× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b17d98321ec5f5cf3feaef835fa951887da841d3719aa5cc7f4375ef67d942e
File name: 5334b0baf442db0985773ffe9dc
Detection ratio: 46 / 57
Analysis date: 2016-05-22 06:22:22 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDZ.2905 20160522
AegisLab Troj.Spy.W32.Zbot.hvem!c 20160521
AhnLab-V3 Trojan/Win32.Tepfer 20160521
ALYac Trojan.Generic.KDZ.2905 20160522
Arcabit Trojan.Generic.KDZ.DB59 20160522
Avast Win32:FakeAV-EGV [Trj] 20160522
AVG Crypt_s.ACZ 20160522
Avira (no cloud) TR/Winwebsec.559874 20160521
AVware VirTool.Win32.Obfuscator.da!j (v) 20160521
Baidu Win32.Trojan.Kryptik.ur 20160520
BitDefender Trojan.Generic.KDZ.2905 20160522
CAT-QuickHeal Trojan.Lethic.B 20160521
ClamAV Win.Spyware.Tepfer-635 20160522
CMC Trojan-Spy.Win32.Zbot!O 20160520
Comodo TrojWare.Win32.Kryptik.ARIW 20160522
Cyren W32/FakeAlert.WL.gen!Eldorado 20160522
DrWeb BackDoor.Slym.1375 20160522
Emsisoft Trojan.Generic.KDZ.2905 (B) 20160522
ESET-NOD32 a variant of Win32/Kryptik.ARUZ 20160521
F-Prot W32/FakeAlert.WL.gen!Eldorado 20160522
F-Secure Trojan.Generic.KDZ.2905 20160522
Fortinet W32/Tepfer.PSU!tr 20160522
GData Trojan.Generic.KDZ.2905 20160522
Ikarus Trojan-PSW.Win32.Tepfer 20160522
Jiangmin Trojan/Tepfer.Gen 20160522
K7AntiVirus Trojan ( 0040f2c01 ) 20160522
K7GW Trojan ( 0040f2c01 ) 20160522
Kaspersky Trojan-Spy.Win32.Zbot.hvem 20160522
McAfee FakeAlert-SecurityTool.gw 20160522
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.bc 20160521
Microsoft Trojan:Win32/Bulta!rfn 20160522
eScan Trojan.Generic.KDZ.2905 20160522
NANO-Antivirus Trojan.Win32.Zbot.cwlksx 20160522
nProtect Trojan.Generic.KDZ.2905 20160520
Panda Trj/Tepfer.B 20160521
Qihoo-360 HEUR/Malware.QVM20.Gen 20160522
Rising Malware.Generic!3raBh9JNTIN@2 (Thunder) 20160522
Sophos AV Troj/Zbot-DJX 20160522
SUPERAntiSpyware Trojan.Agent/Gen-RogueRel 20160522
Symantec SecShieldFraud!gen10 20160522
Tencent Win32.Init.QQRob.bfng 20160522
TheHacker Trojan/Kryptik.ariw 20160522
TrendMicro WORM_KELIHOS.SMB 20160522
TrendMicro-HouseCall WORM_KELIHOS.SMB 20160522
VBA32 Trojan.FakeAV.01657 20160520
VIPRE VirTool.Win32.Obfuscator.da!j (v) 20160522
Alibaba 20160520
Antiy-AVL 20160522
Baidu-International 20160521
Bkav 20160521
Kingsoft 20160522
Malwarebytes 20160522
TotalDefense 20160522
ViRobot 20160521
Yandex 20160521
Zillya 20160521
Zoner 20160522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-21 08:32:11
Entry Point 0x00001124
Number of sections 4
PE sections
PE imports
DllCanUnloadNow
HeapFree
EnterCriticalSection
lstrlenA
GetFileAttributesA
GetDriveTypeA
GlobalSize
GetCurrentDirectoryW
GetCommandLineW
GetCommandLineA
GlobalLock
IsBadReadPtr
GetFileTime
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
ExitThread
WaitForMultipleObjects
HeapCreate
FindClose
GetFileType
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetThemeTextExtent
GetThemeEnumValue
DrawThemeEdge
GetThemeColor
GetThemeBool
IsThemeActive
OpenThemeData
CloseThemeData
DrawThemeBackground
GetWindowTheme
SetWindowTheme
GetThemeTextMetrics
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:10:21 09:32:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4608

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
758272

SubsystemVersion
5.0

EntryPoint
0x1124

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5334b0baf442db0985773ffe9dcc602e
SHA1 4cba1389d2b4890ce8f6e8def777c872509b9691
SHA256 9b17d98321ec5f5cf3feaef835fa951887da841d3719aa5cc7f4375ef67d942e
ssdeep
12288:Q2JiqLAaoLuB0QYsZkPBw+aMxjUxQxw2/kpIKL84unG+a1IQHcm6:Q2JiJeeB7gQxwlQixuQ8m

authentihash c9bfb075eed95a2e5a13d6a6756ba4b3cd6704f50d6dc6696b901ed271282bd1
imphash aff6cb5b69c79b9ed660871c1e8a24b0
File size 746.0 KB ( 763904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe

VirusTotal metadata
First submission 2013-01-18 20:42:39 UTC ( 6 years, 4 months ago )
Last submission 2016-05-22 06:22:22 UTC ( 3 years ago )
File names 5334b0baf442db0985773ffe9dc
vt-upload-e2PQM
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Opened service managers
Opened services
Runtime DLLs
UDP communications