× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2b3f848e0ac59f1c666d93cbf586a3a6f185b1e05d318e326e64695d0d1b297
File name: vt-upload-u5WGA
Detection ratio: 42 / 55
Analysis date: 2014-09-25 06:01:01 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.25915 20140925
Yandex Trojan.Injector!egYkSBkxjVc 20140924
AhnLab-V3 Dropper/Win32.Necurs 20140924
Antiy-AVL Trojan/Win32.Inject 20140925
Avast Win32:Malware-gen 20140925
AVG Win32/Cryptor 20140924
Avira (no cloud) TR/Crypt.ZPACK.97518 20140925
AVware Trojan.Win32.Generic!BT 20140925
Baidu-International Trojan.Win32.Inject.AGxL 20140924
BitDefender Trojan.GenericKDZ.25915 20140925
Bkav W32.TasrunsetLTA.Trojan 20140923
CAT-QuickHeal TrojanRansom.Crowti.A6 20140925
ClamAV Win.Trojan.Generickdz-645 20140925
DrWeb Trojan.Inject1.43610 20140925
Emsisoft Trojan.GenericKDZ.25915 (B) 20140925
ESET-NOD32 a variant of Win32/Injector.BLUQ 20140925
F-Prot W32/Powessere.A.gen!Eldorado 20140925
F-Secure Trojan.GenericKDZ.25915 20140925
Fortinet W32/Kryptik.BPPO!tr 20140925
GData Trojan.GenericKDZ.25915 20140925
Ikarus Trojan-Spy.Zbot 20140924
K7AntiVirus Trojan ( 004a989c1 ) 20140924
K7GW Trojan ( 050000001 ) 20140924
Kaspersky Trojan.Win32.Inject.rxry 20140925
Kingsoft Win32.Troj.Inject.rx.(kcloud) 20140925
Malwarebytes Trojan.Agent.ED 20140925
McAfee GenericTRA-CA!AE773F234152 20140925
McAfee-GW-Edition GenericTRA-CA!AE773F234152 20140924
Microsoft PWS:Win32/Zbot 20140925
eScan Trojan.GenericKDZ.25915 20140925
NANO-Antivirus Trojan.Win32.Andromeda.devuus 20140925
Norman Injector.HHJL 20140925
nProtect Trojan.GenericKDZ.25915 20140924
Panda Trj/CI.A 20140924
Sophos AV Mal/Wonton-K 20140925
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140925
Symantec Trojan.Gen 20140925
Tencent Win32.Trojan.Inject.Lplf 20140925
TotalDefense Win32/Zbot.NOeeMf 20140924
TrendMicro-HouseCall TROJ_GEN.F0C2H00IO14 20140925
VIPRE Trojan.Win32.Generic!BT 20140925
Zillya Trojan.Inject.Win32.93965 20140925
AegisLab 20140925
ByteHero 20140925
CMC 20140924
Comodo 20140925
Cyren 20140925
Jiangmin 20140924
Qihoo-360 20140925
Rising 20140924
TheHacker 20140924
TrendMicro 20140925
VBA32 20140924
ViRobot 20140925
Zoner 20140919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-12 00:24:02
Entry Point 0x00004447
Number of sections 4
PE sections
Overlays
MD5 baa9f44aae306d2a323dd39712aca95c
File type data
Offset 325632
Size 1503
Entropy 7.75
PE imports
RegQueryValueA
RegOpenKeyExA
RegCloseKey
GetOpenFileNameA
GetSaveFileNameA
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetFileInformationByHandle
InitializeSListHead
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetSystemTimeAsFileTime
WriteFile
SwitchToFiber
HeapReAlloc
GetStringTypeW
LocalFree
MoveFileA
InitializeCriticalSection
GlobalHandle
AllocConsole
TlsGetValue
OutputDebugStringA
SetLastError
ExitProcess
FlushFileBuffers
GetModuleFileNameA
SetConsoleScreenBufferSize
LoadLibraryExA
CancelDeviceWakeupRequest
FindClose
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
SetLocalTime
GetStartupInfoA
GetDateFormatA
GetFileSize
GetPrivateProfileIntA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
FreeEnvironmentStringsW
FindFirstFileA
lstrcpyA
GetTimeFormatA
CreateWaitableTimerA
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
WinExec
OpenFile
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
GetCommandLineA
TlsFree
SetFilePointer
VirtualUnlock
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
HeapCreate
VirtualFree
Sleep
VirtualAlloc
CompareStringA
ShellExecuteA
DdeDisconnectList
PeekMessageA
IntersectRect
CharUpperBuffA
DefFrameProcA
DispatchMessageA
GetDialogBaseUnits
UnpackDDElParam
GetWindowInfo
SetUserObjectInformationW
InvalidateRgn
VkKeyScanW
GetMenuDefaultItem
CreateStreamOnHGlobal
Number of PE resources by type
RT_STRING 20
RT_ICON 6
RT_ACCELERATOR 3
RT_DIALOG 2
RT_GROUP_ICON 2
Number of PE resources by language
ENGLISH US 32
ARABIC SYRIA 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:09:12 01:24:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
71680

LinkerVersion
9.0

EntryPoint
0x4447

InitializedDataSize
252928

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ae773f234152fb5df1ab35116dbb82bd
SHA1 0403c0a6d2888adc9d40e50f9ee72432fb459872
SHA256 a2b3f848e0ac59f1c666d93cbf586a3a6f185b1e05d318e326e64695d0d1b297
ssdeep
6144:gApMWb0FolZ0z0Q6p+MqggtZIpZoz1fiQ19zsCOph49p:gApMWyo/0zl6pOIDozJtrJei

authentihash 5ee10d982cf09475c4804d6be10b130fa893534ab18b06264c2eb568418a532a
imphash a574247f545432ac240bf874bdd691a9
File size 319.5 KB ( 327135 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-09-25 06:01:01 UTC ( 4 years, 5 months ago )
Last submission 2014-09-25 06:01:01 UTC ( 4 years, 5 months ago )
File names vt-upload-u5WGA
a2b3f848e0ac59f1c666d93cbf586a3a6f185b1e05d318e326e64695d0d1b297.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications