× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93b80792ad2e3fc2f91f4f58ef3eb71abf1823038d7318b855a040fa663753cb
File name: 35a5e4800cdb948073b0de41f5b03aca
Detection ratio: 25 / 51
Analysis date: 2014-03-29 22:58:44 UTC ( 4 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39886 20140329
Yandex TrojanSpy.Zbot!w+JjZFouDe0 20140329
AntiVir TR/ZbotCitadel.A.613 20140329
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140329
Avast Sf:Crypt-K [Trj] 20140329
AVG Crypt3.CQJ 20140329
Baidu-International Trojan.Win32.Zbot.Awt 20140329
BitDefender Gen:Variant.Symmi.39886 20140329
DrWeb Trojan.PWS.Panda.2977 20140329
Emsisoft Gen:Variant.Symmi.39886 (B) 20140329
ESET-NOD32 a variant of Win32/Kryptik.BWVP 20140329
F-Secure Gen:Variant.Symmi.39886 20140329
Fortinet W32/Zbot.BWVP!tr 20140329
GData Gen:Variant.Symmi.39886 20140329
Kaspersky Trojan-Spy.Win32.Zbot.rtyt 20140329
Malwarebytes Spyware.Zbot.ED 20140329
McAfee Artemis!35A5E4800CDB 20140329
McAfee-GW-Edition Artemis!35A5E4800CDB 20140329
eScan Gen:Variant.Symmi.39886 20140329
Panda Trj/CI.A 20140329
Qihoo-360 Win32/Trojan.946 20140329
Sophos AV Mal/Zbot-PV 20140329
TrendMicro TROJ_FORUCON.BMC 20140329
TrendMicro-HouseCall TROJ_FORUCON.BMC 20140329
VIPRE Trojan.Win32.Agent.anw (v) 20140329
AegisLab 20140329
AhnLab-V3 20140329
Bkav 20140329
ByteHero 20140329
CAT-QuickHeal 20140329
ClamAV 20140329
CMC 20140328
Commtouch 20140329
Comodo 20140329
F-Prot 20140329
Ikarus 20140329
Jiangmin 20140329
K7AntiVirus 20140328
K7GW 20140328
Kingsoft 20140329
Microsoft 20140329
NANO-Antivirus 20140329
Norman 20140329
nProtect 20140328
Rising 20140329
SUPERAntiSpyware 20140329
Symantec 20140329
TheHacker 20140329
TotalDefense 20140329
VBA32 20140328
ViRobot 20140329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 CircleDev Group

Publisher CircleDev Group
Product WF Pack UI Analyzer
Original name wfpackuianal
Internal name wfpackui
File version 5.0.2.2
Description WF Pack UI Analyzer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-10 11:27:00
Entry Point 0x00005790
Number of sections 7
PE sections
PE imports
GetOpenFileNameA
ChooseFontA
CreateDIBSection
AddFontResourceA
DeleteObject
EnumFontFamiliesExA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetFileSize
UnhandledExceptionFilter
WideCharToMultiByte
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
SetLastError
SetEndOfFile
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
WriteConsoleW
InterlockedIncrement
WNetGetUniversalNameA
GetDesktopWindow
SetTimer
IsWindow
GetMessageA
DispatchMessageA
GetScrollInfo
SetDlgItemTextA
GetSysColorBrush
IsWindowVisible
SendMessageA
GetClientRect
ChildWindowFromPoint
SetWindowLongA
GetWindowLongA
TranslateMessage
GetWindowTextA
ShowWindow
EnableMenuItem
GetAncestor
GetSysColor
GetDC
ClosePrinter
Number of PE resources by type
RT_BITMAP 2
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_STRING 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.2.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
247808

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 CircleDev Group

FileVersion
5.0.2.2

TimeStamp
2014:03:10 12:27:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wfpackui

FileAccessDate
2014:03:29 23:58:36+01:00

ProductVersion
5.0.2.2

FileDescription
WF Pack UI Analyzer

OSVersion
5.1

FileCreateDate
2014:03:29 23:58:36+01:00

OriginalFilename
wfpackuianal

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CircleDev Group

CodeSize
74240

ProductName
WF Pack UI Analyzer

ProductVersionNumber
5.0.2.2

EntryPoint
0x5790

ObjectFileType
Executable application

File identification
MD5 35a5e4800cdb948073b0de41f5b03aca
SHA1 b2b25c8b1af280f7ed68b2f2c8f93fb62ccdd8aa
SHA256 93b80792ad2e3fc2f91f4f58ef3eb71abf1823038d7318b855a040fa663753cb
ssdeep
6144:wOPqrNsXn7/gZBtj2BJhfYOt7R0ZMdpZSVMZjeM7H+eOFB9s:hqBmnbgZBkB3Yk7RLZSVVueeOp

imphash 5d882ea32bcc4e8b30e8ff3c4f35cabf
File size 315.5 KB ( 323072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-29 21:23:20 UTC ( 4 years, 11 months ago )
Last submission 2014-03-29 22:58:44 UTC ( 4 years, 11 months ago )
File names wfpackuianal
wfpackui
vt-upload-Kl2nn
35a5e4800cdb948073b0de41f5b03aca
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications