× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a511aca06fd076ae104e1e8cfbd2192d685e6a57a811b20a9a738e90b6377fdf
File name: 180388a400e302df4537bf77cd599b6d
Detection ratio: 31 / 56
Analysis date: 2015-07-13 17:52:18 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.18435 20150713
Yandex TrojanSpy.Zbot!/ViKrzKI7Qw 20150713
AhnLab-V3 Trojan/Win32.Agent 20150713
ALYac Gen:Variant.Mikey.18435 20150713
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150713
Arcabit Trojan.Mikey.D4803 20150713
Avast Win32:Malware-gen 20150713
AVG Inject2.CLZD 20150713
Avira (no cloud) TR/Crypt.ZPACK.14126 20150713
AVware Trojan.Win32.Generic!BT 20150713
BitDefender Gen:Variant.Mikey.18435 20150713
DrWeb Trojan.PWS.Panda.8087 20150713
Emsisoft Gen:Variant.Mikey.18435 (B) 20150713
ESET-NOD32 Win32/Spy.Zbot.ACB 20150713
F-Secure Gen:Variant.Mikey.18435 20150713
Fortinet W32/Zbot.ACB!tr 20150713
GData Gen:Variant.Mikey.18435 20150713
K7AntiVirus Spyware ( 004a08e61 ) 20150713
K7GW Spyware ( 004a08e61 ) 20150713
Kaspersky Trojan-Spy.Win32.Zbot.vrlc 20150713
Malwarebytes Trojan.Zbot 20150713
McAfee RDN/Generic PWS.y!b2m 20150713
McAfee-GW-Edition RDN/Generic PWS.y!b2m 20150713
Microsoft PWS:Win32/Zbot!VM 20150713
eScan Gen:Variant.Mikey.18435 20150713
NANO-Antivirus Trojan.Win32.Zbot.dtqlkt 20150713
Panda Trj/Genetic.gen 20150713
Sophos AV Mal/Generic-S 20150713
Symantec WS.Reputation.1 20150713
TrendMicro TROJ_GEN.R000C0DGC15 20150713
VIPRE Trojan.Win32.Generic!BT 20150713
AegisLab 20150713
Alibaba 20150713
Baidu-International 20150713
Bkav 20150713
ByteHero 20150713
CAT-QuickHeal 20150713
ClamAV 20150713
Comodo 20150713
Cyren 20150713
F-Prot 20150713
Ikarus 20150713
Jiangmin 20150710
Kingsoft 20150713
nProtect 20150713
Qihoo-360 20150713
Rising 20150713
SUPERAntiSpyware 20150713
Tencent 20150713
TheHacker 20150713
TotalDefense 20150713
TrendMicro-HouseCall 20150713
VBA32 20150713
ViRobot 20150713
Zillya 20150713
Zoner 20150713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2005-2011 Indigo BioSystems

Publisher Indigo BioSystems
Product CryWave
Original name bankmeasure.exe
Internal name CryWave
File version 0.8.7141.6539
Description CryWave
Comments Subjectsolution CryWave
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-07 08:24:04
Entry Point 0x0002A700
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
SetMapMode
CreatePen
SaveDC
TextOutA
GetClipBox
GetPixel
GetDeviceCaps
CreateDCA
OffsetViewportOrgEx
DeleteDC
RestoreDC
DeleteObject
BitBlt
SetTextColor
GetObjectA
CreateFontA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
SelectClipRgn
ScaleViewportExtEx
CreateRectRgn
SelectObject
SetWindowExtEx
DPtoLP
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetUserDefaultLCID
SetSystemTimeAdjustment
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
IsValidLocale
lstrcmpW
GlobalLock
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantInit
VariantClear
MapWindowPoints
GetMessagePos
GetParent
ReleaseDC
SetPropA
SetMenuItemBitmaps
RegisterWindowMessageA
GetCapture
GetMenuState
GetClassInfoExA
DestroyMenu
PostQuitMessage
DefWindowProcA
SetWindowTextA
IsWindowEnabled
GetPropA
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
UnhookWindowsHookEx
PostMessageA
GrayStringA
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
GetMessageTime
GetWindow
GetSysColor
GetDC
GetKeyState
SystemParametersInfoA
GetDlgCtrlID
GetClassInfoA
CheckMenuItem
GetMenu
UnregisterClassA
GetLastActivePopup
PtInRect
GetForegroundWindow
GetWindowPlacement
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
GetMenuCheckMarkDimensions
DrawTextExA
WinHelpA
RemovePropA
IsIconic
RegisterClassA
GetClassLongA
CallNextHookEx
TabbedTextOutA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
SetWindowsHookExA
ClientToScreen
GetMenuItemCount
GetSubMenu
CopyRect
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
GetMenuItemID
GetTopWindow
SetForegroundWindow
ModifyMenuA
DestroyWindow
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Subjectsolution CryWave

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.8.7141.6539

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
CryWave

CharacterSet
Unicode

InitializedDataSize
200704

EntryPoint
0x2a700

OriginalFileName
bankmeasure.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2005-2011 Indigo BioSystems

FileVersion
0.8.7141.6539

TimeStamp
2015:07:07 09:24:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CryWave

ProductVersion
0.8.7141.6539

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Indigo BioSystems

CodeSize
258048

ProductName
CryWave

ProductVersionNumber
0.8.7141.6539

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 180388a400e302df4537bf77cd599b6d
SHA1 8b5eb27e13366b53587bba3369d55a86442ac5e5
SHA256 a511aca06fd076ae104e1e8cfbd2192d685e6a57a811b20a9a738e90b6377fdf
ssdeep
6144:OFU8HHFLr3d0jPYpvegAfmeR1BLE8Nml5CX3WajBbGRpPvRKTRj:OuWlV0PYMhmAzgsXtVi1y

authentihash 88e074e3d0fe4aa71c02e566543b9d30af54625cb09d0bb5f759a4e7a55b7bfa
imphash a2b2d78a4b35bd3cce10533509076aa4
File size 364.0 KB ( 372736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-13 17:52:18 UTC ( 3 years, 8 months ago )
Last submission 2015-07-13 17:52:18 UTC ( 3 years, 8 months ago )
File names bankmeasure.exe
CryWave
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs