× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa61c17f866235c1f28d20a4b230df5863722dc7f892cb8041e7fab4a5af3c58
File name: vt-upload-PFF0q
Detection ratio: 22 / 52
Analysis date: 2014-06-01 09:19:59 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.94242 20140601
AntiVir TR/Crypt.Xpack.68670 20140531
Antiy-AVL Trojan/Win32.SGeneric 20140530
Avast Win32:Malware-gen 20140601
AVG Zbot.JIE 20140531
BitDefender Gen:Variant.Zusy.94242 20140601
Emsisoft Gen:Variant.Zusy.94242 (B) 20140601
ESET-NOD32 Win32/Spy.Zbot.ABS 20140601
F-Secure Gen:Variant.Zusy.94242 20140601
Fortinet W32/Zbot.ABS!tr.spy 20140601
GData Gen:Variant.Zusy.94242 20140601
Kaspersky Trojan-Spy.Win32.Zbot.tbqs 20140601
Malwarebytes Spyware.Zbot.VXGen 20140601
McAfee Artemis!5913FB1E8B02 20140601
McAfee-GW-Edition Artemis!5913FB1E8B02 20140531
eScan Gen:Variant.Zusy.94242 20140601
Panda Trj/CI.A 20140531
Qihoo-360 Win32/Trojan.Multi.daf 20140601
Sophos AV Mal/Generic-S 20140601
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140601
TrendMicro-HouseCall TROJ_GEN.R0CBB01F114 20140601
VIPRE Trojan.Win32.Generic!BT 20140601
AegisLab 20140601
Yandex 20140531
AhnLab-V3 20140531
Baidu-International 20140601
Bkav 20140530
ByteHero 20140601
CAT-QuickHeal 20140531
ClamAV 20140530
CMC 20140530
Commtouch 20140601
Comodo 20140601
DrWeb 20140601
F-Prot 20140601
Ikarus 20140601
Jiangmin 20140531
K7AntiVirus 20140530
K7GW 20140530
Kingsoft 20140601
Microsoft 20140601
NANO-Antivirus 20140601
Norman 20140601
nProtect 20140601
Rising 20140531
SUPERAntiSpyware 20140531
Symantec 20140601
TheHacker 20140531
TotalDefense 20140601
TrendMicro 20140601
VBA32 20140530
ViRobot 20140601
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 TofumComp

Publisher TofumComp
Product CmBT Compp Backing Testinger
Original name cmbactestt
Internal name cmp bac testt
File version 6.3.1.2
Description CmBT Compp Backing Testinger
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-26 19:51:00
Entry Point 0x00006274
Number of sections 6
PE sections
PE imports
ImageList_Draw
GetOpenFileNameA
CommDlgExtendedError
DeleteDC
SelectObject
GetStockObject
BitBlt
SelectClipRgn
DeleteObject
CreateCompatibleBitmap
CreateHatchBrush
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetCurrentDirectoryW
GetConsoleMode
DecodePointer
LocalAlloc
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetLogicalDrives
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
GetConsoleWindow
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
InterlockedIncrement
ExitProcess
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
CreateDialogParamW
UpdateWindow
EndDialog
BeginPaint
KillTimer
GetNextDlgGroupItem
IsWindow
EnableWindow
WindowFromPoint
GetWindow
GetMenuItemID
GetCursorPos
SetWindowTextA
GetMenu
SendMessageA
GetClientRect
GetDlgItem
LoadCursorA
IsIconic
SetRect
GetSubMenu
CopyAcceleratorTableA
LoadImageA
GetSystemMenu
CreateWindowExW
ModifyMenuA
OleIsRunning
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
239104

ImageVersion
0.0

ProductName
CmBT Compp Backing Testinger

FileVersionNumber
6.3.1.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
CmBT Compp Backing Testinger

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
cmbactestt

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.3.1.2

TimeStamp
2014:05:26 20:51:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cmp bac testt

FileAccessDate
2014:06:01 10:21:27+01:00

ProductVersion
6.3.1.2

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:06:01 10:21:27+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2013 TofumComp

MachineType
Intel 386 or later, and compatibles

CompanyName
TofumComp

CodeSize
56832

FileSubtype
0

ProductVersionNumber
6.3.1.2

EntryPoint
0x6274

ObjectFileType
Executable application

File identification
MD5 5913fb1e8b0264ddaa6c592ff78d080e
SHA1 d8a9b7d806d9e0afe8c59c0a1d91af759289f4c7
SHA256 aa61c17f866235c1f28d20a4b230df5863722dc7f892cb8041e7fab4a5af3c58
ssdeep
6144:zOEmQ8UgDNfXptDOztYyc7wsdmcHaIAhw3sV8QX2BAYbcs:zOEt8UgDBnO7cuNxhEsqQ0Aac

imphash 374110c8c275ae408080c02d5106de44
File size 290.0 KB ( 296960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-01 09:19:59 UTC ( 4 years, 9 months ago )
Last submission 2014-06-01 09:19:59 UTC ( 4 years, 9 months ago )
File names cmbactestt
cmp bac testt
vt-upload-PFF0q
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections