× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
File name: фжзрюкшэщ
Detection ratio: 60 / 69
Analysis date: 2018-09-20 12:10:39 UTC ( 11 hours, 43 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.Zbot.IVF 20180920
AegisLab Hacktool.Win32.Krap.x!c 20180920
AhnLab-V3 Virus/Win32.Ramnit.R205005 20180920
ALYac Backdoor.Zbot.al 20180920
Antiy-AVL Trojan[Packed]/Win32.Krap 20180920
Arcabit Trojan.Zbot.IVF 20180920
Avast Win32:GenMalicious-GOW [Trj] 20180920
AVG Win32:GenMalicious-GOW [Trj] 20180920
Avira (no cloud) TR/Crypt.XPACK.AB.1 20180920
AVware Trojan.Win32.Generic!BT 20180920
Baidu Win32.Trojan.Ramnit.e 20180914
BitDefender Trojan.Zbot.IVF 20180920
Bkav W32.RammintDropperNNA.Worm 20180919
CAT-QuickHeal Trojan.Ramnit.MUE.R4 20180918
ClamAV Win.Malware.QBot-846 20180920
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.7193ce 20180225
Cylance Unsafe 20180920
Cyren W32/Ramnit.UNAX-1410 20180920
DrWeb VBS.Dropper.128 20180920
Emsisoft Trojan.Zbot.IVF (B) 20180920
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 Win32/Ramnit.A 20180920
F-Prot W32/Ramnit.X 20180920
F-Secure Trojan.Zbot.IVF 20180920
Fortinet W32/Snocry.JQ!tr 20180920
GData Win32.Virus.Ramnit-Main.C 20180920
Ikarus Packer.Win32.Krap 20180920
Sophos ML heuristic 20180717
Jiangmin Trojan/Generic.beznk 20180920
K7AntiVirus Trojan ( f1000f011 ) 20180920
K7GW Trojan ( f1000f011 ) 20180920
Kaspersky Packed.Win32.Krap.hm 20180920
Malwarebytes Worm.Qakbot 20180920
MAX malware (ai score=100) 20180920
McAfee PWS-Zbot.gen.pq 20180920
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.qc 20180920
Microsoft Worm:Win32/Ramnit.A 20180920
eScan Trojan.Zbot.IVF 20180920
NANO-Antivirus Trojan.Win32.ULPM.dlsptx 20180920
Palo Alto Networks (Known Signatures) generic.ml 20180920
Panda Trj/Krap.Y 20180920
Qihoo-360 VirusOrg.Win32.Ramnit.K 20180920
Rising Virus.Ramnit!8.4 (CLOUD) 20180920
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV W32/Ramnit-ET 20180920
Symantec Trojan.Zbot!gen9 20180920
Tencent Virus.Win32.Ramnit.efg 20180920
TheHacker Posible_Worm32 20180918
TotalDefense Win32/Ramnit.NFTMJbB 20180920
TrendMicro BKDR_QAKBOT.SMC 20180920
TrendMicro-HouseCall BKDR_QAKBOT.SMC 20180920
VBA32 Malware-Cryptor.Win32.073 20180920
VIPRE Trojan.Win32.Generic!BT 20180920
ViRobot Trojan.Win32.Z.Zbot.56320.F 20180920
Webroot W32.Malware.gen 20180920
Yandex Trojan.Kryptik!P4PzTd0t6I4 20180919
Zillya Adware.OutBrowse.Win32.104455 20180920
ZoneAlarm by Check Point Packed.Win32.Krap.hm 20180920
Zoner Trojan.Zbot 20180919
Alibaba 20180912
Avast-Mobile 20180920
Babable 20180918
CMC 20180920
Comodo 20180920
eGambit 20180920
Kingsoft 20180920
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180920
Trustlook 20180920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2528-6142

Product люзанх
Original name nedwp.exe
Internal name фжзрюкшэщ
File version 106.42.73.61
Description BitDefender Management Console
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-12 11:02:20
Entry Point 0x0002C030
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DragFinish
WinHelpW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 2
PE resources
ExifTool file metadata
UninitializedDataSize
122880

LinkerVersion
7.4

ImageVersion
8.1

FileVersionNumber
106.42.73.61

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
BitDefender Management Console

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x2c030

OriginalFileName
nedwp.exe

MIMEType
application/octet-stream

LegalCopyright
2528-6142

FileVersion
106.42.73.61

TimeStamp
2008:02:12 12:02:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
106.42.73.61

SubsystemVersion
4.0

OSVersion
10.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SOFTWIN S.R.L.

CodeSize
57344

FileSubtype
0

ProductVersionNumber
106.42.73.61

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 ff5e1f27193ce51eec318714ef038bef
SHA1 b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256 fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
ssdeep
1536:Q+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzE:bROzoTq0+RO7IwnY

authentihash 99dc4b0f55eed36a83a5dc3c5fd6fa5ed273fc25e48941cdf45e180d89a41f85
imphash 500cd02578808f964519eb2c85153046
File size 55.0 KB ( 56320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (31.0%)
Win32 Executable (generic) (21.2%)
Win16/32 Executable Delphi generic (9.7%)
OS/2 Executable (generic) (9.5%)
Clipper DOS Executable (9.5%)
Tags
peexe attachment upx

VirusTotal metadata
First submission 2010-07-30 21:00:35 UTC ( 8 years, 1 month ago )
Last submission 2018-09-20 06:06:57 UTC ( 17 hours, 47 minutes ago )
File names GameSrv.exe
HJEuxbPQ.exe
GAEbmGqf.exe
zwhnercv.exe
qlaaykaw.exe
gAwVDVpM.exe
ywVPWtWT.exe
oZcoKiNO.exe
fastbootSrv.exe
kpkxcwyg.exe
uXILVRvV.exe
fd6c69c345f1e329_rundll32srv.exe
ClientSrv.exe
sampleSrv.exe
ff5e1f27193ce51eec318714ef038bef.exe
gaxoasvy.exe
ofyajwkr.exe
ZiZjvbpo.exe
desktoplayerSrv.exe
bkwefphm.exe
gvElTluc.exe
pieoxkxk.exe
tjURZEMa.exe
aJATaMaG.exe
rQbwaEOT.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.