× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 90237aaf9eafce7a885e567f53e4cd628664203ea8e3d2dd2facd804a411a3c6
File name: 9cd7fa53c68018020dd1a0331db
Detection ratio: 38 / 45
Analysis date: 2013-01-16 04:55:08 UTC ( 4 years, 4 months ago )
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20130115
AntiVir TR/Dldr.Andromeda.D 20130116
Avast Win32:MalOb-KV [Trj] 20130116
AVG Generic_s.WN 20130116
BitDefender Gen:Variant.Kazy.62300 20130116
CAT-QuickHeal TrojanPSW.Tepfer.bviu 20130116
Commtouch W32/Zbot.GQ2.gen!Eldorado 20130116
Comodo TrojWare.Win32.Kryptik.SES 20130116
DrWeb Trojan.PWS.Stealer.946 20130116
ESET-NOD32 a variant of Win32/Kryptik.AOJD 20130116
F-Prot W32/Zbot.GQ2.gen!Eldorado 20130116
F-Secure Gen:Variant.Kazy.62300 20130116
Fortinet W32/Kryptik.WDV!tr 20130116
GData Gen:Variant.Kazy.62300 20130116
Ikarus Trojan.Signed 20130116
Jiangmin Trojan/PSW.Tepfer.zhm 20121221
K7AntiVirus Password-Stealer 20130115
Kaspersky Trojan-PSW.Win32.Tepfer.bviu 20130116
Kingsoft Win32.PSWTroj.Tepfer.(kcloud) 20130115
Malwarebytes Spyware.Zbot 20130116
McAfee PWS-Zbot.gen.aln 20130116
McAfee-GW-Edition PWS-Zbot.gen.aln 20130116
Microsoft PWS:Win32/Fareit 20130116
eScan Gen:Variant.Kazy.62300 20130116
NANO-Antivirus Trojan.Win32.Tepfer.bbsrnn 20130116
Norman W32/Kryptik.AI 20130116
nProtect Trojan-PWS/W32.Tepfer.135952.C 20130115
Panda Trj/Genetic.gen 20130115
Rising Malware.Symmi!49C6 20130116
Sophos Troj/Zbot-CYL 20130116
SUPERAntiSpyware Trojan.Agent/Gen-MultiD 20130116
Symantec WS.Reputation.1 20130116
TheHacker Trojan/PSW.Tepfer.bvmx 20130115
TotalDefense Win32/Fareit.B!generic 20130116
TrendMicro-HouseCall TROJ_RANSOM.SMJD 20130116
VBA32 BScope.TrojanPSW.Zbot.2716 20130115
VIPRE Trojan.Win32.Reveto.Ac (v) 20130116
ViRobot Trojan.Win32.A.PSW-Tepfer.135952.C 20130116
Yandex 20130115
Antiy-AVL 20130115
ByteHero 20130115
ClamAV 20130116
Emsisoft 20130116
eSafe 20130113
PCTools 20130116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-07 21:57:27
Entry Point 0x0001E470
Number of sections 7
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
CreateToolbarEx
CreateStatusWindowW
ChooseFontW
ChooseColorW
GetSystemPaletteEntries
GetMapMode
PatBlt
GetSystemPaletteUse
GetTextExtentPointA
StretchBlt
GetSystemTimeAsFileTime
DosDateTimeToFileTime
ReleaseMutex
GetSystemInfo
lstrlenA
lstrcmpiA
WaitForSingleObject
SetEvent
CopyFileA
GetTickCount
SetFileTime
GetVersionExA
FlushFileBuffers
RemoveDirectoryA
GetCurrentProcess
LoadLibraryExA
CreateEventA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcessId
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
GetCommandLineA
GetProcAddress
CreateMutexA
GetModuleHandleA
GetTempPathA
CreateThread
SetFilePointer
lstrcmpA
FindFirstFileA
SetUnhandledExceptionFilter
lstrcpyA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
SetFileAttributesA
FreeLibrary
TerminateProcess
ConvertDefaultLocale
CreateFileW
SetCurrentDirectoryA
LocalFileTimeToFileTime
FindClose
Sleep
SetEndOfFile
GetPrivateProfileSectionA
CreateFileA
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ShellAboutW
SetFocus
DdeAbandonTransaction
GetClipboardData
DdeConnect
UpdateWindow
DdeCmpStringHandles
BeginPaint
DefWindowProcW
FindWindowW
KillTimer
GetMessageW
PostQuitMessage
ShowWindow
MessageBeep
FlashWindow
SetWindowPos
MoveWindow
DdeCreateDataHandle
GetSystemMetrics
IsIconic
MessageBoxW
DdeUninitialize
DdeGetData
DestroyWindow
EndPaint
SetWindowPlacement
DdeAddData
CharUpperW
DialogBoxParamW
DdeKeepStringHandle
DrawIcon
DdePostAdvise
GetSystemMenu
DdeCreateStringHandleW
TranslateMessage
PostMessageW
GetSysColor
SendMessageW
RegisterClipboardFormatW
DispatchMessageW
GetWindowLongW
ReleaseDC
CheckMenuItem
GetMenu
EndDialog
RegisterClassW
SendDlgItemMessageW
DdeDisconnect
WinHelpW
GetWindowPlacement
LoadStringW
GetClientRect
DdeNameService
DdeGetLastError
DdeClientTransaction
GetDC
SetWindowLongW
InvalidateRect
IsClipboardFormatAvailable
SetTimer
CallWindowProcW
DdeQueryStringW
DdeFreeStringHandle
OpenClipboard
SetWindowTextW
EnableMenuItem
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
wsprintfW
CloseClipboard
DdeInitializeW
CheckDlgButton
CharNextW
AppendMenuW
TranslateAcceleratorW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
GERMAN SWISS 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:11:07 22:57:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
122880

LinkerVersion
2.5

EntryPoint
0x1e470

InitializedDataSize
9728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9cd7fa53c68018020dd1a0331dbaa56d
SHA1 e81cd4ebd506729dcb56ca34fc5d740818f89d99
SHA256 90237aaf9eafce7a885e567f53e4cd628664203ea8e3d2dd2facd804a411a3c6
ssdeep
1536:ZeLpbwbSCmHLv6PiIu42g226utMTF9r8k7Cm3/GUoCpbfy3D1WlnlwzPmq3cg:ML8o2KI7quOqv8oC56Qwh3cg

File size 132.8 KB ( 135952 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.1%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
peexe

VirusTotal metadata
First submission 2012-11-07 22:15:22 UTC ( 4 years, 6 months ago )
Last submission 2012-11-12 20:30:58 UTC ( 4 years, 6 months ago )
File names landing-philosophy_dry-suspende.php?quqqr=1h:33:31:1g:1i&vjmy=31:31:30:33:1h:1h:1j:1f:30:2w&kkchuchd=1h&ftvuucj=gytivp&fprlsxy=uuadp
9cd7fa53c68018020dd1a0331db
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications