal 20140719
ClamAV 20140719
DrWeb 20140719
F-Prot 20140719
Ikarus 20140719
Jiangmin 20140719
K7AntiVirus 20140718
K7GW 20140719
Kingsoft 20140720
NANO-Antivirus 20140719
Norman 20140719
nProtect 20140718
SUPERAntiSpyware 20140719
TheHacker 20140718
TotalDefense 20140719
ViRobot 20140719
Zoner 20140718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-01 13:13:23
Entry Point 0x00020AFE
Number of sections 4
PE sections
PE imports
GetEnhMetaFileA
GetDIBColorTable
GetTextMetricsW
GdiDeleteSpoolFileHandle
GetCurrentPositionEx
SetICMMode
PlayMetaFile
SetMagicColors
GetTextExtentPointA
CopyEnhMetaFileW
ColorCorrectPalette
FixBrushOrgEx
FillPath
GetFontLanguageInfo
ExtFloodFill
StartFormPage
CreatePen
CreateFontA
GdiPlayPrivatePageEMF
SetTextAlign
RoundRect
EndPage
SelectObject
StartDocA
EudcUnloadLinkW
CreateCompatibleBitmap
CreateScalableFontResourceA
GetEnhMetaFileHeader
CreateFontIndirectExA
GetCharWidth32A
Ellipse
InternalSetTcpEntry
InternalSetIpForwardEntry
GetUdpStatistics
NhGetInterfaceNameFromGuid
SetIfEntry
SetIpStatistics
InternalDeleteIpNetEntry
InternalGetIfTable
FlushIpNetTable
GetNetworkParams
EnableRouter
UnenableRouter
CreateIpNetEntry
GetBestRoute
DeleteIpForwardEntry
GetTcpStatistics
GetAdapterOrderMap
InternalSetIfEntry
AddIPAddress
GetFriendlyIfIndex
SetIpForwardEntry
GetAdaptersInfo
IpRenewAddress
InternalSetIpStats
NTPTimeToNTFileTime
InternalDeleteIpForwardEntry
GetComputerNameExA
UpdateResourceW
SetLocalTime
ExitProcess
CreateDirectoryA
I_RpcClearMutex
NdrMesTypeAlignSize2
RpcAsyncCancelCall
NdrComplexArrayMemorySize
RpcSmAllocate
RpcSsGetContextBinding
RpcImpersonateClient
NdrStubInitializeMarshall
NdrNsGetBuffer
I_RpcFreePipeBuffer
NdrFixedArrayMarshall
RpcServerUseProtseqExA
NdrCorrelationInitialize
I_RpcConnectionInqSockBuffSize
NdrCStdStubBuffer_Release
RpcSsEnableAllocate
RpcServerUseProtseqEpA
NdrOleAllocate
RpcMgmtInqIfIds
NdrServerInitializeNew
RpcBindingInqAuthClientW
NdrGetBuffer
I_RpcServerUseProtseqEp2W
RpcRaiseException
I_RpcFree
NdrComplexStructMemorySize
NdrGetUserMarshalInfo
RpcBindingInqAuthInfoW
NDRSContextUnmarshallEx
NdrCorrelationPass
NdrSendReceive
NdrNonEncapsulatedUnionMemorySize
StrRChrW
StrNCatW
UrlEscapeW
SHSetValueA
wvnsprintfW
SHDeleteOrphanKeyA
SHRegisterValidateTemplate
PathUnExpandEnvStringsA
StrFormatByteSizeW
StrCSpnA
SHQueryValueExW
PathCombineW
StrCSpnW
StrTrimA
PathUnmakeSystemFolderW
PathCommonPrefixW
PathIsUNCServerShareA
StrIsIntlEqualA
AssocQueryStringByKeyA
StrFromTimeIntervalA
ChrCmpIW
PathIsUNCServerW
SHRegDeleteEmptyUSKeyA
GetMenuPosFromID
StrCatBuffA
ChrCmpIA
StrStrA
PathQuoteSpacesA
SHRegSetPathA
ColorAdjustLuma
SHIsLowMemoryMachine
PathFindExtensionW
Number of PE resources by type
RT_GROUP_CURSOR 20
RT_ICON 19
RT_BITMAP 14
RT_CURSOR 10
RT_VERSION 1
Number of PE resources by language
SPANISH PUERTO RICO 36
ENGLISH AUS 28
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:01 14:13:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
143360

LinkerVersion
10.0

EntryPoint
0x20afe

InitializedDataSize
75776

SubsystemVersion
4.0

ImageVersion
9.2

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 f61f675dfce3817b3d3fef3824d38376
SHA1 e47e70d3eb9cee5a962d759bc0c706e6a0b4ace3
SHA256 8c55309adff2984a3bfaa6ee1db9fb3693e7f747072d66c3a6f4b260b8a07871
ssdeep
3072:hvdX4Df3lkxDfvM09/ycxZKF20b9tzZNb+p4lzI2YxIH9tumTq+yNbZ:hdIDf3lkxE0JHH0b/GX1x6y

authentihash f036a3d4a8e0b1f35a4be1530caa947d5705f6e0cb7b50488361eba7a02741e4
imphash f06845a4e21c80e58603c0e717d55665
File size 215.0 KB ( 220160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-19 23:19:02 UTC ( 4 years, 8 months ago )
Last submission 2014-07-19 23:19:02 UTC ( 4 years, 8 months ago )
File names f61f675dfce3817b3d3fef3824d38376
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.