× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 99617c68d0e6363dc5b806ed7a20d22369f3876285a53a6d99d34b608a140a10
File name: abadbb1163e9b99dc511065ac60f0d10
Detection ratio: 31 / 51
Analysis date: 2014-06-10 04:03:43 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1706803 20140610
AhnLab-V3 Trojan/Win32.Agent 20140609
AntiVir TR/Crypt.Xpack.63127 20140609
Avast Win32:Crypt-QYV [Trj] 20140610
AVG Crypt3.UZP 20140610
Baidu-International Trojan.Win32.Kryptik.bCDOU 20140609
BitDefender Trojan.GenericKD.1706803 20140610
Comodo UnclassifiedMalware 20140610
Emsisoft Trojan.GenericKD.1706803 (B) 20140610
ESET-NOD32 a variant of Win32/Kryptik.CDOU 20140610
F-Secure Trojan.GenericKD.1706803 20140609
Fortinet W32/Zbot.CDOU!tr 20140610
GData Trojan.GenericKD.1706803 20140610
Ikarus Trojan.Crypt3 20140610
K7AntiVirus Trojan ( 0049b3361 ) 20140609
K7GW Trojan ( 0049b3361 ) 20140609
Kaspersky Trojan-Spy.Win32.Zbot.takf 20140610
Malwarebytes Spyware.Zbot.VXGen 20140610
McAfee RDN/Generic PWS.y!zu 20140610
McAfee-GW-Edition RDN/Generic PWS.y!zu 20140609
Microsoft PWS:Win32/Zbot 20140610
eScan Trojan.GenericKD.1706803 20140609
Norman Troj_Generic.UGKVR 20140609
nProtect Trojan.GenericKD.1706803 20140609
Panda Generic Malware 20140609
Sophos AV Mal/Generic-S 20140610
Symantec Trojan.Gen.SMH 20140609
Tencent Win32.Trojan-spy.Zbot.Lpll 20140610
TrendMicro TROJ_GEN.R0C1C0DF114 20140610
TrendMicro-HouseCall TROJ_GEN.R0C1C0DF114 20140610
VIPRE Trojan.Win32.Generic!BT 20140610
AegisLab 20140610
Yandex 20140608
Antiy-AVL 20140610
Bkav 20140606
ByteHero 20140610
CAT-QuickHeal 20140609
ClamAV 20140610
CMC 20140609
Commtouch 20140610
DrWeb 20140610
F-Prot 20140610
Jiangmin 20140609
Kingsoft 20140610
NANO-Antivirus 20140610
Qihoo-360 20140609
Rising 20140609
SUPERAntiSpyware 20140610
TheHacker 20140609
TotalDefense 20140609
VBA32 20140609
ViRobot 20140610
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 BoptomStudion

Publisher BoptomStudion
Product SdRR Studion Report Renewering
Original name studrepren
Internal name studioo report renew
File version 6.3.5.4
Description SdRR Studion Report Renewering
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-18 17:06:07
Entry Point 0x000033F5
Number of sections 9
PE sections
PE imports
PropertySheetA
CreatePatternBrush
LineTo
SelectObject
MoveToEx
CreatePalette
GetStockObject
CreateDIBitmap
AddFontResourceA
CreateBitmap
DeleteObject
Rectangle
CreateSolidBrush
GetLastError
SetCurrentDirectoryW
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DuplicateHandle
GetStdHandle
IsProcessorFeaturePresent
GetQueuedCompletionStatus
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
CreateIoCompletionPort
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
SetStdHandle
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
DeleteCriticalSection
EncodePointer
FormatMessageA
LeaveCriticalSection
RaiseException
UnhandledExceptionFilter
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
ResetEvent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetConsoleCP
IsValidCodePage
HeapCreate
CreateFileW
GetConsoleWindow
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
WriteConsoleW
InterlockedIncrement
SysFreeString
SysAllocString
Ord(680)
GetMessageA
EnumDesktopsA
GetParent
SystemParametersInfoA
LoadMenuA
DefWindowProcW
FindWindowA
ShowWindow
GetSystemMetrics
IsWindow
SendMessageW
GetWindowRect
DispatchMessageA
EndPaint
TranslateMessage
GetSysColor
GetDC
RegisterClassExA
ReleaseDC
BeginPaint
GetMenu
SendMessageA
GetUpdateRect
GetDlgItem
SetScrollPos
InvalidateRect
GetSubMenu
SetTimer
LoadCursorA
LoadIconA
GetActiveWindow
GetWindowTextA
DestroyWindow
Ord(202)
Number of PE resources by type
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.5.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
214016

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 BoptomStudion

FileVersion
6.3.5.4

TimeStamp
2014:05:18 18:06:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
studioo report renew

FileAccessDate
2014:06:10 05:00:28+01:00

ProductVersion
6.3.5.4

FileDescription
SdRR Studion Report Renewering

OSVersion
5.1

FileCreateDate
2014:06:10 05:00:28+01:00

OriginalFilename
studrepren

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BoptomStudion

CodeSize
44544

ProductName
SdRR Studion Report Renewering

ProductVersionNumber
6.3.5.4

EntryPoint
0x33f5

ObjectFileType
Executable application

File identification
MD5 abadbb1163e9b99dc511065ac60f0d10
SHA1 0fac4cc690d48ac034ded5231f51afbfe0b9700d
SHA256 99617c68d0e6363dc5b806ed7a20d22369f3876285a53a6d99d34b608a140a10
ssdeep
6144:f2x9k/A/L/M/rIAo+RlWkT7d9QYYlHzX+kH0v7STDU82e0hpOvt/k:OTko/LE1lWkPDmpzZUvUICJV8

imphash 6185c2ff85a90b1dfa295e9405c1c765
File size 253.5 KB ( 259584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-05 20:35:35 UTC ( 4 years, 9 months ago )
Last submission 2014-06-10 04:03:43 UTC ( 4 years, 9 months ago )
File names studrepren
vt-upload-L2A_N
rJBLuzF5.txt
abadbb1163e9b99dc511065ac60f0d10
studioo report renew
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications