× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 925c7272dd59c7d9d4e3f8d07ddc68b9240ce4713e9bacdb6447fbdc62cfa17c
File name: 925c7272dd59c7d9d4e3f8d07ddc68b9240ce4713e9bacdb6447fbdc62cfa17c
Detection ratio: 28 / 51
Analysis date: 2014-05-30 14:07:44 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.384659 20140530
AntiVir TR/PSW.Zbot.Y.2273 20140530
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140530
Avast Win32:Malware-gen 20140530
AVG Crypt3.RME 20140530
BitDefender Gen:Variant.Kazy.384659 20140530
Bkav HW32.CDB.00ce 20140530
Emsisoft Gen:Variant.Kazy.384659 (B) 20140530
ESET-NOD32 Win32/Spy.Zbot.ABS 20140530
F-Secure Gen:Variant.Kazy.384659 20140530
Fortinet W32/Zbot.ABS!tr 20140530
GData Gen:Variant.Kazy.384659 20140530
K7AntiVirus Riskware ( 0040eff71 ) 20140530
K7GW Riskware ( 0040eff71 ) 20140530
Kaspersky Trojan-Spy.Win32.Zbot.swgp 20140530
Malwarebytes Spyware.Zbot.VXGen 20140530
McAfee RDN/Generic PWS.y!zp 20140530
McAfee-GW-Edition RDN/Generic PWS.y!zp 20140530
Microsoft PWS:Win32/Zbot.gen!Y 20140530
eScan Gen:Variant.Kazy.384659 20140530
NANO-Antivirus Trojan.Win32.Zbot.czmvqo 20140530
Panda Trj/Dtcontx.M 20140530
Qihoo-360 HEUR/Malware.QVM20.Gen 20140530
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140530
Sophos AV Troj/Agent-AHEI 20140530
TrendMicro TROJ_GEN.R0CBC0DEM14 20140530
TrendMicro-HouseCall TROJ_GEN.R0CBC0DEM14 20140530
VIPRE Trojan.Win32.Generic!BT 20140530
AegisLab 20140530
Yandex 20140530
AhnLab-V3 20140530
Baidu-International 20140530
ByteHero 20140530
CAT-QuickHeal 20140530
ClamAV 20140530
CMC 20140530
Commtouch 20140530
Comodo 20140530
DrWeb 20140530
F-Prot 20140530
Ikarus 20140530
Jiangmin 20140530
Kingsoft 20140530
Norman 20140530
nProtect 20140530
SUPERAntiSpyware 20140530
Symantec 20140530
Tencent 20140527
TheHacker 20140529
TotalDefense 20140530
VBA32 20140530
ViRobot 20140530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Jungle Tools LLC
Original name Sxpvinqm.exe
Internal name Ykexy
File version 7, 6, 3
Description Cejobo Yvewy Esoroso
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-03 07:52:30
Entry Point 0x0000E440
Number of sections 4
PE sections
PE imports
CryptDestroyKey
LookupPrivilegeValueA
UninstallApplication
AddAccessDeniedAce
CopySid
CryptSetProviderA
RegCreateKeyA
SetEntriesInAuditListA
MakeAbsoluteSD
SetServiceStatus
AddAccessAllowedAce
LsaCreateSecret
RegOpenKeyW
LsaSetInformationPolicy
CryptGenKey
SetSecurityDescriptorSacl
EnableTrace
AddAccessAllowedObjectAce
BuildTrusteeWithNameW
GetUserNameW
ObjectPrivilegeAuditAlarmW
OpenEncryptedFileRawW
PrivilegedServiceAuditAlarmW
StartServiceCtrlDispatcherA
QueryServiceObjectSecurity
QueryServiceStatusEx
SetThreadToken
SystemFunction006
SystemFunction028
SystemFunction029
ImageList_Write
PropertySheetA
ImageList_GetImageInfo
FlatSB_SetScrollInfo
FlatSB_GetScrollRange
DrawInsert
ImageList_DrawIndirect
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
FlatSB_ShowScrollBar
ImageList_Replace
InitMUILanguage
ImageList_Draw
LBItemFromPt
GetMUILanguage
DrawStatusTextA
ImageList_ReplaceIcon
ImageList_Add
ImageList_Duplicate
CreatePropertySheetPageW
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Remove
CryptMsgVerifyCountersignatureEncoded
CryptUninstallDefaultContext
CertGetEnhancedKeyUsage
CertSerializeCRLStoreElement
CertVerifyRevocation
CryptVerifyCertificateSignatureEx
CertFindCTLInStore
CryptGetKeyIdentifierProperty
CryptInstallOIDFunctionAddress
CertSetEnhancedKeyUsage
CryptMsgDuplicate
CryptLoadSip
CertFindCertificateInCRL
CertDeleteCTLFromStore
CryptSIPLoad
CertSerializeCTLStoreElement
CertFreeCRLContext
CryptRegisterDefaultOIDFunction
CertResyncCertificateChainEngine
CertGetPublicKeyLength
CertFindCertificateInStore
CryptCreateKeyIdentifierFromCSP
CryptEnumOIDFunction
CertEnumSystemStore
CryptSetOIDFunctionValue
CertSetCRLContextProperty
CertAddEncodedCertificateToSystemStoreA
CertAddEncodedCTLToStore
CertEnumPhysicalStore
SetDIBits
GetTextMetricsW
CreateHalftonePalette
CreatePen
GetCurrentPositionEx
GetCharABCWidthsA
GetClipBox
DeleteEnhMetaFile
GetBitmapBits
GetDeviceGammaRamp
GetBrushOrgEx
SetColorAdjustment
CreateColorSpaceW
GetObjectType
CreateDiscardableBitmap
GetTextFaceA
EndFormPage
CreatePatternBrush
GetCurrentObject
SetEnhMetaFileBits
CreateEllipticRgnIndirect
SetPixelFormat
SetTextAlign
PolyBezierTo
StretchDIBits
ScaleViewportExtEx
CancelDC
Polyline
EnumICMProfilesW
SetBkColor
CreateCompatibleBitmap
CreatePenIndirect
GlobalFindAtomW
GetUserDefaultLangID
FindNextVolumeA
GetFileAttributesA
OpenEventW
FreeLibrary
DebugBreak
CreateMailslotA
lstrcmpiW
GetQueuedCompletionStatus
_lwrite
GetNamedPipeInfo
GetDiskFreeSpaceW
GetCurrentDirectoryA
GetDateFormatW
GetAtomNameW
GetFileTime
GetCPInfo
CreatePipe
FindFirstFileExA
FindNextVolumeMountPointW
GetProcessWorkingSetSize
BindIoCompletionCallback
ResetWriteWatch
GetDefaultCommConfigW
CreateFileW
PostQueuedCompletionStatus
IsBadStringPtrA
BackupSeek
SetMailslotInfo
GetEnvironmentVariableW
WNetGetNetworkInformationW
WNetGetLastErrorA
MultinetGetConnectionPerformanceW
WNetGetNetworkInformationA
WNetDisconnectDialog1W
WNetGetProviderNameW
WNetOpenEnumW
WNetAddConnection3W
WNetConnectionDialog1W
WNetSetLastErrorA
WNetGetResourceParentA
WNetOpenEnumA
MultinetGetConnectionPerformanceA
WNetCancelConnectionW
WNetGetConnectionA
WNetGetLastErrorW
WNetGetResourceParentW
WNetGetUserA
WNetCancelConnection2A
WNetGetResourceInformationA
WNetDisconnectDialog1A
CoCreateObjectInContext
ReadStringStream
HBITMAP_UserMarshal
CoGetMarshalSizeMax
OleGetAutoConvert
CreatePointerMoniker
OleCreateEx
HACCEL_UserUnmarshal
IsAccelerator
ReadClassStm
OleDoAutoConvert
PropSysFreeString
CoResumeClassObjects
HWND_UserUnmarshal
HWND_UserMarshal
IsEqualGUID
DllGetClassObjectWOW
HBITMAP_UserFree
ReadOleStg
HMENU_UserUnmarshal
HBITMAP_UserUnmarshal
CoRevokeClassObject
WriteClassStm
CoFileTimeToDosDateTime
CLSIDFromProgID
CoInitializeSecurity
GetHGlobalFromStream
OleGetIconOfClass
PdhUpdateLogW
PdhBrowseCountersA
PdhEnumObjectItemsW
PdhBrowseCountersW
PdhSetQueryTimeRange
PdhValidatePathA
PdhLookupPerfIndexByNameA
PdhExpandCounterPathA
PdhExpandWildCardPathW
PdhCloseLog
PdhValidatePathW
PdhComputeCounterStatistics
PdhOpenQueryA
PdhGetFormattedCounterArrayW
PdhGetFormattedCounterArrayA
PdhVbGetCounterPathElements
PdhConnectMachineW
PdhVbIsGoodStatus
PdhVbGetDoubleCounterValue
PdhParseInstanceNameA
PdhGetCounterInfoA
PdhEnumObjectsW
PdhGetDefaultPerfCounterW
PdhLookupPerfNameByIndexW
PdhVbGetLogFileSize
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetMappedFileNameW
QueryWorkingSet
EnumProcesses
EnumProcessModules
GetMappedFileNameA
EmptyWorkingSet
GetDeviceDriverBaseNameA
GetWsChanges
CITextToSelectTree
CIBuildQueryNode
LoadTextFilter
SetupCache
BindIFilterFromStorage
CollectCIPerformanceData
CIBuildQueryTree
CIMakeICommand
CITextToFullTree
LocateCatalogsW
InitializeCIPerformanceData
CICreateCommand
CIState
CIGetGlobalPropertyList
DoneCIPerformanceData
LoadBinaryFilter
CITextToFullTreeEx
DoneFILTERPerformanceData
NdrMesTypeDecode
NdrInterfacePointerMarshall
RpcBindingInqAuthInfoExW
NdrConformantStringMarshall
UuidToStringA
NdrServerUnmarshall
RpcServerListen
RpcSsSwapClientAllocFree
NdrComplexArrayFree
NdrXmitOrRepAsBufferSize
ExtractIconA
InternalExtractIconListA
Shell_NotifyIconW
SHGetDiskFreeSpaceA
InternalExtractIconListW
SHBrowseForFolderA
SheSetCurDrive
SHFileOperationA
SHGetFileInfoA
SHFormatDrive
SHGetPathFromIDListW
SheChangeDirA
ShellExecuteExW
SHGetIconOverlayIndexW
SHGetDesktopFolder
SHGetPathFromIDListA
SHLoadInProc
SHGetFolderLocation
SHIsFileAvailableOffline
SHCreateProcessAsUserW
DragQueryFileAorW
SHGetFolderPathW
CheckEscapesW
ExtractIconExA
SHFileOperationW
ShellHookProc
ExtractIconExW
SHGetNewLinkInfoW
DdeDisconnectList
GetCapture
GetClassInfoExA
DestroyMenu
PostQuitMessage
GetPropA
SetWindowPos
GetKBCodePage
OpenIcon
VkKeyScanA
RegisterDeviceNotificationW
SetCaretBlinkTime
LoadKeyboardLayoutA
MsgWaitForMultipleObjectsEx
SetDlgItemTextW
GetAsyncKeyState
DrawTextA
EditWndProc
GetDoubleClickTime
GetQueueStatus
GetWindowModuleFileNameW
DdeInitializeW
MonitorFromWindow
DeleteMenu
GetKeyNameTextW
IsClipboardFormatAvailable
GetClientRect
GetKeyboardLayout
CharToOemW
CopyRect
FindWindowExW
SwitchToThisWindow
mciGetDriverData
waveOutReset
waveInOpen
waveOutRestart
midiInGetErrorTextW
waveInStop
mixerOpen
midiInStart
waveOutGetNumDevs
WOW32ResolveMultiMediaHandle
midiStreamOut
waveOutGetPlaybackRate
mmioOpenW
mmioRenameA
mciSetYieldProc
mmioGetInfo
midiInGetDevCapsA
mmioAscend
mmioRenameW
OpenDriver
midiInUnprepareHeader
waveInGetNumDevs
mmioInstallIOProcW
midiOutGetNumDevs
timeGetSystemTime
waveInGetPosition
mmsystemGetVersion
midiOutUnprepareHeader
wid32Message
waveInReset
mci32Message
DeviceCapabilitiesW
SetDefaultPrinterA
EnumPortsW
FreePrinterNotifyInfo
DeletePortA
SetFormA
DeviceCapabilitiesA
EnumFormsA
QueryRemoteFonts
GetPrinterW
GetPrintProcessorDirectoryA
EnumPrinterDriversW
CommitSpoolData
GetDefaultPrinterA
XcvDataW
SpoolerPrinterEvent
DeviceMode
SplDriverUnloadComplete
AddPrintProcessorA
SetPrinterDataExA
GetFormW
GetJobA
EndPagePrinter
QueryColorProfile
EXTDEVICEMODE
EnumPrintersW
AddPrinterW
QuerySpoolMode
Number of PE resources by type
RT_DIALOG 205
RT_ICON 180
RT_VERSION 1
Number of PE resources by language
KOREAN SYS DEFAULT 386
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:04:03 08:52:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
6.0

FileAccessDate
2014:05:30 15:10:40+01:00

EntryPoint
0xe440

InitializedDataSize
475136

SubsystemVersion
5.0

ImageVersion
9.2

OSVersion
4.0

FileCreateDate
2014:05:30 15:10:40+01:00

UninitializedDataSize
0

File identification
MD5 7536c219451d09b018d62cf4f933432f
SHA1 3a916ebad20e0e702291804cc5c1cafd311e5f0e
SHA256 925c7272dd59c7d9d4e3f8d07ddc68b9240ce4713e9bacdb6447fbdc62cfa17c
ssdeep
3072:6rdZYy4QTcpOnzMJoiWqdbmNTdNJCxdJalfw4oZz6eNHaMCOnbi:6rdBhT4On+j0dfCTJaJwTnNCOnu

imphash cc9239bbfa410a653ed0406fa2fff169
File size 231.5 KB ( 237056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-30 14:07:44 UTC ( 4 years, 9 months ago )
Last submission 2014-05-30 14:07:44 UTC ( 4 years, 9 months ago )
File names 925c7272dd59c7d9d4e3f8d07ddc68b9240ce4713e9bacdb6447fbdc62cfa17c
Sxpvinqm.exe
Ykexy
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests