× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9674fe85726c33f982d58eb362cd598cd944dd8f3f9d0a1b5506b9470cb4b57e
File name: muabump0.exe
Detection ratio: 20 / 59
Analysis date: 2017-05-30 21:38:37 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Poweliks.R201491 20170530
Avira (no cloud) TR/Crypt.Xpack.ymghm 20170530
AVware Trojan.Win32.Kovter.ab (v) 20170530
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20170527
CrowdStrike Falcon (ML) malicious_confidence_91% (D) 20170420
Cyren W32/Kovter.T2.gen!Eldorado 20170530
DrWeb Trojan.Kovter.297 20170530
Endgame malicious (high confidence) 20170515
ESET-NOD32 Win32/Kovter.I 20170530
F-Prot W32/Kovter.T2.gen!Eldorado 20170530
Fortinet W32/GenKryptik.AIMC!tr 20170530
Sophos ML virus.win32.viking.ng 20170519
K7AntiVirus Trojan ( 0050edb41 ) 20170530
K7GW Trojan ( 0050edb41 ) 20170530
Malwarebytes Trojan.Kovter 20170530
Rising Malware.Generic.1!tfe (thunder:1:s9kc4nu6vRD) 20170530
Sophos AV Mal/Kovter-Z 20170530
Symantec ML.Attribute.HighConfidence 20170530
VIPRE Trojan.Win32.Kovter.ab (v) 20170530
Webroot W32.Trojan.Gen 20170530
Ad-Aware 20170530
AegisLab 20170530
Alibaba 20170527
ALYac 20170530
Antiy-AVL 20170530
Arcabit 20170530
Avast 20170530
AVG 20170530
BitDefender 20170530
CAT-QuickHeal 20170530
ClamAV 20170530
CMC 20170530
Comodo 20170530
Emsisoft 20170530
F-Secure 20170530
GData 20170530
Ikarus 20170530
Jiangmin 20170530
Kaspersky 20170530
Kingsoft 20170530
McAfee 20170530
McAfee-GW-Edition 20170530
Microsoft 20170530
eScan 20170530
NANO-Antivirus 20170530
nProtect 20170530
Palo Alto Networks (Known Signatures) 20170530
Panda 20170530
Qihoo-360 20170530
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170530
Symantec Mobile Insight 20170526
Tencent 20170530
TheHacker 20170528
TrendMicro-HouseCall 20170525
Trustlook 20170530
VBA32 20170530
ViRobot 20170530
WhiteArmor 20170524
Yandex 20170530
Zillya 20170530
ZoneAlarm by Check Point 20170530
Zoner 20170530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2001-2015 by zDay Ltd.

Product P D F
Original name zDay.exe
Internal name P D F
File version 2.5.0314
Description P D F
Comments P D F
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-13 02:26:48
Entry Point 0x00003DA4
Number of sections 8
PE sections
Overlays
MD5 950153e8ec68575a1f45135cfad5d2f2
File type data
Offset 390656
Size 841
Entropy 7.69
PE imports
CryptDeriveKey
RegCreateKeyExW
RegEnumValueW
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegSetValueExW
DeregisterEventSource
CheckTokenMembership
GetLocalManagedApplicationData
RegSetValueExA
RegisterEventSourceA
RegCreateKeyExA
RegOpenKeyExA
SystemFunction005
SystemFunction011
ReportEventA
GetEventLogInformation
CryptCreateHash
ImageList_ReplaceIcon
Ord(16)
InitCommonControlsEx
UninitializeFlatSB
TextOutW
GetGlyphOutlineW
GdiDeleteSpoolFileHandle
ResizePalette
CreateFontIndirectA
ColorMatchToTarget
Rectangle
GetDeviceCaps
DeleteDC
GetBoundsRect
GetMapMode
BitBlt
GdiComment
AbortPath
ExtTextOutW
CreatePen
EnumObjects
DeleteColorSpace
GetStockObject
GetPath
ExtTextOutA
ExtSelectClipRgn
CreateCompatibleDC
GetFontUnicodeRanges
StretchDIBits
TextOutA
SetBrushOrgEx
SelectObject
AbortDoc
InvertRgn
CombineTransform
SetBkMode
DeleteObject
ImmShowSoftKeyboard
ImmDestroySoftKeyboard
ImmIsIME
ImmSetCompositionWindow
ImmEnumInputContext
ImmNotifyIME
ImmCreateSoftKeyboard
ImmGetCompositionWindow
ImmAssociateContextEx
ImmGetIMCLockCount
ImmSetHotKey
ImmGetCandidateWindow
ImmLockIMCC
ImmSetConversionStatus
ImmGetStatusWindowPos
ImmUnlockIMCC
ImmGetConversionStatus
GetStdHandle
WaitForSingleObject
GetDriveTypeA
DebugBreak
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
InterlockedExchange
GetTempPathW
HeapReAlloc
GetStringTypeW
SetEvent
MoveFileA
GetThreadPriority
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
DeviceIoControl
TlsGetValue
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetVersionExA
RaiseException
LoadLibraryExA
GetSystemDefaultLCID
LoadLibraryExW
CreateMutexA
CreateThread
Module32Next
SetUnhandledExceptionFilter
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
GetVersion
GlobalAlloc
SearchPathA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetFileSize
CreateDirectoryA
GetDateFormatW
DeleteFileW
WaitForMultipleObjects
CompareStringW
FindFirstFileExA
FindFirstFileA
CompareStringA
CreateFileMappingA
FindFirstFileW
FindFirstFileExW
GetProcAddress
CreateFileW
CreateEventA
CopyFileA
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
GlobalFree
GetConsoleCP
VirtualQuery
GetShortPathNameA
SizeofResource
GetCurrentProcessId
LockResource
HeapSize
GetCommandLineA
CopyFileExW
GetCurrentThread
OpenMutexA
QueryPerformanceFrequency
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
HeapCreate
WriteFile
VirtualFree
Sleep
OpenEventA
GetOEMCP
ResetEvent
SHGetFolderLocation
DragQueryFileW
SHChangeNotify
SHGetPathFromIDListW
FreeIconList
DragQueryPoint
SHGetSettings
SHOpenFolderAndSelectItems
SHBrowseForFolderA
ShellExecuteExW
SHGetFileInfoW
SHParseDisplayName
SHGetPathFromIDListA
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
RedrawWindow
RegisterClassA
GetParent
ReleaseDC
GetWindowTextA
EndDialog
BeginPaint
DefWindowProcW
IsWindow
LoadImageA
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
SetWindowPos
SetWindowLongW
MessageBoxW
SendMessageW
GetWindowRect
DispatchMessageA
EnableWindow
UnhookWindowsHookEx
SetDlgItemTextA
PostMessageA
ReleaseCapture
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
GetActiveWindow
GetWindow
SetActiveWindow
GetDC
GetCursor
GetAsyncKeyState
SystemParametersInfoA
SetWindowTextA
MoveWindow
GetMenu
UnregisterClassA
AppendMenuA
IsWindowVisible
SendMessageA
UnregisterClassW
SetWindowTextW
GetDlgItem
GetClassInfoA
LoadCursorA
IsIconic
ScreenToClient
CallNextHookEx
GetWindowLongA
GetWindowTextLengthA
CallWindowProcW
LoadIconA
SetWindowsHookExA
GetMenuItemInfoA
EnumThreadWindows
GetClientRect
GetWindowTextW
SetDlgItemTextW
GetDesktopWindow
CallWindowProcA
GetClassNameA
GetFocus
CreateWindowExW
MsgWaitForMultipleObjects
EndPaint
SetForegroundWindow
DestroyWindow
AppendMenuW
IsDialogMessageA
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
FindFirstUrlCacheGroup
ShowCertificate
ForceNexusLookup
InternetAutodialHangup
HttpOpenRequestA
PrivacySetZonePreferenceW
ShowClientAuthCerts
FtpPutFileEx
InternetOpenA
ShowSecurityInfo
IsHostInProxyBypassList
SetUrlCacheHeaderData
InternetErrorDlg
InternetQueryFortezzaStatus
waveInAddBuffer
PlaySoundA
waveInOpen
waveOutReset
waveInStop
GetOpenFileNameW
GetSaveFileNameW
Ssync_ANSI_UNICODE_Struct_For_WOW
GetOpenFileNameA
CommDlgExtendedError
LoadAlterBitmap
dwLBSubclass
GetSaveFileNameA
dwOKSubclass
Number of PE resources by type
RT_DIALOG 11
RT_ICON 4
RT_ACCELERATOR 3
RT_GROUP_ICON 2
Struct(241) 1
WAVE 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
POLISH DEFAULT 24
CZECH DEFAULT 1
PE resources
ExifTool file metadata
SpecialBuild
2.5.0314

CodeSize
77824

SubsystemVersion
4.0

Comments
P D F

InitializedDataSize
328192

ImageVersion
1.0

ProductName
P D F

FileVersionNumber
2.5.314.0

UninitializedDataSize
247808

LanguageCode
Czech

FileFlagsMask
0x0017

CharacterSet
Windows, Latin2 (Eastern European)

LinkerVersion
2.23

PrivateBuild
2.5.0314

FileTypeExtension
exe

OriginalFileName
zDay.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.5.0314

TimeStamp
2013:05:13 03:26:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
P D F

ProductVersion
2.5.0314

FileDescription
P D F

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2001-2015 by zDay Ltd.

MachineType
Intel 386 or later, and compatibles

CompanyName
zDay

LegalTrademarks
Tracker zDay Ltd.

FileSubtype
0

ProductVersionNumber
2.5.0.0

EntryPoint
0x3da4

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 9045f5660fc174c54421ac0cc7c22593
SHA1 a8d73bae349cfa804d687868e0a0d4cb79de8199
SHA256 9674fe85726c33f982d58eb362cd598cd944dd8f3f9d0a1b5506b9470cb4b57e
ssdeep
6144:dsCLPvP0tiaccLkzyQyH3hGOFFTztfzN6bfXEE0IoE2qLwx93QG+Y/E4vH:ljvP06cMyQyXZztorXP2q8LQo

authentihash eb157facb0031d897a019367eeb18b117b646b3ca22ddcfb89da0b0c8b2d336a
imphash 6ee80391d6aa692ef680a97e066e5c9b
File size 382.3 KB ( 391497 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-05-30 21:38:37 UTC ( 1 year, 9 months ago )
Last submission 2017-05-31 19:02:29 UTC ( 1 year, 9 months ago )
File names muabump0.exe
muabump0.exe
muabump0.exe
P D F
kovter
zDay.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs