× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ae3c2c1d60eb717630e18fd43da6f498e7260e1341493404da28aaef0224c75a
File name: 4adee84193b467d0ea2a2a64e4767586
Detection ratio: 41 / 51
Analysis date: 2014-04-06 15:20:09 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1628583 20140406
Yandex Backdoor.Androm!ZizFxPcSzQc 20140406
AhnLab-V3 Trojan/Win32.Fakeavlock 20140406
AntiVir TR/Kuluoz.A.73 20140406
Antiy-AVL Worm/Win32.AutoRun 20140406
Avast Win32:Dropper-gen [Drp] 20140406
AVG PSW.Generic12.AIBQ 20140406
Baidu-International Trojan.Win32.Zortob.B 20140406
BitDefender Trojan.GenericKD.1628583 20140406
CAT-QuickHeal TrojanDownloader.Kuluoz.d 20140406
Commtouch W32/Trojan.UBCA-1961 20140406
Comodo UnclassifiedMalware 20140406
DrWeb BackDoor.Kuluoz.4 20140406
Emsisoft Trojan-Downloader.Win32.Agent (A) 20140406
ESET-NOD32 Win32/TrojanDownloader.Zortob.B 20140405
F-Prot W32/Trojan3.HYO 20140406
F-Secure Trojan.GenericKD.1628583 20140406
Fortinet W32/Lockscreen.LOA!tr 20140406
GData Trojan.GenericKD.1628583 20140406
Ikarus Trojan-Spy.Zbot 20140406
K7AntiVirus Trojan-Downloader ( 003a8f751 ) 20140404
K7GW Trojan-Downloader ( 003a8f751 ) 20140404
Kaspersky Backdoor.Win32.Androm.drge 20140406
Malwarebytes Trojan.Ransom.ED 20140406
McAfee PWS-Zbot-FATG!4ADEE84193B4 20140406
McAfee-GW-Edition PWS-Zbot-FATG!4ADEE84193B4 20140405
Microsoft TrojanDownloader:Win32/Kuluoz.D 20140406
eScan Trojan.GenericKD.1628583 20140406
NANO-Antivirus Trojan.Win32.Androm.cwbnvg 20140406
Norman Kryptik.CDKX 20140406
nProtect Trojan.GenericKD.1628583 20140406
Panda Generic Malware 20140406
Qihoo-360 HEUR/Malware.QVM20.Gen 20140406
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140406
Sophos AV Troj/Ransom-SY 20140406
SUPERAntiSpyware Trojan.Agent/Gen-ZAccess 20140406
Symantec Trojan.Asprox.B 20140406
TotalDefense Win32/Kuluoz.ZKFVEKC 20140406
TrendMicro BKDR_KULUOZ.BGO 20140406
TrendMicro-HouseCall BKDR_KULUOZ.BGO 20140406
VIPRE Trojan.Win32.ZAccess.a!ag (v) 20140406
AegisLab 20140406
Bkav 20140405
ByteHero 20140406
ClamAV 20140406
CMC 20140404
Jiangmin 20140406
Kingsoft 20140406
TheHacker 20140404
VBA32 20140404
ViRobot 20140406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Comments This installation was built with.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-01 13:02:30
Entry Point 0x000047B0
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExW
GetStockObject
LocalFree
GetCurrentProcess
SetUnhandledExceptionFilter
CreateThread
LocalAlloc
GetCurrentProcessId
GetCommandLineW
FreeLibrary
QueryPerformanceCounter
UnhandledExceptionFilter
ExitProcess
GetStartupInfoW
GetSystemTimeAsFileTime
GetTickCount
lstrcmpiW
VirtualAlloc
GetCurrentThreadId
GetSystemMetrics
LoadIconW
LoadCursorA
LoadIconA
Number of PE resources by type
RT_STRING 6
RT_ICON 3
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with.

InitializedDataSize
40448

ImageVersion
0.0

FileVersionNumber
1.6.0.166

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.5

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2014:04:01 14:02:30+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
107520

FileSubtype
0

ProductVersionNumber
1.6.0.166

EntryPoint
0x47b0

ObjectFileType
Executable application

File identification
MD5 4adee84193b467d0ea2a2a64e4767586
SHA1 bef607c1210d38ca97a227829987fc266722dd33
SHA256 ae3c2c1d60eb717630e18fd43da6f498e7260e1341493404da28aaef0224c75a
ssdeep
3072:dRTZLm9IPPkuCkmjrJEvn259+MWLuT3uTKx:LhxdmXJcnw+MLT+T

authentihash 45280db019dfb813ba73e1e2c9a089841b125998846b65a8ea6820a1f8be84eb
imphash be2508aee4872b60050952f63e329bb6
File size 145.0 KB ( 148480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-01 14:32:01 UTC ( 3 years, 5 months ago )
Last submission 2015-06-12 12:15:48 UTC ( 2 years, 3 months ago )
File names 4adee84193b467d0ea2a2a64e4767586.exe
Court_Notice_Copy.exe
gsmhugrk.exe
dcomcnfg.exe
4adee84193b467d0ea2a2a64e4767586
c-85a44-2793-1396362961
file-6799595_exe
review.exe
007948546
court_notice_copy.exe
c41a.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs