× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a1a7050c001a27937a7cacb0d390edbc350b811ea78e46ff2d287c1575cbe91f
File name: vt-upload-PaFWd
Detection ratio: 24 / 53
Analysis date: 2014-05-27 08:26:50 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.42462 20140527
AntiVir TR/Spy.ZBot.abs.5 20140527
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20140527
Avast Win32:Malware-gen 20140527
AVG Zbot.JDX 20140527
BitDefender Gen:Variant.Symmi.42462 20140527
DrWeb Trojan.Siggen6.17808 20140527
Emsisoft Gen:Variant.Symmi.42462 (B) 20140527
ESET-NOD32 Win32/Spy.Zbot.ABS 20140527
Fortinet W32/Foreign.KUZG!tr 20140527
GData Gen:Variant.Symmi.42462 20140527
Ikarus Virus.Win32.Zbot 20140527
K7AntiVirus Spyware ( 0049a4df1 ) 20140526
K7GW Spyware ( 0049a4df1 ) 20140526
Kaspersky Trojan-Ransom.Win32.Foreign.kuzg 20140527
Malwarebytes Spyware.Zbot.VXGen 20140527
McAfee Artemis!790B141313B3 20140527
McAfee-GW-Edition Artemis!790B141313B3 20140526
eScan Gen:Variant.Symmi.42462 20140527
Sophos AV Mal/Generic-S 20140527
Symantec WS.Reputation.1 20140527
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140527
TrendMicro-HouseCall TROJ_GEN.R0CBH07EO14 20140527
VIPRE Trojan.Win32.Generic!BT 20140527
AegisLab 20140527
Yandex 20140526
AhnLab-V3 20140526
Baidu-International 20140527
Bkav 20140523
ByteHero 20140527
CAT-QuickHeal 20140527
ClamAV 20140527
CMC 20140526
Commtouch 20140527
Comodo 20140527
F-Prot 20140525
F-Secure 20140527
Jiangmin 20140527
Kingsoft 20140527
Microsoft 20140527
NANO-Antivirus 20140527
Norman 20140527
nProtect 20140526
Panda 20140526
Qihoo-360 20140527
Rising 20140526
SUPERAntiSpyware 20140526
TheHacker 20140526
TotalDefense 20140526
TrendMicro 20140527
VBA32 20140526
ViRobot 20140527
Zillya 20140527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 SofumGrp

Publisher SofumGrp
Product GrRT Group Reportering Testing
Original name grrepptestt
Internal name gr repor testt
File version 1.8.5.4
Description GrRT Group Reportering Testing
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-22 17:23:18
Entry Point 0x0000716A
Number of sections 6
PE sections
PE imports
CryptGenRandom
CryptAcquireContextA
Ord(17)
PropertySheetA
AddFontResourceA
SetMapMode
TextOutW
CreateFontIndirectW
TextOutA
Rectangle
GetDeviceCaps
DeleteDC
GetMapMode
BitBlt
CreateBitmapIndirect
RealizePalette
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
CreateCompatibleDC
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetFileAttributesW
IsProcessorFeaturePresent
GetQueuedCompletionStatus
LeaveCriticalSection
GetStartupInfoW
GetCurrentDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
CreateIoCompletionPort
WriteConsoleW
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetLogicalDrives
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
HeapSetInformation
RaiseException
UnhandledExceptionFilter
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
IsDebuggerPresent
TerminateProcess
GetConsoleCP
WideCharToMultiByte
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
ExitProcess
GetEnvironmentVariableW
SetLastError
ResetEvent
GetErrorInfo
UuidCreateSequential
ExtractIconA
SetFocus
GetMessageA
GetParent
UpdateWindow
BeginPaint
GetClassNameW
DefWindowProcW
KillTimer
PostQuitMessage
ShowWindow
GetNextDlgGroupItem
SetWindowPos
SendDlgItemMessageA
IsWindow
DispatchMessageA
EndPaint
PostMessageA
MessageBoxA
GetWindowDC
TranslateMessage
GetWindow
GetSysColor
GetDC
RegisterClassExA
GetCursorPos
ChildWindowFromPointEx
SendMessageW
SendMessageA
SetWindowTextW
GetDlgItem
MessageBoxW
SetScrollPos
InvalidateRect
LoadCursorA
LoadIconA
IsDlgButtonChecked
GetClientRect
CreateWindowExW
ReleaseDC
InsertMenuItemA
DestroyWindow
IsAccelerator
OleUninitialize
OleInitialize
StringFromGUID2
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.8.5.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
242176

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 SofumGrp

FileVersion
1.8.5.4

TimeStamp
2014:05:22 18:23:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gr repor testt

FileAccessDate
2014:06:18 01:16:35+01:00

ProductVersion
1.8.5.4

FileDescription
GrRT Group Reportering Testing

OSVersion
5.1

FileCreateDate
2014:06:18 01:16:35+01:00

OriginalFilename
grrepptestt

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SofumGrp

CodeSize
83968

ProductName
GrRT Group Reportering Testing

ProductVersionNumber
1.8.5.4

EntryPoint
0x716a

ObjectFileType
Executable application

File identification
MD5 790b141313b3fafaaf00aee0b342ab9a
SHA1 685d3ff0b377b378f25ee441cbdf5ad67373198f
SHA256 a1a7050c001a27937a7cacb0d390edbc350b811ea78e46ff2d287c1575cbe91f
ssdeep
6144:hDwwZRV1pWnNTDfHTEKlHEIsKkCXuYTzB3Kw1+3rIVn+6n/bo+:KORV1pWnNfjE9jCXuYTzjME+Gbo

imphash 7f53eebcc5691d752e2117d4798b4bdd
File size 319.5 KB ( 327168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-27 08:26:50 UTC ( 4 years, 9 months ago )
Last submission 2014-05-27 08:26:50 UTC ( 4 years, 9 months ago )
File names grrepptestt
vt-upload-PaFWd
gr repor testt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications