× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 99064e1239bf05cb0be922609f19ab5f46d090318f0b6d172eec43bfd5439949
File name: vt-upload-kT9Mf
Detection ratio: 25 / 51
Analysis date: 2014-03-28 01:20:23 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.40000 20140328
Yandex TrojanSpy.Zbot!iG4I6cLAkXA 20140327
AhnLab-V3 Trojan/Win32.Zbot 20140327
AntiVir TR/Symmi.40000 20140327
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140327
AVG Luhe.Gen.C 20140327
BitDefender Gen:Variant.Symmi.40000 20140328
ByteHero Virus.Win32.Heur.p 20140328
CMC Heur.Win32.Veebee.1!O 20140326
Emsisoft Gen:Variant.Symmi.40000 (B) 20140328
ESET-NOD32 a variant of Win32/Injector.BAFZ 20140328
F-Secure Gen:Variant.Symmi.40000 20140328
Fortinet W32/Zbot.BAFZ!tr 20140328
GData Gen:Variant.Symmi.40000 20140328
Kaspersky Trojan-Spy.Win32.Zbot.rsxw 20140328
Malwarebytes Spyware.Password 20140328
McAfee Artemis!29C48270157A 20140328
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140327
eScan Gen:Variant.Symmi.40000 20140328
Panda Trj/CI.A 20140327
Qihoo-360 Malware.QVM18.Gen 20140328
Rising PE:Trojan.FakeIcon!1.64A5 20140327
Sophos Mal/Generic-S 20140327
TrendMicro-HouseCall TROJ_GEN.R0C1H07CD14 20140328
VIPRE Trojan.Win32.Generic!BT 20140328
AegisLab 20140328
Avast 20140328
Baidu-International 20140327
Bkav 20140327
CAT-QuickHeal 20140327
ClamAV 20140327
Commtouch 20140328
Comodo 20140327
DrWeb 20140328
F-Prot 20140328
Ikarus 20140327
Jiangmin 20140327
K7AntiVirus 20140327
K7GW 20140326
Kingsoft 20140328
Microsoft 20140328
NANO-Antivirus 20140328
Norman 20140327
nProtect 20140327
SUPERAntiSpyware 20140328
Symantec 20140328
TheHacker 20140327
TotalDefense 20140327
TrendMicro 20140328
VBA32 20140327
ViRobot 20140327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Synephri hemiepes overbrag 2007

Publisher Symantec Corporation Irt
Product via
Original name Brab.exe
Internal name Brab
File version 46.35.0073
Description Cheatabl polya
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-09 20:05:37
Entry Point 0x000E4410
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(541)
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
57344

ImageVersion
46.35

ProductName
via

FileVersionNumber
46.35.0.73

UninitializedDataSize
684032

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Brab.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
46.35.0073

TimeStamp
2014:03:09 21:05:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Brab

FileAccessDate
2014:03:28 02:20:35+01:00

ProductVersion
46.35.0073

FileDescription
Cheatabl polya

OSVersion
4.0

FileCreateDate
2014:03:28 02:20:35+01:00

FileOS
Win32

LegalCopyright
Synephri hemiepes overbrag 2007

MachineType
Intel 386 or later, and compatibles

CompanyName
Symantec Corporation Irt

CodeSize
249856

FileSubtype
0

ProductVersionNumber
46.35.0.73

EntryPoint
0xe4410

ObjectFileType
Executable application

File identification
MD5 29c48270157a373a305e99304b1dfbad
SHA1 75435b04a25a0f2eb43b4dcb9436e554b074b8f5
SHA256 99064e1239bf05cb0be922609f19ab5f46d090318f0b6d172eec43bfd5439949
ssdeep
6144:28zauFhz6yibSliAHRYnakZ2RW6ACekEoSxb56F+:vb64liCYnFZ2Y68oSr9

imphash 5cd85a0ecbf67c5aa9a8d7a3402343d5
File size 299.0 KB ( 306176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-03-28 01:20:23 UTC ( 3 years ago )
Last submission 2014-03-28 01:20:23 UTC ( 3 years ago )
File names Brab
Brab.exe
vt-upload-kT9Mf
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.