× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1c150f53c43f2d56226f7dba0c1596c6b64b3db1be7b8fb56eb4c442630ec9d
File name: vt-upload-CmyVV
Detection ratio: 24 / 53
Analysis date: 2014-05-22 23:24:20 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.142264 20140522
Yandex TrojanSpy.Zbot!4ZQMhmzmO8U 20140522
Antiy-AVL Trojan/Win32.SGeneric 20140522
BitDefender Gen:Variant.Graftor.142264 20140522
DrWeb Trojan.Siggen6.17292 20140522
Emsisoft Gen:Variant.Graftor.142264 (B) 20140522
ESET-NOD32 a variant of Win32/Injector.BECS 20140522
F-Secure Gen:Variant.Graftor.142264 20140522
Fortinet W32/Zbot.BECS!tr 20140522
GData Gen:Variant.Graftor.142264 20140522
Jiangmin Trojan/Badur.ctt 20140522
K7AntiVirus Trojan ( 0049a74a1 ) 20140522
K7GW Trojan ( 0049a74a1 ) 20140522
Kaspersky Trojan-Spy.Win32.Zbot.swnp 20140522
Malwarebytes Spyware.Zbot.ED 20140522
McAfee Artemis!F9E27E716A37 20140522
McAfee-GW-Edition Artemis!F9E27E716A37 20140522
Microsoft PWS:Win32/Zbot 20140522
eScan Gen:Variant.Graftor.142264 20140522
Panda Trj/CI.A 20140522
Qihoo-360 HEUR/Malware.QVM19.Gen 20140523
Sophos AV Mal/Generic-S 20140522
TrendMicro-HouseCall TROJ_GEN.R08NH01EL14 20140522
VIPRE Trojan.Win32.Generic!BT 20140522
AegisLab 20140523
AhnLab-V3 20140522
AntiVir 20140523
Avast 20140523
AVG 20140522
Baidu-International 20140522
Bkav 20140521
ByteHero 20140523
CAT-QuickHeal 20140522
ClamAV 20140522
CMC 20140521
Commtouch 20140522
Comodo 20140522
F-Prot 20140522
Ikarus 20140522
Kingsoft 20140523
NANO-Antivirus 20140522
Norman 20140522
nProtect 20140522
Rising 20140522
SUPERAntiSpyware 20140522
Symantec 20140522
Tencent 20140523
TheHacker 20140522
TotalDefense 20140522
TrendMicro 20140522
VBA32 20140522
ViRobot 20140522
Zillya 20140522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
???? (C) 2007

Product Jjb ????
Original name Jjb.EXE
Internal name Jjb
File version 1, 0, 0, 1
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-02 20:37:21
Entry Point 0x00005724
Number of sections 4
PE sections
Overlays
MD5 9eb4613a8a3abe969d55f3ec4fc61835
File type data
Offset 45056
Size 187705
Entropy 8.00
PE imports
SetPixel
Ellipse
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameW
CreateFileW
CreateFileA
GetModuleFileNameA
VirtualAlloc
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(4545)
Ord(3136)
Ord(4524)
Ord(554)
Ord(5012)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(540)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5105)
Ord(5301)
Ord(4297)
Ord(4163)
Ord(1979)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4245)
Ord(3869)
Ord(4529)
Ord(354)
Ord(4531)
Ord(815)
Ord(2723)
Ord(641)
Ord(2494)
Ord(3403)
Ord(3351)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(2379)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1945)
Ord(1859)
Ord(6376)
Ord(4246)
Ord(4614)
Ord(2117)
Ord(401)
Ord(1727)
Ord(823)
Ord(5186)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4303)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(6000)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(4615)
Ord(1726)
Ord(560)
Ord(5101)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(2880)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3346)
Ord(4152)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(289)
Ord(2364)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(4238)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(2383)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(976)
Ord(2818)
Ord(4376)
Ord(6055)
Ord(1776)
Ord(2878)
Ord(2621)
Ord(4623)
Ord(324)
Ord(296)
Ord(2391)
Ord(3830)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(402)
Ord(3079)
Ord(4899)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(4468)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(4428)
Ord(807)
Ord(4622)
Ord(561)
Ord(1746)
Ord(411)
Ord(5102)
Ord(4543)
Ord(4133)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5254)
Ord(613)
Ord(5163)
Ord(2626)
Ord(5265)
Ord(4858)
Ord(4153)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(5731)
Ord(3318)
_except_handler3
__p__fmode
malloc
_XcptFilter
_acmdln
__CxxFrameHandler
_ftol
__p__commode
__dllonexit
_setmbcp
_controlfp
exit
_exit
__getmainargs
_initterm
__setusermatherr
_onexit
_adjust_fdiv
__set_app_type
EnableWindow
GetClientRect
UpdateWindow
InvalidateRect
Number of PE resources by type
RT_STRING 14
Struct(144) 5
RT_MENU 2
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 25
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:01:02 21:37:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
86016

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
20480

SubsystemVersion
4.0

EntryPoint
0x5724

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f9e27e716a37b8d3da4f98b466a72f31
SHA1 ef755ab73258c00beb879215c405abb6f6253d6e
SHA256 b1c150f53c43f2d56226f7dba0c1596c6b64b3db1be7b8fb56eb4c442630ec9d
ssdeep
3072:YK/5PFTPY35Uqd8ZlzSRvE1RhNGmHBhzLHOG0gp4C4DxvBv2CB1qyZdvRBEQio7R:lhw3v8Z9svEum3HFpV4Dx5vxbZdvoocw

authentihash cc9aae765408649b61be82a45dda4c0f1d6ccd34fd68c82e4a08adf999fce1fb
imphash a2955b14e9d1ade5f4624afcc2605923
File size 227.3 KB ( 232761 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-05-22 23:24:20 UTC ( 4 years, 10 months ago )
Last submission 2014-05-22 23:24:20 UTC ( 4 years, 10 months ago )
File names Jjb.EXE
Jjb
vt-upload-CmyVV
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!