× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0d955ff7033dcf840b220432b0a78d12ccf72225df8692d6dd22cb5aedc8253
File name: 21.566.exe
Detection ratio: 22 / 46
Analysis date: 2013-07-03 14:19:48 UTC ( 4 years ago )
Antivirus Result Update
AntiVir TR/Injector.AJ.13 20130703
Avast Win32:MalOb-IF [Cryp] 20130703
AVG Win32/Karagany 20130703
Comodo TrojWare.Win32.Kryptik.SPR 20130703
DrWeb Trojan.Packed.2580 20130703
ESET-NOD32 a variant of Win32/Injector.WIL 20130703
Fortinet W32/Zbot.AUA!tr 20130703
Ikarus Trojan-PSW.Win32.Tepfer 20130703
K7AntiVirus Trojan 20130702
K7GW Trojan 20130702
Kaspersky HEUR:Trojan.Win32.Generic 20130703
McAfee PWS-Zbot.gen.aln 20130703
McAfee-GW-Edition PWS-Zbot.gen.aln 20130703
Microsoft Rogue:Win32/FakeDef 20130703
Norman Krypt.FV 20130703
Panda Trj/Genetic.gen 20130703
PCTools Trojan.Zeroaccess 20130703
Rising Trojan.Zbot!4918 20130703
Sophos AV Troj/Zbot-COZ 20130703
Symantec Trojan.Zeroaccess!g46 20130703
VBA32 BScope.TrojanPSW.Zbot.2716 20130702
VIPRE Trojan.Win32.Cridex.c (v) 20130703
Yandex 20130702
AhnLab-V3 20130703
Antiy-AVL 20130702
BitDefender 20130701
ByteHero 20130613
CAT-QuickHeal 20130703
ClamAV 20130702
Commtouch 20130703
Emsisoft 20130703
eSafe 20130703
F-Prot 20130703
GData 20130703
Jiangmin 20130703
Kingsoft 20130506
Malwarebytes 20130703
eScan 20130702
NANO-Antivirus 20130703
nProtect 20130703
SUPERAntiSpyware 20130703
TheHacker 20130630
TotalDefense 20130703
TrendMicro 20130703
TrendMicro-HouseCall 20130703
ViRobot 20130703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Publisher ?????????? ??????????
Internal name RCIMLBY.EXE
File version 5.1.2600.5512 (xpsp.080413-2108)
Description Antivirus Subsystem
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-02 11:41:33
Entry Point 0x00001B40
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegRestoreKeyW
RegQueryValueExW
OpenProcessToken
RegOpenKeyExW
RegEnumKeyA
GetTokenInformation
DuplicateTokenEx
GetUserNameW
OpenThreadToken
GetUserNameA
CreateProcessAsUserW
RegDeleteValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
RegSetValueExA
RegSaveKeyW
EqualSid
RegOpenKeyExA
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Create
ImageList_LoadImageW
InitCommonControlsEx
GetObjectA
CreateFontIndirectW
RestoreDC
SelectObject
SaveDC
CreateFontIndirectA
GetTextExtentPointA
SetBkColor
DeleteObject
SetTextColor
GetTextExtentPointW
SetThreadLocale
ReplaceFileA
CreateJobObjectA
CommConfigDialogW
FileTimeToSystemTime
WaitForSingleObject
PurgeComm
HeapDestroy
GetHandleInformation
QueueUserAPC
GetDefaultCommConfigW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
SetSystemTime
GetConsoleMode
LocalAlloc
Module32First
SetErrorMode
GetSystemDirectoryW
GetLogicalDrives
lstrcatW
GetCommModemStatus
FindNextVolumeMountPointA
WideCharToMultiByte
GetProcAddress
LocalFree
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
WritePrivateProfileStructW
GetExitCodeProcess
QueryDosDeviceA
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
GetProfileIntA
SetLastError
PeekNamedPipe
DeviceIoControl
GetModuleFileNameW
SetConsoleScreenBufferSize
LoadLibraryA
SetProcessWorkingSetSize
GetVolumeInformationA
AllocConsole
WritePrivateProfileSectionW
GetSystemDefaultLCID
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
GetCalendarInfoA
GetPrivateProfileStringW
FormatMessageA
CreateEventW
_lclose
SetCalendarInfoA
CreateThread
SetEnvironmentVariableW
LocalFlags
EnumSystemLanguageGroupsA
SetUnhandledExceptionFilter
EnumLanguageGroupLocalesA
ReadConsoleA
TerminateProcess
AllocateUserPhysicalPages
GetProcessShutdownParameters
GetNumberFormatA
LocalFileTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
AreFileApisANSI
EnterCriticalSection
VerLanguageNameA
TerminateThread
LoadLibraryW
MoveFileWithProgressW
SetEvent
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
CallNamedPipeA
UnlockFileEx
GetVersionExA
lstrcmpiW
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetDateFormatW
GenerateConsoleCtrlEvent
BackupWrite
_llseek
GetUserDefaultLCID
CreateWaitableTimerW
GetTimeFormatW
GlobalWire
SetCriticalSectionSpinCount
EnumResourceNamesA
GetTimeFormatA
CreateFileMappingA
DuplicateHandle
WaitForMultipleObjects
SetCommTimeouts
GetPrivateProfileSectionW
GetTimeZoneInformation
CreateFileW
CreateEventA
lstrcpyn
lstrcmp
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
VirtualAllocEx
lstrlenA
OpenSemaphoreA
AssignProcessToJobObject
lstrcpyW
CreateNamedPipeA
GetQueuedCompletionStatus
GetCommTimeouts
GetCPInfoExW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
GetCPInfoExA
GetAtomNameW
InterlockedCompareExchange
GetCurrentThread
EnumResourceTypesA
GetSystemDefaultLangID
UnhandledExceptionFilter
GetModuleHandleA
HeapUnlock
CancelWaitableTimer
CloseHandle
EnumSystemCodePagesA
lstrcpynA
GetPriorityClass
SetLocalTime
CreateConsoleScreenBuffer
GetModuleHandleW
FileTimeToLocalFileTime
GetFileAttributesExW
CreateProcessA
DnsHostnameToComputerNameW
OpenEventW
RtlMoveMemory
GetConsoleAliasExesLengthW
Sleep
IsBadReadPtr
GetProcessVersion
OpenEventA
DeleteFileW
GetOEMCP
DragQueryFileW
SHQueryRecycleBinW
ExtractAssociatedIconExW
Shell_NotifyIconW
SHPathPrepareForWriteA
ExtractAssociatedIconExA
SHBrowseForFolderA
SHPathPrepareForWriteW
SHFileOperation
Shell_NotifyIconA
SHInvokePrinterCommandW
SHGetIconOverlayIndexA
SHCreateDirectoryExW
DuplicateIcon
ExtractIconEx
FindExecutableW
ShellExecuteExW
SHGetIconOverlayIndexW
ShellAboutW
WOWShellExecute
SHGetPathFromIDListA
SHLoadNonloadedIconOverlayIdentifiers
SHGetMalloc
SHLoadInProc
DragQueryFile
SHGetDesktopFolder
SHGetSpecialFolderPathA
SHBrowseForFolder
SHEmptyRecycleBinW
ExtractAssociatedIconA
SHCreateProcessAsUserW
SHGetSpecialFolderPathW
DragQueryFileAorW
DragFinish
SHGetFolderPathW
FindExecutableA
ExtractIconExA
SHFileOperationW
DoEnvironmentSubstA
SHGetSettings
ShellHookProc
SHGetSpecialFolderLocation
SHGetDataFromIDListA
SHGetFolderPathA
SHQueryRecycleBinA
SHFileOperationA
CommandLineToArgvW
DoEnvironmentSubstW
StrChrW
StrStrIA
StrCmpNW
StrCmpNIW
StrRChrIA
StrStrIW
StrRChrA
StrChrA
StrStrW
StrChrIA
StrRStrIW
SetFocus
RegisterWindowMessageW
DrawAnimatedRects
GetUserObjectInformationW
GetParent
EnableWindow
UpdateWindow
PostQuitMessage
DefWindowProcW
FindWindowW
KillTimer
RegisterWindowMessageA
DefWindowProcA
ShowWindow
FillRect
SetWindowPos
EndPaint
FindWindowA
GetSystemMetrics
MessageBoxW
GetWindowRect
DispatchMessageA
GetThreadDesktop
PostMessageA
DrawIcon
MapWindowPoints
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetFocus
GetProcessWindowStation
GetSysColor
DrawFocusRect
GetDC
CreateDialogParamW
SystemParametersInfoA
BeginPaint
SetWindowTextA
MsgWaitForMultipleObjects
SendMessageW
LoadStringA
RegisterClassW
IsWindowVisible
WinHelpW
SendMessageA
LoadStringW
SetWindowTextW
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextW
WinHelpA
CallWindowProcW
RegisterClassA
SetRect
InvalidateRect
GetWindowLongA
FindWindowExA
SetTimer
LoadCursorA
LoadIconA
DrawTextA
GetMessageA
FindWindowExW
DefDlgProcA
AttachThreadInput
GetClientRect
RedrawWindow
CreateWindowExW
ReleaseDC
wsprintfW
SetForegroundWindow
DestroyWindow
DefDlgProcW
IsDialogMessageA
SetCursor
__p__fmode
malloc
_ismbbkprint
toupper
_initterm
_telli64
_ftol
wcstoul
__p__mbcasemap
wcschr
__dllonexit
_cexit
__wargv
__RTDynamicCast
memcpy
wcstok
__p__wcmdln
strtoul
__p__osver
towupper
_onexit
_wspawnvpe
_wstati64
strncpy
_ui64tow
_Strftime
_inp
ispunct
_execv
log
_adj_fdivr_m16i
_wgetcwd
_abnormal_termination
_wexeclp
_execvpe
wcslen
wcscmp
_chgsign
__crtCompareStringA
wcsncat
_XcptFilter
_fileno
_mbcjmstojis
__setusermatherr
exit
srand
wcsrchr
_winver
_adjust_fdiv
_acmdln
_tell
_ismbblead
__p__winmajor
__p__commode
memcmp
_c_exit
fputs
_seterrormode
_safe_fdivr
__getmainargs
wscanf
_exit
_logb
_gmtime64
_wcsncoll
_longjmpex
_CIlog10
_copysign
__argv
_mktime64
wcsspn
towlower
_wstat
_except_handler3
mblen
__argc
_lrotr
free
exp
tmpnam
_fpieee_flt
_controlfp
__p__amblksiz
__set_app_type
CoInitializeEx
CoRegisterClassObject
CoInitialize
CoRevokeClassObject
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoTaskMemFree
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_ICON 5
RT_STRING 2
RT_MENU 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 10
POLISH DEFAULT 1
PE resources
File identification
MD5 959199074516446a5ee0f440b0165f84
SHA1 8bc87f1605c194cac447bc9695e0c2c0360129da
SHA256 a0d955ff7033dcf840b220432b0a78d12ccf72225df8692d6dd22cb5aedc8253
ssdeep
768:C/qG8UAS6hnoaoiKIgQKbQAuAnJrucMPOfVQKKXKiQ/7HoWsERCTaP2jVWjM09:C/389Z5oiytuKSFOt+KiQJFejVW/9

File size 82.0 KB ( 83968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-03 14:19:48 UTC ( 4 years ago )
Last submission 2013-07-03 14:19:48 UTC ( 4 years ago )
File names 21.566.exe
RCIMLBY.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!