× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b91232e8536a3852d7e586664f24bcbd55b4e8177eae1be0c7bb605b879b8d7b
File name: vt-upload-pjcRZ
Detection ratio: 11 / 54
Analysis date: 2014-06-15 05:22:28 UTC ( 4 years, 9 months ago )
Antivirus Result Update
AntiVir TR/Crypt.Xpack.69659 20140614
Avast Win32:Rootkit-gen [Rtk] 20140615
AVG Zbot.JWF 20140615
ESET-NOD32 a variant of Win32/Injector.BFVH 20140614
Malwarebytes Spyware.Zbot.ED 20140615
McAfee PWSZbot-FXE!A815627AEA81 20140615
McAfee-GW-Edition PWSZbot-FXE!A815627AEA81 20140614
Microsoft VirTool:Win32/CeeInject.gen!KK 20140615
Symantec WS.Reputation.1 20140615
TrendMicro-HouseCall TROJ_GEN.R00JH06FE14 20140615
VIPRE Trojan.Win32.Generic.pak!cobra 20140615
Ad-Aware 20140615
AegisLab 20140615
Yandex 20140614
AhnLab-V3 20140614
Antiy-AVL 20140611
Baidu-International 20140614
BitDefender 20140615
Bkav 20140614
ByteHero 20140615
CAT-QuickHeal 20140614
ClamAV 20140615
CMC 20140613
Commtouch 20140615
Comodo 20140615
DrWeb 20140615
Emsisoft 20140615
F-Prot 20140615
F-Secure 20140615
Fortinet 20140615
GData 20140615
Ikarus 20140615
Jiangmin 20140615
K7AntiVirus 20140613
K7GW 20140613
Kaspersky 20140615
Kingsoft 20140615
eScan 20140615
NANO-Antivirus 20140615
Norman 20140614
nProtect 20140613
Panda 20140614
Qihoo-360 20140615
Rising 20140614
Sophos AV 20140615
SUPERAntiSpyware 20140614
Tencent 20140615
TheHacker 20140612
TotalDefense 20140614
TrendMicro 20140615
VBA32 20140613
ViRobot 20140615
Zillya 20140614
Zoner 20140613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-25 04:56:00
Entry Point 0x000028A0
Number of sections 4
PE sections
PE imports
GetStartupInfoA
GetModuleFileNameW
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(5252)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(2124)
Ord(540)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(2494)
Ord(796)
Ord(4353)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5277)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(1200)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(6375)
Ord(2621)
Ord(2370)
Ord(1726)
Ord(560)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(4376)
Ord(2626)
Ord(1776)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4615)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4543)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(860)
Ord(5731)
__p__fmode
__CxxFrameHandler
_wfopen
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_mbscmp
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
_acmdln
_adjust_fdiv
__getmainargs
_exit
_setmbcp
_initterm
_controlfp
__set_app_type
EnableWindow
UpdateWindow
Number of PE resources by type
RT_STRING 13
RT_DIALOG 2
RT_ICON 1
Struct(241) 1
RT_MENU 1
Struct(18) 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 19
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:25 05:56:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
7.0

FileAccessDate
2014:06:15 06:20:12+01:00

EntryPoint
0x28a0

InitializedDataSize
229376

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:06:15 06:20:12+01:00

UninitializedDataSize
0

File identification
MD5 a815627aea81f3ef331640d94f1f018a
SHA1 cd5650d48f1d6915a9fc2b839b086285eacc8d50
SHA256 b91232e8536a3852d7e586664f24bcbd55b4e8177eae1be0c7bb605b879b8d7b
ssdeep
3072:CabLuOGog1o3DWD4PdXOeYwr6DmzkIaRZ/BH5e6PIlhNeYBZDhD1JaZpj3dWgd:Ca2dBoz5XOb86/IaRZ/B4QQrhD3+pMgd

imphash 373c76dd9bb0bb6b0ae825b0203b86b8
File size 236.5 KB ( 242176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-15 05:22:28 UTC ( 4 years, 9 months ago )
Last submission 2014-06-15 05:22:28 UTC ( 4 years, 9 months ago )
File names vt-upload-pjcRZ
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.