× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b69340684990ad449e03d030be65150fb04502bc3880b9e73e5161abd123d22d
File name: 081dce50e867181444a2601356fc0a47f5ec3ec7
Detection ratio: 11 / 57
Analysis date: 2015-01-19 03:39:07 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.112854 20150118
Bkav HW32.Packed.F744 20150117
ESET-NOD32 Win32/Spy.Zbot.ACB 20150118
Fortinet W32/Zbot.ACB!tr.spy 20150118
GData Win32.Trojan.Agent.O4Y125 20150119
Kaspersky Trojan-Spy.Win32.Zbot.uvlb 20150119
Malwarebytes Trojan.Agent.ED 20150119
McAfee Artemis!17D18D3E8128 20150119
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20150119
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150118
Sophos AV Mal/Generic-S 20150119
Ad-Aware 20150119
AegisLab 20150119
Yandex 20150118
AhnLab-V3 20150118
Alibaba 20150119
ALYac 20150119
Antiy-AVL 20150119
Avast 20150119
AVG 20150118
AVware 20150119
Baidu-International 20150118
BitDefender 20150119
ByteHero 20150119
CAT-QuickHeal 20150117
ClamAV 20150119
CMC 20150116
Comodo 20150119
Cyren 20150119
DrWeb 20150119
Emsisoft 20150119
F-Prot 20150119
F-Secure 20150119
Ikarus 20150119
Jiangmin 20150118
K7AntiVirus 20150118
K7GW 20150117
Kingsoft 20150119
Microsoft 20150119
eScan 20150119
NANO-Antivirus 20150119
Norman 20150118
nProtect 20150116
Panda 20150118
Qihoo-360 20150119
SUPERAntiSpyware 20150118
Symantec 20150119
Tencent 20150119
TheHacker 20150118
TotalDefense 20150118
TrendMicro 20150119
TrendMicro-HouseCall 20150119
VBA32 20150116
VIPRE 20150119
ViRobot 20150118
Zillya 20150119
Zoner 20150116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-15 18:46:36
Entry Point 0x00008D80
Number of sections 5
PE sections
PE imports
InitiateSystemShutdownA
SetKernelObjectSecurity
RegCloseKey
CreatePrivateObjectSecurity
FreeSid
RegisterServiceCtrlHandlerW
RegEnumKeyExW
LockServiceDatabase
SetFileSecurityW
BuildImpersonateTrusteeW
QueryServiceLockStatusW
GetSecurityDescriptorOwner
GetSidLengthRequired
OpenEventLogW
ReadEventLogA
DeleteAce
SetSecurityInfo
EqualPrefixSid
LsaOpenPolicy
FlatSB_ShowScrollBar
Ord(3)
DestroyPropertySheetPage
ImageList_SetBkColor
ImageList_Replace
ImageList_DragShowNolock
ImageList_DrawIndirect
ImmGetCompositionFontA
ImmGetCompositionWindow
ImmSetCompositionFontA
GetStdHandle
FileTimeToDosDateTime
GetPrivateProfileStructA
FileTimeToSystemTime
HeapDestroy
GetPrivateProfileSectionNamesW
Toolhelp32ReadProcessMemory
FreeEnvironmentStringsA
DeleteCriticalSection
CommConfigDialogW
GetLocaleInfoA
GetConsoleCursorInfo
GetThreadContext
FindResourceExA
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetStringTypeW
EnumDateFormatsW
ConnectNamedPipe
GetLogicalDriveStringsA
FreeLibraryAndExitThread
CreateEventW
GlobalHandle
AllocConsole
GetProfileIntA
GetEnvironmentVariableW
VerLanguageNameA
CopyFileW
GetNumberOfConsoleInputEvents
GlobalUnfix
EnumCalendarInfoA
GetVolumeInformationA
GetProfileSectionW
FatalAppExitA
GetProfileSectionA
GetSystemPowerStatus
CreateMutexA
CreateThread
Module32Next
CreateDirectoryExA
GetMailslotInfo
GlobalUnWire
GetCommState
GetLastError
AreFileApisANSI
FindClose
EnterCriticalSection
FillConsoleOutputCharacterA
EndUpdateResourceW
GetExitCodeProcess
GetTickCount
FillConsoleOutputCharacterW
CreateRemoteThread
GetDateFormatA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
GetConsoleScreenBufferInfo
AddAtomW
FindNextFileW
CompareStringA
FreeConsole
GetProcessWorkingSetSize
FindNextFileA
GetBinaryTypeA
GetPrivateProfileSectionW
GetProcessAffinityMask
GetTimeZoneInformation
CreateEventA
GlobalFindAtomA
CreateFileA
BuildCommDCBA
GlobalGetAtomNameW
FlushConsoleInputBuffer
GlobalFree
GetConsoleCP
GetDefaultCommConfigW
GetThreadLocale
GetEnvironmentStringsW
GetTempPathA
CreateNamedPipeA
EnumTimeFormatsW
GetCurrentProcessId
CreateIoCompletionPort
GetProcessHeaps
EnumSystemCodePagesW
GetModuleHandleA
CloseHandle
EnumSystemCodePagesA
GetACP
GetModuleHandleW
GetLongPathNameW
FindResourceW
GetLongPathNameA
GetFileAttributesExA
FindResourceA
LZSeek
CopyLZFile
LZDone
LZStart
LZClose
LZInit
WNetCancelConnection2W
WNetGetNetworkInformationA
NetServerComputerNameAdd
GetRoleTextA
VarBstrFromDate
RasGetEntryPropertiesW
RasEnumEntriesA
ResUtilGetResourceDependency
ResUtilGetSzValue
ResUtilVerifyPrivatePropertyList
ResUtilSetExpandSzValue
ResUtilResourceTypesEqual
ClusWorkerCreate
IUnknown_Release_Proxy
RpcRevertToSelf
RpcMgmtEpEltInqNextW
NdrXmitOrRepAsMemorySize
NdrNonEncapsulatedUnionUnmarshall
RpcMgmtEpUnregister
NdrClientContextUnmarshall
RpcBindingSetAuthInfoW
RpcMgmtEnableIdleCleanup
RpcBindingInqObject
RpcEpRegisterNoReplaceA
NdrEncapsulatedUnionMarshall
RpcNsBindingInqEntryNameW
NdrConformantStructMarshall
NdrFixedArrayMarshall
RpcBindingFree
NdrInterfacePointerBufferSize
RpcAsyncInitializeHandle
RpcServerInqBindings
RpcNsBindingInqEntryNameA
tree_size_ndr
I_RpcSsDontSerializeContext
I_RpcIfInqTransferSyntaxes
RpcServerUnregisterIf
long_from_ndr_temp
RpcSsEnableAllocate
I_RpcBindingIsClientLocal
NdrOleAllocate
NdrPointerMarshall
data_size_ndr
NdrConformantVaryingArrayMemorySize
I_RpcGetCurrentCallHandle
I_RpcSend
RpcBindingInqAuthClientW
MesInqProcEncodingId
NdrMesTypeEncode
RpcEpUnregister
NdrFixedArrayUnmarshall
RpcBindingSetAuthInfoExA
NdrVaryingArrayBufferSize
NdrComplexStructMarshall
MesEncodeFixedBufferHandleCreate
NdrRpcSmClientFree
RpcObjectSetInqFn
RpcServerUseProtseqEpExA
RpcBindingFromStringBindingW
RpcEpResolveBinding
NdrComplexStructFree
SetupGetBinaryField
PathSkipRootA
StrCmpW
SHGetValueA
SHRegGetBoolUSValueW
PathMakeSystemFolderA
PathCombineA
PathAddBackslashW
PathFindFileNameA
SHQueryValueExW
SHRegOpenUSKeyA
PathIsPrefixW
PathCanonicalizeW
PathIsSystemFolderA
PathGetArgsW
GetAsyncKeyState
SetClipboardViewer
GetFileVersionInfoW
FtpRemoveDirectoryW
InternetSetCookieA
InternetGoOnline
CreateUrlCacheEntryW
InternetTimeFromSystemTime
CreateUrlCacheGroup
InternetConnectW
InternetCombineUrlA
InternetCloseHandle
FtpGetCurrentDirectoryW
GetUrlCacheEntryInfoW
InternetSetOptionExA
RetrieveUrlCacheEntryStreamW
InternetAttemptConnect
FtpCreateDirectoryW
FtpGetFileW
InternetCheckConnectionA
GopherCreateLocatorA
InternetFindNextFileA
HttpOpenRequestW
FindFirstUrlCacheEntryA
FtpOpenFileA
FindNextUrlCacheEntryA
InternetSetDialState
InternetOpenUrlW
HttpAddRequestHeadersA
mixerGetLineControlsW
mixerGetLineInfoW
midiConnect
waveOutWrite
waveOutClose
auxGetVolume
mciSetYieldProc
midiOutCachePatches
midiDisconnect
midiInStop
timeGetTime
waveOutPause
waveOutSetPlaybackRate
midiStreamStop
mciGetDeviceIDFromElementIDA
timeGetDevCaps
OpenDriver
mmioStringToFOURCCW
mmioSetBuffer
ConnectToPrinterDlg
OpenPrinterA
ResetPrinterA
AddMonitorW
AddMonitorA
GetPrinterDataExW
DeleteMonitorA
ConfigurePortW
EnumPrinterDataA
EnumPrinterDriversA
DeletePrinterDriverA
ScheduleJob
EnumJobsA
EnumPrintProcessorsA
GetFormW
FindNextPrinterChangeNotification
DeletePrintProvidorW
GetPrinterDriverW
AddFormA
DeletePrinterDriverExW
AddPrinterDriverW
PrinterMessageBoxA
PrintDlgW
GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
ChooseColorA
CommDlgExtendedError
OleSetMenuDescriptor
PdhGetRawCounterValue
PdhComputeCounterStatistics
PdhEnumMachinesW
PdhCollectQueryData
PdhGetCounterInfoW
PdhMakeCounterPathW
PdhGetFormattedCounterValue
PdhExpandCounterPathA
PdhUpdateLogA
PdhGetLogFileSize
PdhGetFormattedCounterArrayA
PdhOpenQueryA
PdhLookupPerfIndexByNameW
PdhConnectMachineW
PdhExpandCounterPathW
URLOpenPullStreamW
FindMediaType
IsValidURL
URLOpenStreamA
GetClassFileOrMime
WriteHitLogging
URLDownloadToFileW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1183744

ImageVersion
0.0

FileVersionNumber
185.7.49859.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Greek

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2015:01:15 19:46:36+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0x630004)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IVT Corporation.

CodeSize
86016

FileSubtype
0

ProductVersionNumber
242.7.1003.6

EntryPoint
0x8d80

ObjectFileType
Executable application

PCAP parents
File identification
MD5 17d18d3e8128a7384a7907e79e7812e4
SHA1 081dce50e867181444a2601356fc0a47f5ec3ec7
SHA256 b69340684990ad449e03d030be65150fb04502bc3880b9e73e5161abd123d22d
ssdeep
3072:mGhG4COfAle96b2/oSuqyQWfQ9xzZ1k62kZIhwwQb9UMjAOTmwLxNU:BG4HDlxuS9JcZkZGgUmLlz

authentihash a2acd673702fc56c5aa19a49a91abf5aa47e723c1ce872f7a453d4a368b94006
imphash d7de2edb0f8bbd185097cf33a474173c
File size 248.0 KB ( 253952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows Screen Saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-19 03:39:07 UTC ( 4 years, 2 months ago )
Last submission 2015-03-04 10:21:59 UTC ( 4 years ago )
File names b69340684990ad449e03d030be65150fb04502bc3880b9e73e5161abd123d22d.exe
serial.php.exe_
b69340684990ad449e03d030be65150fb04502bc3880b9e73e5161abd123d22d.exe
081dce50e867181444a2601356fc0a47f5ec3ec7
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.