× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c1f2b7b3dd7675755a3a19174acc559e99ce045c63b9676275207fe67a1e075
File name: hnszs0.exe
Detection ratio: 4 / 42
Analysis date: 2012-04-26 18:19:59 UTC ( 6 years, 11 months ago ) View latest
Antivirus Result Update
Kaspersky Trojan-Ransom.Win32.Mbro.emg 20120426
Microsoft Trojan:Win32/Ransom.DV 20120426
NOD32 a variant of Win32/Kryptik.AEUJ 20120426
Panda Suspicious file 20120426
AhnLab-V3 20120425
AntiVir 20120426
Antiy-AVL 20120425
Avast 20120426
AVG 20120426
BitDefender 20120426
ByteHero 20120424
CAT-QuickHeal 20120426
ClamAV 20120426
Commtouch 20120426
Comodo 20120426
DrWeb 20120426
Emsisoft 20120426
eSafe 20120425
eTrust-Vet 20120426
F-Prot 20120426
F-Secure 20120426
Fortinet 20120426
GData 20120426
Ikarus 20120426
Jiangmin 20120426
K7AntiVirus 20120426
McAfee 20120426
McAfee-GW-Edition 20120426
Norman 20120425
nProtect 20120425
PCTools 20120424
Rising 20120426
Sophos AV 20120426
SUPERAntiSpyware 20120402
Symantec 20120426
TheHacker 20120425
TrendMicro 20120426
TrendMicro-HouseCall 20120426
VBA32 20120426
VIPRE 20120426
ViRobot 20120426
VirusBuster 20120426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
neorotryfa © 2010-2012

Product neorotryfa SoftWare ©.
Original name isojeorjtqw.exe
Internal name isojeorjtqw
File version 3 TT79L393970019.166e
Description neorotryfa SoftWare ©.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-13 08:42:14
Entry Point 0x00002CDF
Number of sections 5
PE sections
PE imports
CertSerializeCertificateStoreElement
Direct3DCreate9
DebugSetMute
DhcpRemoveDNSRegistrations
EnumUILanguagesA
GetStdHandle
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
PurgeComm
GetLocalTime
GetConsoleCursorInfo
OpenFileMappingA
_llseek
GetFileInformationByHandle
HeapSize
GetFullPathNameA
WriteConsoleInputA
WriteConsoleOutputA
WritePrivateProfileStructA
GetDiskFreeSpaceA
SetFileAttributesA
LZSeek
GetThreadPriority
GetLogicalDriveStringsA
GetExitCodeProcess
LoadResource
FindFirstVolumeMountPointW
GlobalHandle
FindFirstVolumeMountPointA
GlobalFindAtomA
RemoveDirectoryA
UpdateResourceA
ExpungeConsoleCommandHistoryA
SetProcessWorkingSetSize
OpenWaitableTimerA
SetThreadPriority
GetSystemDefaultLCID
MultiByteToWideChar
CreateMutexA
RegisterWaitForSingleObject
MoveFileExW
ConvertDefaultLocale
SetSystemPowerState
SetLastConsoleEventActive
ClearCommError
GetSystemDirectoryA
SetThreadContext
GlobalUnWire
GetDiskFreeSpaceExA
GetNumberFormatA
VirtualQuery
GetCurrentConsoleFont
SetEndOfFile
SetFirmwareEnvironmentVariableA
GetCurrentThreadId
SetHandleCount
GetThreadPriorityBoost
lstrcmpiA
LZDone
GetTickCount
IsBadWritePtr
GetVersionExA
WriteConsoleOutputAttribute
GlobalSize
GetConsoleCommandHistoryLengthA
SetVolumeMountPointA
SetProcessPriorityBoost
GetWindowsDirectoryA
LoadModule
GetConsoleAliasesA
VirtualProtectEx
GetProfileStringA
GetTimeFormatA
CreateWaitableTimerA
ExpandEnvironmentStringsA
WriteProfileSectionA
GetTimeZoneInformation
GetConsoleWindow
GetFileType
ReadConsoleOutputAttribute
GetConsoleAliasesLengthA
FindFirstChangeNotificationA
GetEnvironmentStringsA
GetConsoleAliasExesA
GetCommState
CreateNamedPipeA
GetModuleFileNameA
GetComputerNameA
GetCommTimeouts
UnregisterWait
GetCurrentProcessId
HeapQueryInformation
GetCurrentDirectoryA
GetConsoleCharType
OpenMutexA
SetConsoleMenuClose
QueryPerformanceFrequency
ReadFile
IsBadCodePtr
SetConsoleTitleA
CloseHandle
lstrcpynA
ReadConsoleOutputCharacterA
GetConsoleAliasExesLengthA
SetConsolePalette
GetProcessVersion
SetMailslotInfo
OpenEventA
VirtualAlloc
SQLExecute
SQLSetStmtAttr
EnumDesktopsA
SetMenuItemBitmaps
PostQuitMessage
GetWindowContextHelpId
SetWindowPos
IsWindow
SetMenuItemInfoA
CharUpperBuffA
OemToCharBuffW
GetMessageTime
AnyPopup
DefFrameProcA
CallNextHookEx
GetWindowTextLengthA
GetActiveWindow
LoadImageA
EnumPropsExA
DeregisterShellHookWindow
IsDlgButtonChecked
GetClassInfoExA
ShowWindow
SetWindowsHookA
DlgDirListComboBoxA
UnregisterUserApiHook
GetClipboardFormatNameA
GetTabbedTextExtentA
ShowWindowAsync
PeekMessageA
TranslateMessage
InsertMenuItemA
LoadStringA
CloseWindow
DlgDirSelectComboBoxExA
RegisterSystemThread
OpenDesktopA
CreateMenu
GetSysColorBrush
EnumDesktopWindows
DrawMenuBarTemp
SendNotifyMessageA
GetAltTabInfo
GetMouseMovePointsEx
DefMDIChildProcA
QuerySendMessage
SendDlgItemMessageA
GetSystemMetrics
BroadcastSystemMessageExA
PostMessageA
SetWindowLongA
SetKeyboardState
RemovePropA
DisplayExitWindowsWarnings
GetLastActivePopup
CreateDialogParamA
GetClassLongA
InsertMenuA
FindWindowExA
EnumDisplaySettingsA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemInfoA
AttachThreadInput
TileChildWindows
SetWindowsHookExW
TranslateAccelerator
GetScrollRange
GetCapture
GetShellWindow
RealGetWindowClass
SetWinEventHook
MessageBeep
PrivateExtractIconExA
HiliteMenuItem
DrawFrameControl
UnhookWindowsHookEx
LoadCursorFromFileA
AdjustWindowRectEx
GetAppCompatFlags2
IsCharAlphaNumericA
GetAltTabInfoA
TileWindows
CreateMDIWindowA
SetRect
DeleteMenu
IsCharUpperA
ImpersonateDdeClientWindow
DefDlgProcA
AdjustWindowRect
UnregisterDeviceNotification
CloseClipboard
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.76

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.3.69

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
15360

EntryPoint
0x2cdf

OriginalFileName
isojeorjtqw.exe

MIMEType
application/octet-stream

LegalCopyright
neorotryfa 2010-2012

FileVersion
3 TT79L393970019.166e

TimeStamp
2012:04:13 09:42:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
isojeorjtqw

ProductVersion
9.147.60471

FileDescription
neorotryfa SoftWare .

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
neorotryfa

CodeSize
13824

ProductName
neorotryfa SoftWare .

ProductVersionNumber
3.0.101.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0c8823f6531878ec03b7ba3e0de0c8e0
SHA1 ee0a25c872c63ecf3ef9e5811c2f790d7dcb84cb
SHA256 9c1f2b7b3dd7675755a3a19174acc559e99ce045c63b9676275207fe67a1e075
ssdeep
768:EkuuMQH8mNr2R/QcY1OI/AIkzVNnkQB5:EkuuMWTRQ/QT1t/jkzVph

authentihash 102fb50fbd23ba38dc22dbe887995050d783f1a718dca2c3f350fbcd787da2ba
imphash 6d682fff5866edc76fc5d9bc0b0a5275
File size 29.5 KB ( 30208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (63.9%)
Win32 Executable MS Visual C++ (generic) (14.8%)
Win64 Executable (generic) (13.1%)
Win32 Dynamic Link Library (generic) (3.1%)
Win32 Executable (generic) (2.1%)
Tags
peexe attachment

VirusTotal metadata
First submission 2012-04-26 18:19:59 UTC ( 6 years, 11 months ago )
Last submission 2016-01-11 02:29:30 UTC ( 3 years, 3 months ago )
File names hnszs0.exe
0c8823f6531878ec03b7ba3e0de0c8e0
isojeorjtqw
isojeorjtqw.exe
9c1f2b7b3dd7675755a3a19174acc559e99ce045c63b9676275207fe67a1e075.vir
smona_9c1f2b7b3dd7675755a3a19174acc559e99ce045c63b9676275207fe67a1e075.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!