× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93e8c0fde4786e408e890bfcfa8a69544598a4efb8b3139099295e8be776aea8
File name: vt-upload-HbBuh
Detection ratio: 23 / 54
Analysis date: 2014-06-17 05:26:03 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.394582 20140617
AhnLab-V3 Dropper/Win32.Necurs 20140616
AntiVir TR/Crypt.ZPACK.73765 20140617
Avast Win32:Malware-gen 20140617
AVG Zbot.JYX 20140617
BitDefender Gen:Variant.Kazy.394582 20140617
Bkav HW32.CDB.77a0 20140616
Emsisoft Gen:Variant.Kazy.394582 (B) 20140617
ESET-NOD32 Win32/Spy.Zbot.ABS 20140617
F-Secure Gen:Variant.Kazy.394582 20140617
Fortinet W32/Zbot.ABS!tr.spy 20140617
GData Gen:Variant.Kazy.394582 20140617
Kaspersky Trojan-Spy.Win32.Zbot.tfxp 20140617
Malwarebytes Spyware.Zbot.VXGen 20140617
McAfee Artemis!3B462EDB1D3A 20140617
McAfee-GW-Edition Artemis!3B462EDB1D3A 20140616
eScan Gen:Variant.Kazy.394582 20140617
Panda Trj/CI.A 20140616
Qihoo-360 Malware.QVM20.Gen 20140617
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140617
Sophos AV Mal/Generic-S 20140617
Symantec WS.Reputation.1 20140617
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140617
AegisLab 20140617
Yandex 20140614
Antiy-AVL 20140616
Baidu-International 20140616
ByteHero 20140617
CAT-QuickHeal 20140616
ClamAV 20140616
CMC 20140617
Commtouch 20140617
Comodo 20140617
DrWeb 20140617
F-Prot 20140617
Ikarus 20140617
Jiangmin 20140617
K7AntiVirus 20140616
K7GW 20140616
Kingsoft 20140617
Microsoft 20140617
NANO-Antivirus 20140617
Norman 20140617
nProtect 20140616
SUPERAntiSpyware 20140617
TheHacker 20140616
TotalDefense 20140616
TrendMicro 20140617
TrendMicro-HouseCall 20140617
VBA32 20140616
VIPRE 20140616
ViRobot 20140617
Zillya 20140616
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
 1999

Publisher Ontrack Data Recovery Inc.
Product Egy
Original name Qnttpgscxp.exe
Internal name Syxoko
File version 3, 1, 5
Description Biqu Vigak Ygazy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-25 17:47:34
Entry Point 0x00020CED
Number of sections 5
PE sections
PE imports
RegisterOCX
IsNTAdmin
ExtractFiles
RegInstall
LaunchINFSectionEx
FileSaveMarkNotExist
AdvInstallFile
OpenINFEngine
TranslateInfStringEx
SetPerUserSecValues
NeedRebootInit
RegRestoreAll
CloseINFEngine
LaunchINFSection
GetClusterNodeKey
ClusterControl
CloseCluster
OpenClusterNetwork
ClusterGroupCloseEnum
CloseClusterNetInterface
GetClusterResourceKey
ClusterRegQueryValue
ClusterRegEnumKey
SetClusterNetworkPriorityOrder
BackupClusterDatabase
GetClusterResourceState
OnlineClusterResource
ClusterEnum
ClusterRegSetKeySecurity
ClusterResourceCloseEnum
ClusterGroupOpenEnum
ChangeClusterResourceGroup
ClusterRegOpenKey
ClusterOpenEnum
GetClusterFromNetInterface
ClusterResourceTypeControl
CreateClusterResource
GetClusterNetworkId
GetClusterNetInterfaceKey
CloseClusterGroup
GetClusterNodeState
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CryptFindCertificateKeyProvInfo
CertDuplicateCertificateContext
CertSerializeCRLStoreElement
CertSetCertificateContextProperty
CertSetStoreProperty
CryptMemAlloc
CertGetStoreProperty
CertDeleteCRLFromStore
CryptMsgDuplicate
CertIsRDNAttrsInCertificateName
CryptDecryptMessage
CryptMsgOpenToEncode
CryptSignMessage
CertRDNValueToStrA
CertVerifyCTLUsage
CryptGetDefaultOIDDllList
CertFindSubjectInCTL
CryptQueryObject
PFXVerifyPassword
CryptSIPRemoveProvider
CertCreateCertificateChainEngine
CertSerializeCertificateStoreElement
CertEnumSubjectInSortedCTL
CryptDecodeObject
CertStrToNameA
CryptEnumKeyIdentifierProperties
CryptSetOIDFunctionValue
GetDIBColorTable
GetWindowOrgEx
CreatePen
PlayEnhMetaFileRecord
CreateFontIndirectA
CreateICW
PlayMetaFile
GetMiterLimit
GetMetaFileW
DeviceCapabilitiesExA
GetICMProfileA
GetCharWidthI
CreateSolidBrush
GdiSetBatchLimit
RealizePalette
SetTextColor
EndFormPage
PlgBlt
GetColorSpace
EqualRgn
GetPath
SetRelAbs
ExtSelectClipRgn
GetTextAlign
SwapBuffers
ExtEscape
SetDCBrushColor
GetStretchBltMode
Escape
CheckColorsInGamut
CreateHardLinkA
GetExitCodeProcess
UnhandledExceptionFilter
ResetEvent
OpenSemaphoreW
SetEnvironmentVariableA
WNetGetProviderNameW
WNetGetNetworkInformationW
WNetDisconnectDialog
WNetCancelConnectionW
WNetGetProviderNameA
WNetGetConnectionA
WNetGetUniversalNameA
WNetUseConnectionW
WNetGetResourceInformationW
WNetEnumResourceW
WNetGetLastErrorW
WNetAddConnectionA
WNetGetResourceInformationA
WNetAddConnection3A
WNetCloseEnum
WNetDisconnectDialog1W
WNetGetUserW
WNetCancelConnection2W
WNetSetLastErrorA
WNetGetResourceParentA
WNetGetResourceParentW
WNetGetUserA
WNetCancelConnection2A
acmFilterChooseW
acmGetVersion
acmDriverAddW
acmFormatChooseW
acmMessage32
acmFormatDetailsA
acmDriverMessage
acmFilterTagEnumW
acmStreamOpen
acmStreamReset
GetPS2ColorRenderingDictionary
GetCountColorProfileElements
InternalGetPS2ColorSpaceArray
CreateMultiProfileTransform
GetColorDirectoryW
DisassociateColorProfileFromDeviceW
GetColorDirectoryA
CreateProfileFromLogColorSpaceW
GetColorProfileFromHandle
UninstallColorProfileA
SetColorProfileHeader
AssociateColorProfileWithDeviceW
RegisterCMMW
RegisterCMMA
AssociateColorProfileWithDeviceA
GetPS2ColorSpaceArray
SetColorProfileElementReference
EnumColorProfilesA
UnregisterCMMA
SetStandardColorSpaceProfileA
DeleteColorTransform
TranslateBitmapBits
IsColorProfileValid
SetStandardColorSpaceProfileW
GetCMMInfo
RtlSubAuthoritySid
LdrFindResourceDirectory_U
RtlUnicodeStringToInteger
RtlSetThreadPoolStartFunc
NtStartProfile
RtlSetGroupSecurityDescriptor
NtSetSystemTime
NtClose
NtSecureConnectPort
ZwSetQuotaInformationFile
RtlReleasePebLock
NtMapUserPhysicalPages
NtSetHighWaitLowEventPair
ZwCancelTimer
RtlCreateHeap
RtlAddAccessDeniedObjectAce
NtWriteVirtualMemory
ZwPlugPlayControl
ZwOpenIoCompletion
ZwCreatePort
NtWaitForSingleObject
ZwCreateWaitablePort
ZwOpenEvent
ZwOpenObjectAuditAlarm
DbgBreakPoint
RtlNewSecurityObject
NtListenPort
NtDeleteFile
NtPlugPlayControl
ZwFlushVirtualMemory
ZwDuplicateObject
NtAllocateUuids
DsReplicaSyncW
DsQuoteRdnValueA
DsListInfoForServerW
DsCrackSpnW
DsWriteAccountSpnW
DsBindWithSpnW
DsListDomainsInSiteA
DsReplicaGetInfoW
DsRemoveDsDomainA
DsGetDomainControllerInfoA
DsInheritSecurityIdentityW
DsReplicaModifyW
DsFreeDomainControllerInfoW
DsFreeNameResultW
DsListSitesW
DsUnBindA
DsBindWithSpnA
DsReplicaSyncAllA
DsRemoveDsDomainW
DsReplicaFreeInfo
CIRestrictionToFullTree
SetupCacheEx
CITextToSelectTreeEx
BindIFilterFromStorage
LoadTextFilter
CIMakeICommand
CIGetGlobalPropertyList
DoneCIPerformanceData
CiSvcMain
SvcEntry_CiSvc
CITextToFullTreeEx
SetCatalogState
ResUtilSetPropertyParameterBlockEx
ResUtilGetDwordProperty
ResUtilSetPropertyTable
ResUtilSetBinaryValue
ResUtilGetBinaryProperty
ResUtilSetPropertyTableEx
ResUtilEnumProperties
ResUtilStopService
ResUtilSetPropertyParameterBlock
ResUtilSetSzValue
ResUtilFindDependentDiskResourceDriveLetter
ResUtilGetResourceDependency
ResUtilIsPathValid
ResUtilSetResourceServiceEnvironment
ResUtilFindLongProperty
ResUtilResourceTypesEqual
ResUtilGetSzProperty
ResUtilGetResourceNameDependency
ResUtilGetBinaryValue
ResUtilGetResourceDependencyByClass
ResUtilExpandEnvironmentStrings
ResUtilDupString
ResUtilPropertyListFromParameterBlock
GetUserNameExW
InitSecurityInterfaceA
ApplyControlToken
AddSecurityPackageW
GetUserNameExA
AddSecurityPackageA
LsaCallAuthenticationPackage
QueryContextAttributesA
LsaLookupAuthenticationPackage
QuerySecurityPackageInfoW
ImportSecurityContextW
SaslInitializeSecurityContextA
LsaDeregisterLogonProcess
DecryptMessage
LsaEnumerateLogonSessions
LsaRegisterPolicyChangeNotification
CompleteAuthToken
SealMessage
GetComputerObjectNameA
UnsealMessage
SaslEnumerateProfilesA
EncryptMessage
CM_Get_Device_Interface_AliasW
SetupDuplicateDiskSpaceListW
CM_Register_Device_Interface_ExW
SetupDiOpenDevRegKey
SetupDiCancelDriverInfoSearch
SetupRemoveFileLogEntryW
SetupInstallServicesFromInfSectionW
CM_Get_Hardware_Profile_Info_ExW
SetupDiSetDriverInstallParamsW
CM_Unregister_Device_Interface_ExW
SetupGetTargetPathW
SetupQuerySourceListW
SetupDiGetDeviceRegistryPropertyA
SetupDiCreateDeviceInterfaceW
CM_Get_Class_Key_Name_ExA
CM_Request_Device_EjectW
CM_Get_Device_Interface_Alias_ExW
CM_Locate_DevNodeW
CM_Get_Parent_Ex
SetupDiGetClassInstallParamsA
SetupInstallFilesFromInfSectionW
CM_Free_Resource_Conflict_Handle
SetupQueueCopySectionA
SetupInstallFilesFromInfSectionA
SetupDiEnumDeviceInfo
SetupDiInstallClassExA
SetupGetInfInformationA
SetupDiClassNameFromGuidA
CM_Disable_DevNode_Ex
CM_Query_And_Remove_SubTreeA
CM_Set_HW_Prof_FlagsA
SetupLogErrorW
StrFormatKBSizeA
PathIsUNCA
PathRenameExtensionA
UrlApplySchemeW
StrRChrA
StrCmpNIA
UrlEscapeA
StrStrIA
StrFormatByteSizeW
UrlUnescapeW
StrRChrIW
PathFileExistsW
PathMakePrettyA
StrToIntExA
PathMakeSystemFolderW
SHRegGetBoolUSValueA
SHRegCreateUSKeyW
PathUnmakeSystemFolderW
SHDeleteKeyW
AssocQueryStringByKeyA
StrFromTimeIntervalA
PathIsUNCServerW
PathAppendW
AssocQueryKeyA
SHRegCloseUSKey
SHSetThreadRef
ColorAdjustLuma
UrlIsW
SHIsLowMemoryMachine
IntlStrEqWorkerW
StrRStrIW
IsAsyncMoniker
URLOpenStreamW
RegisterMediaTypeClass
HlinkSimpleNavigateToString
CoInternetGetProtocolFlags
HlinkSimpleNavigateToMoniker
GetSoftwareUpdateInfo
CreateAsyncBindCtx
URLDownloadA
CoInternetGetSecurityUrl
HlinkNavigateString
CoInternetGetSession
CoInternetCreateZoneManager
FindMediaType
ObtainUserAgentString
URLDownloadToCacheFileW
CoInternetParseUrl
URLOpenPullStreamW
URLDownloadToFileA
IsValidURL
HlinkGoBack
GetClassFileOrMime
UrlMkSetSessionOption
FindMimeFromData
GetClassInfoExW
IntersectRect
PostMessageA
DdeSetUserHandle
BroadcastSystemMessageA
GetProcessDefaultLayout
GetShellWindow
SetWindowPos
SetDebugErrorLevel
GetDesktopWindow
DdeDisconnect
VkKeyScanA
DialogBoxParamW
DdeQueryConvInfo
SetMenuItemInfoW
MapDialogRect
RemovePropA
GetIconInfo
SetParent
SetClipboardData
GetMenuCheckMarkDimensions
CharLowerBuffA
EnumDisplayDevicesW
MonitorFromRect
DdeFreeDataHandle
EnumPropsA
DlgDirListW
EnumDesktopWindows
FindWindowExW
GetWindowInfo
SetWindowRgn
InternetAutodial
InternetSetCookieA
InternetInitializeAutoProxyDll
HttpQueryInfoA
InternetGetConnectedStateExW
CreateUrlCacheEntryW
InternetQueryDataAvailable
HttpSendRequestExA
InternetConfirmZoneCrossingA
InternetReadFileExA
InternetQueryOptionW
InternetGetLastResponseInfoA
FtpCommandA
InternetReadFileExW
GetUrlCacheEntryInfoW
InternetGetLastResponseInfoW
DeleteUrlCacheContainerA
HttpAddRequestHeadersW
UnlockUrlCacheEntryStream
InternetLockRequestFile
InternetCheckConnectionA
InternetWriteFileExA
GopherCreateLocatorA
FindFirstUrlCacheEntryExA
GopherGetLocatorTypeA
FindFirstUrlCacheContainerW
FtpSetCurrentDirectoryW
InternetCrackUrlW
InternetCombineUrlW
WVTAsn1SpcLinkDecode
SoftpubDllUnregisterServer
TrustIsCertificateSelfSigned
MsCatFreeHashTag
WTHelperCheckCertUsage
CryptCATEnumerateAttr
WinVerifyTrustEx
TrustOpenStores
WTHelperGetProvCertFromChain
CryptCATAdminAddCatalog
WVTAsn1SpcPeImageDataDecode
DriverInitializePolicy
WVTAsn1SpcMinimalCriteriaInfoEncode
CryptSIPCreateIndirectData
WTHelperGetKnownUsages
DriverCleanupPolicy
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcIndirectDataContentDecode
CryptCATAdminCalcHashFromFileHandle
CryptSIPVerifyIndirectData
WintrustCertificateTrust
IsCatalogFile
CryptCATGetCatAttrInfo
CryptCATPersistStore
WVTAsn1CatNameValueEncode
CryptCATPutCatAttrInfo
WinVerifyTrust
WVTAsn1SpcSpOpusInfoEncode
Number of PE resources by type
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:25 18:47:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
147456

LinkerVersion
7.1

FileAccessDate
2014:06:17 06:29:01+01:00

EntryPoint
0x20ced

InitializedDataSize
110592

SubsystemVersion
4.0

ImageVersion
5.2

OSVersion
4.0

FileCreateDate
2014:06:17 06:29:01+01:00

UninitializedDataSize
0

File identification
MD5 3b462edb1d3a72c0aa2d8f3e0dfabe80
SHA1 c6c0fab258707017852e27766ad099b9b8996b70
SHA256 93e8c0fde4786e408e890bfcfa8a69544598a4efb8b3139099295e8be776aea8
ssdeep
6144:pYlYutnZOc+aCN6houwMNalkWzq64LzZKEwRhuS:ilYaZ3+aYgNalk+7EUhuS

imphash 3942c07f6355ebe13231fb68c3c1a567
File size 215.0 KB ( 220160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-17 05:26:03 UTC ( 4 years, 9 months ago )
Last submission 2014-06-17 05:26:03 UTC ( 4 years, 9 months ago )
File names Syxoko
Qnttpgscxp.exe
vt-upload-HbBuh
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications