× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b5d5c5950d2b0d593e8639f76588c4fe939533c5d0ecff7636ee31193e6fb6d6
File name: vt-upload-jf9u3
Detection ratio: 22 / 51
Analysis date: 2014-05-12 05:40:44 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.378666 20140512
AntiVir TR/Spy.ZBot.YW.388 20140512
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140512
AVG Zbot.ILD 20140512
Baidu-International Trojan.Win32.Zbot.Ae 20140511
BitDefender Gen:Variant.Kazy.378666 20140512
Bkav HW32.CDB.0bf7 20140512
DrWeb Trojan.PWS.Panda.6267 20140512
Emsisoft Gen:Variant.Kazy.378666 (B) 20140512
ESET-NOD32 Win32/Spy.Zbot.YW 20140511
F-Secure Gen:Variant.Kazy.378666 20140511
GData Gen:Variant.Kazy.378666 20140512
Kaspersky Trojan-Spy.Win32.Zbot.simm 20140512
Malwarebytes Backdoor.Bot 20140512
McAfee Artemis!FF60783AE9BD 20140512
McAfee-GW-Edition Artemis!FF60783AE9BD 20140512
eScan Gen:Variant.Kazy.378666 20140512
Panda Trj/dtcontx.L 20140511
Qihoo-360 Win32/Trojan.bd7 20140512
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140507
Symantec WS.Reputation.1 20140512
VIPRE Trojan.Win32.Generic!BT 20140512
AegisLab 20140512
Yandex 20140511
AhnLab-V3 20140512
Avast 20140512
ByteHero 20140512
CAT-QuickHeal 20140512
ClamAV 20140512
CMC 20140506
Commtouch 20140512
Comodo 20140512
F-Prot 20140512
Fortinet 20140512
Ikarus 20140512
Jiangmin 20140512
K7AntiVirus 20140509
K7GW 20140509
Kingsoft 20140512
Microsoft 20140512
NANO-Antivirus 20140512
Norman 20140511
nProtect 20140511
Sophos AV 20140512
SUPERAntiSpyware 20140511
TheHacker 20140510
TotalDefense 20140511
TrendMicro 20140512
TrendMicro-HouseCall 20140512
VBA32 20140510
ViRobot 20140512
Zillya 20140511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Contact Plus Corporation
Product Nupim
Original name Pwfuvsvqgt.exe
Internal name Tubaxib
File version 6, 3, 6
Description Uryv Logy Opam
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-01 13:45:55
Entry Point 0x00006AEE
Number of sections 4
PE sections
PE imports
RunSetupCommand
CloseClusterResource
GetFileTitleA
CryptAcquireCertificatePrivateKey
CertDuplicateCertificateChain
CertCreateSelfSignCertificate
CertVerifyCRLTimeValidity
CertVerifyCRLRevocation
CryptEncodeObjectEx
CryptSIPGetSignedDataMsg
CertEnumCertificateContextProperties
CertGetIssuerCertificateFromStore
CryptDecryptAndVerifyMessageSignature
CertGetCTLContextProperty
CryptMsgUpdate
CertFreeCRLContext
CertAddCRLContextToStore
CertRDNValueToStrA
CertCompareCertificate
CertFindSubjectInCTL
CertFindCertificateInStore
PFXVerifyPassword
CryptEnumOIDFunction
CertEnumSystemStore
CertSerializeCertificateStoreElement
CertVerifySubjectCertificateContext
CryptUnregisterDefaultOIDFunction
CryptExportPublicKeyInfo
CertSetCRLContextProperty
CertIsRDNAttrsInCertificateName
CryptSignCertificate
CryptFindOIDInfo
CertEnumPhysicalStore
CertUnregisterPhysicalStore
CryptUIDlgViewCRLW
CryptUIDlgSelectCertificateW
CryptUIDlgSelectStoreA
CryptUIDlgCertMgr
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewSignerInfoW
ACUIProviderInvokeUI
CryptUIDlgViewCTLA
CryptUIGetCertificatePropertiesPagesA
CryptUIWizFreeDigitalSignContext
SetMetaRgn
GetCharABCWidthsW
EnumFontsW
CreateFontIndirectA
CreateRectRgnIndirect
GetCharABCWidthsA
SetColorAdjustment
InvertRgn
GetCharacterPlacementW
GetBitmapDimensionEx
GetTextExtentExPointW
DeviceCapabilitiesExW
CreateHatchBrush
DescribePixelFormat
PlayEnhMetaFile
StrokePath
GetDIBits
GdiPlayPrivatePageEMF
GetEnhMetaFileBits
GetDCOrgEx
GetTextAlign
ScaleViewportExtEx
PolyTextOutA
Pie
SetWindowExtEx
SetWindowOrgEx
BeginPath
SetRectRgn
LPtoDP
GetIcmpStatistics
GetFileTime
ReplaceFileA
lstrcatW
EnumColorProfilesW
EnumProtocolsW
GetNameByTypeA
SetServiceW
RxNetAccessSetInfo
NetUseGetInfo
PdhAddCounterA
GetModuleBaseNameA
RpcBindingToStringBindingA
RpcServerInqIf
NdrConformantStringUnmarshall
NdrRangeUnmarshall
RpcBindingFromStringBindingA
NdrMesTypeAlignSize
NdrCorrelationInitialize
RpcMgmtEpEltInqBegin
UuidIsNil
RpcRevertToSelfEx
RpcMgmtStatsVectorFree
RpcNetworkInqProtseqsW
RpcBindingInqOption
NdrComplexStructBufferSize
NdrClientInitializeNew
RpcBindingSetAuthInfoW
MesEncodeIncrementalHandleCreate
NdrEncapsulatedUnionFree
MesDecodeIncrementalHandleCreate
RpcServerUseAllProtseqsIfEx
RpcServerRegisterIf
I_RpcGetBufferWithObject
I_RpcConnectionInqSockBuffSize
NdrGetUserMarshalInfo
NdrComplexStructUnmarshall
MesEncodeFixedBufferHandleCreate
NdrConformantStringBufferSize
NdrConformantVaryingStructUnmarshall
NdrInterfacePointerUnmarshall
RpcServerUseProtseqEpExA
NdrMesTypeDecode2
NdrFullPointerFree
ScesrvInitializeServer
SHGetDiskFreeSpaceA
phoneGetStatusA
lineSetAgentActivity
HlinkNavigateString
GetCursorPos
DialogBoxIndirectParamW
SetMessageExtraInfo
GetProfilesDirectoryW
VerInstallFileA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryExA
mixerSetControlDetails
WinStationInstallLicense
WTSLogoffSession
WTSSendMessageA
Number of PE resources by type
RT_BITMAP 585
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 586
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:01 14:45:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
8.0

FileAccessDate
2014:05:31 20:16:42+01:00

EntryPoint
0x6aee

InitializedDataSize
409600

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:05:31 20:16:42+01:00

UninitializedDataSize
0

File identification
MD5 ff60783ae9bd53fbd8ac55d2cac51d22
SHA1 0eb3cf570d84022a4d443fe994734a070023a13d
SHA256 b5d5c5950d2b0d593e8639f76588c4fe939533c5d0ecff7636ee31193e6fb6d6
ssdeep
6144:7p6/nbrZiiF4wUOI0ctwmeUDc/tpT+QPb:7p6/nbEFwUCWcrT+QP

imphash bce22a66cca5354276573e2d354e0d5e
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-12 05:40:44 UTC ( 4 years, 10 months ago )
Last submission 2014-05-12 05:40:44 UTC ( 4 years, 10 months ago )
File names vt-upload-jf9u3
Tubaxib
Pwfuvsvqgt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications