× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c8ee33fa6a42010f4732a878126213c9162ddc1c897df7e2ed995c15fe64643
File name: b8e29834c7ae5ed9612b2ab72ee00d27
Detection ratio: 30 / 53
Analysis date: 2014-07-22 21:32:43 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.418700 20140722
AhnLab-V3 Spyware/Win32.Zbot 20140722
AntiVir TR/Zbot.A.997 20140722
Antiy-AVL Trojan/Win32.SGeneric 20140722
Avast Win32:Malware-gen 20140722
AVG Zbot.LRY 20140722
Baidu-International Trojan.Win32.Zbot.BABV 20140722
BitDefender Gen:Variant.Kazy.418700 20140722
Bkav HW32.Keylogger.gyym 20140721
DrWeb Trojan.Siggen6.20976 20140722
Emsisoft Gen:Variant.Kazy.418700 (B) 20140722
ESET-NOD32 Win32/Spy.Zbot.ABV 20140722
F-Secure Gen:Variant.Kazy.418700 20140722
Fortinet W32/Zbot.ABV!tr.spy 20140722
GData Gen:Variant.Kazy.418700 20140722
Kaspersky Trojan-Spy.Win32.Zbot.tooe 20140722
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140722
Malwarebytes Trojan.Zbot.RV 20140722
McAfee RDN/Generic PWS.y!b2k 20140722
McAfee-GW-Edition RDN/Generic PWS.y!b2k 20140722
Microsoft PWS:Win32/Zbot 20140722
eScan Gen:Variant.Kazy.418700 20140722
Panda Trj/CI.A 20140722
Qihoo-360 Win32/Trojan.BO.987 20140722
Sophos AV Mal/Generic-S 20140722
Symantec Infostealer.Banker.C 20140722
Tencent Win32.Trojan-spy.Zbot.Pitm 20140722
TrendMicro TROJ_GEN.R0CBC0DGM14 20140722
TrendMicro-HouseCall TROJ_GEN.R0CBC0DGM14 20140722
VIPRE Trojan.Win32.Generic!BT 20140722
AegisLab 20140722
Yandex 20140722
ByteHero 20140722
CAT-QuickHeal 20140722
ClamAV 20140722
CMC 20140722
Commtouch 20140722
Comodo 20140722
F-Prot 20140722
Ikarus 20140722
Jiangmin 20140722
K7AntiVirus 20140722
K7GW 20140722
NANO-Antivirus 20140722
Norman 20140722
nProtect 20140722
Rising 20140722
SUPERAntiSpyware 20140722
TheHacker 20140722
TotalDefense 20140722
VBA32 20140722
ViRobot 20140722
Zoner 20140722
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2007 by Hobo

Publisher Yo-Dizign
Original name wtedit.rc
Internal name wtedit
File version 0, 1, 0, 1
Description HtmlHelp windows type editor
Comments NO WARANTY and NO SUPPORT
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-18 14:49:44
Entry Point 0x00042BE0
Number of sections 3
PE sections
PE imports
GetTokenInformation
RegCloseKey
OpenProcessToken
FreeSid
AllocateAndInitializeSid
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegOpenKeyExA
EqualSid
RegQueryValueExW
GetEnhMetaFileA
AddFontResourceA
DeleteEnhMetaFile
CreateMetaFileA
GetBkMode
GetTextCharset
PathToRegion
GetDeviceCaps
DeleteDC
GdiGetBatchLimit
GetMapMode
EndDoc
FillPath
CreateHalftonePalette
GetFontLanguageInfo
GetDCBrushColor
DeleteColorSpace
GetStockObject
StrokePath
GetDCPenColor
GdiFlush
GetTextAlign
CloseEnhMetaFile
EndPage
CloseFigure
SelectObject
CloseMetaFile
CancelDC
WidenPath
SetBkMode
AbortDoc
GetLastError
HeapFree
GetStdHandle
LoadLibraryA
LCMapStringW
ReleaseMutex
SetHandleCount
GetSystemInfo
lstrlenA
GetModuleFileNameW
GetVersionExW
FreeLibrary
LCMapStringA
HeapDestroy
HeapAlloc
VirtualProtect
GetVersionExA
lstrcmpiW
GetCommandLineW
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
CreateThread
GetDriveTypeW
GetEnvironmentStrings
GetCurrentDirectoryW
GetLocaleInfoA
LocalAlloc
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
lstrcatW
GetCurrentThread
lstrcpynW
GetModuleHandleA
lstrcpyW
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
ExpandEnvironmentStringsW
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CreateMutexW
CloseHandle
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetProcAddress
ExitProcess
LocalFree
FormatMessageW
TerminateProcess
QueryPerformanceCounter
SetCurrentDirectoryW
HeapCreate
VirtualQuery
VirtualFree
GetEnvironmentStringsW
Sleep
GetFileType
GetFullPathNameW
GetCurrentThreadId
OutputDebugStringA
VirtualAlloc
GetCurrentProcessId
SetLastError
IsWindowUnicode
GetParent
IsIconic
IsCharAlphaNumericA
GetInputState
GetCapture
GetClipboardOwner
GetShellWindow
ShowWindow
GetClipboardData
wvsprintfW
GetDesktopWindow
SetWindowLongW
MessageBoxW
GetMenu
GetWindowRect
DestroyIcon
VkKeyScanA
MoveWindow
DialogBoxParamW
CreatePopupMenu
GetProcessWindowStation
IsGUIThread
GetWindowDC
IsCharAlphaA
LoadCursorFromFileW
PostMessageW
GetSysColor
GetClipboardSequenceNumber
EndDialog
GetDC
DestroyCursor
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
GetDoubleClickTime
GetKeyState
SendMessageW
GetQueueStatus
OemKeyScan
SendMessageA
LoadStringW
IsCharAlphaW
AllowSetForegroundWindow
SystemParametersInfoW
IsWindow
EnableMenuItem
GetThreadDesktop
VkKeyScanW
CloseWindowStation
LoadIconA
CreateMenu
IsCharUpperA
CountClipboardFormats
GetDialogBaseUnits
CloseDesktop
LoadCursorW
IsCharUpperW
GetFocus
DestroyWindow
GetKeyboardType
ExitWindowsEx
SetCursor
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 5
PE resources
ExifTool file metadata
LegalTrademarks
Unofficial (Preliminary) HTML Help Specification by Paul Wise, Jed Wing

SubsystemVersion
5.0

Comments
NO WARANTY and NO SUPPORT

InitializedDataSize
4608

ImageVersion
0.0

FileVersionNumber
0.1.0.1

UninitializedDataSize
0

LanguageCode
Unknown (0019)

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

ecialBuild
D

LinkerVersion
9.0

OriginalFilename
wtedit.rc

PrivateBuild
ZProductName

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0, 1, 0, 1

TimeStamp
2014:07:18 15:49:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wtedit

FileAccessDate
2014:07:22 22:33:49+01:00

FileDescription
HtmlHelp windows type editor

OSVersion
5.0

FileCreateDate
2014:07:22 22:33:49+01:00

FileOS
Win32

LegalCopyright
Copyright 2005-2007 by Hobo

MachineType
Intel 386 or later, and compatibles

CompanyName
Yo-Dizign

CodeSize
277504

FileSubtype
0

ProductVersionNumber
0.1.0.1

EntryPoint
0x42be0

ObjectFileType
Executable application

lHelpwindowstypeeditor
: ProductVersion

File identification
MD5 b8e29834c7ae5ed9612b2ab72ee00d27
SHA1 9e0dfaaf6e3f4fd9f967aafbad6ebf28bf2eb84d
SHA256 8c8ee33fa6a42010f4732a878126213c9162ddc1c897df7e2ed995c15fe64643
ssdeep
3072:kVaqQwEUSgkMeq3CX/KtFIirLIE4CkT493PV+fMROttV5LO57m5/jX9:kEUSg4pSfL6CkkVQM8tVs

imphash aab21758820fc3170bf8047d35aa93cd
File size 275.5 KB ( 282112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-22 21:32:43 UTC ( 4 years, 8 months ago )
Last submission 2014-07-22 21:32:43 UTC ( 4 years, 8 months ago )
File names wtedit.rc
b8e29834c7ae5ed9612b2ab72ee00d27
wtedit
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.