× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8ee7af2fe1d0603a6b2e0004eb95609992e72d258edefb9511795aaaab28e79c
File name: vt-upload-Cmied
Detection ratio: 27 / 53
Analysis date: 2014-06-02 08:26:06 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.11339401 20140602
Yandex TrojanSpy.Zbot!0vIvMSfUQY8 20140601
AntiVir TR/Spy.ZBot.abs.7 20140601
Avast Win32:Malware-gen 20140602
AVG Zbot.JIV 20140602
BitDefender Trojan.Generic.11339401 20140602
DrWeb Trojan.Siggen6.18184 20140602
Emsisoft Trojan.Generic.11339401 (B) 20140602
ESET-NOD32 Win32/Spy.Zbot.ABS 20140602
F-Secure Trojan.Generic.11339401 20140601
Fortinet W32/Zbot.TCAA!tr 20140602
GData Trojan.Generic.11339401 20140602
Ikarus Trojan.Spy.ZBot 20140602
Kaspersky Trojan-Spy.Win32.Zbot.tcaa 20140602
Malwarebytes Spyware.Zbot.VXGen 20140602
McAfee Artemis!865C99C42138 20140602
McAfee-GW-Edition Artemis!865C99C42138 20140602
Microsoft Trojan:Win32/Dynamer!ac 20140602
eScan Trojan.Generic.11339401 20140602
Panda Trj/CI.A 20140601
Qihoo-360 Win32/Trojan.Spy.3db 20140602
Sophos AV Mal/Generic-S 20140602
Symantec WS.Reputation.1 20140602
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140602
TrendMicro TROJ_GEN.R0CBC0DF114 20140602
TrendMicro-HouseCall TROJ_GEN.R0CBC0DF114 20140602
VIPRE Trojan.Win32.Generic!BT 20140602
AegisLab 20140602
AhnLab-V3 20140602
Antiy-AVL 20140530
Baidu-International 20140601
Bkav 20140530
ByteHero 20140602
CAT-QuickHeal 20140602
ClamAV 20140530
CMC 20140530
Commtouch 20140602
Comodo 20140602
F-Prot 20140602
Jiangmin 20140531
K7AntiVirus 20140530
K7GW 20140530
Kingsoft 20140602
NANO-Antivirus 20140602
Norman 20140602
nProtect 20140601
Rising 20140601
SUPERAntiSpyware 20140601
TheHacker 20140531
TotalDefense 20140601
VBA32 20140530
ViRobot 20140602
Zillya 20140601
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2014 Iw?erSolutions Group

Publisher Iw?erSolutions Group
Product Extract WF Provider
Original name extractwfprov
Internal name extract Wf provider
File version 2.0.2.1
Description Extract WF Provider
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-27 22:33:05
Entry Point 0x000083C6
Number of sections 6
PE sections
PE imports
ImageList_Draw
ImageList_Create
ChooseColorA
CreateICA
DeleteDC
CreateFontIndirectW
SelectObject
DeleteObject
GetTextExtentPointW
GetLastError
IsValidCodePage
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
WaitForSingleObject
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
LocalAlloc
UnhandledExceptionFilter
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeLibrary
TerminateProcess
InterlockedDecrement
InitializeCriticalSection
HeapCreate
SetLastError
CreateFileW
IsDebuggerPresent
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
WriteConsoleW
MulDiv
ExtractIconA
SHGetSpecialFolderLocation
EndDialog
BeginPaint
PostQuitMessage
ShowWindow
IsWindow
MoveWindow
EnumChildWindows
IsWindowEnabled
SetActiveWindow
GetDC
ReleaseDC
LoadStringA
IsWindowVisible
IsZoomed
SendMessageA
GetClientRect
DrawMenuBar
SetRect
LoadAcceleratorsA
CreateWindowExA
CopyAcceleratorTableA
GetActiveWindow
GetMenuItemID
ModifyMenuA
DestroyWindow
CoCreateGuid
StringFromGUID2
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
211456

ImageVersion
0.0

ProductName
Extract WF Provider

FileVersionNumber
2.0.2.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Extract WF Provider

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
extractwfprov

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.2.1

TimeStamp
2014:05:27 23:33:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
extract Wf provider

FileAccessDate
2014:06:02 09:32:35+01:00

ProductVersion
2.0.2.1

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:06:02 09:32:35+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2014 Iw erSolutions Group

MachineType
Intel 386 or later, and compatibles

CompanyName
Iw erSolutions Group

CodeSize
79360

FileSubtype
0

ProductVersionNumber
2.0.2.1

EntryPoint
0x83c6

ObjectFileType
Executable application

File identification
MD5 865c99c42138dd990d59e792af0f3bc7
SHA1 459fd25c6bd73028b063fad6ad68fe66674f2667
SHA256 8ee7af2fe1d0603a6b2e0004eb95609992e72d258edefb9511795aaaab28e79c
ssdeep
3072:h7X9ROw8dOaFzdhhdFBImNq/306LrYaTDOhXLipYl6+qh/o7sbI95NuEAnEha4n:hmw9aFzdhhJNykaMaTDHpW6FbIpvb6

imphash ecadce615fc83abf455c7bf9bd0eb568
File size 285.0 KB ( 291840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-02 08:26:06 UTC ( 4 years, 9 months ago )
Last submission 2014-06-02 08:26:06 UTC ( 4 years, 9 months ago )
File names extractwfprov
extract Wf provider
vt-upload-Cmied
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications