× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b92ecc53d910512bdf773af72b8eabfc12d470f6c27e245a565e888c6a77b852
File name: b92ecc53d910512bdf773af72b8eabfc12d470f6c27e245a565e888c6a77b852
Detection ratio: 33 / 57
Analysis date: 2015-09-02 12:42:43 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2691287 20150902
ALYac Trojan.GenericKD.2691287 20150902
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20150902
Arcabit Trojan.Generic.D2910D7 20150902
Avast Win32:Malware-gen 20150902
AVG Zbot.AGLA 20150902
Avira (no cloud) TR/Crypt.ZPACK.54658 20150902
AVware Trojan.Win32.Generic!BT 20150901
Baidu-International Trojan.Win32.InfoStealer.pswwmx 20150902
BitDefender Trojan.GenericKD.2691287 20150902
Bkav HW32.Packed.3FED 20150901
DrWeb Trojan.PWS.Siggen1.41057 20150902
Emsisoft Trojan.GenericKD.2691287 (B) 20150902
ESET-NOD32 Win32/Spy.Zbot.ABW 20150902
F-Secure Trojan.GenericKD.2691287 20150902
Fortinet W32/Zbot.ABW!tr.spy 20150902
GData Trojan.GenericKD.2691287 20150902
Ikarus Trojan-Spy.Agent 20150902
K7AntiVirus Spyware ( 004a882c1 ) 20150902
K7GW Spyware ( 004a882c1 ) 20150902
Kaspersky Trojan-PSW.Win32.Tepfer.pswwmx 20150902
Malwarebytes Trojan.Spy.Zbot 20150902
McAfee GenericR-EJM!8440D64816C4 20150902
McAfee-GW-Edition BehavesLike.Win32.Downloader.gc 20150902
Microsoft Trojan:Win32/Dynamer!ac 20150902
eScan Trojan.GenericKD.2691287 20150902
nProtect Trojan.GenericKD.2691287 20150902
Panda Generic Suspicious 20150902
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150902
Sophos AV Mal/Generic-S 20150902
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20150902
TrendMicro TROJ_GEN.R03EC0DI115 20150902
VIPRE Trojan.Win32.Generic!BT 20150902
AegisLab 20150902
Yandex 20150901
AhnLab-V3 20150902
Alibaba 20150902
ByteHero 20150902
CAT-QuickHeal 20150902
ClamAV 20150902
CMC 20150902
Comodo 20150902
Cyren 20150902
F-Prot 20150902
Jiangmin 20150901
Kingsoft 20150902
NANO-Antivirus 20150902
Rising 20150902
SUPERAntiSpyware 20150829
Symantec 20150901
TheHacker 20150831
TotalDefense 20150901
TrendMicro-HouseCall 20150902
VBA32 20150902
ViRobot 20150902
Zillya 20150902
Zoner 20150902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-08-06 00:58:04
Entry Point 0x0005A592
Number of sections 4
PE sections
PE imports
GetEnhMetaFileA
GetTextCharsetInfo
PolyPolyline
DeleteEnhMetaFile
Polygon
SetBitmapBits
CreateHalftonePalette
OffsetRgn
GetNearestColor
GetBkMode
CreateRectRgnIndirect
GetCharABCWidthsA
GetObjectType
GetDCOrgEx
PolylineTo
ExcludeClipRect
GetMetaFileBitsEx
SetBkMode
EnumFontFamiliesW
SetWindowOrgEx
BitBlt
CreateBitmapIndirect
OffsetWindowOrgEx
GetCurrentObject
GetOutlineTextMetricsA
GetTextFaceW
FrameRgn
CreateBitmap
EnumObjects
AngleArc
CreateSolidBrush
EqualRgn
ExtTextOutA
UnrealizeObject
CreateEnhMetaFileA
SelectClipRgn
SetViewportOrgEx
GetBitmapBits
PolyBezier
FlattenPath
EndPage
GetTextExtentPointW
CopyMetaFileW
GetCharWidth32W
SetDIBColorTable
CreateCompatibleBitmap
CloseMetaFile
Arc
SetBitmapDimensionEx
ExtCreatePen
BeginPath
SetRectRgn
ImmGetCandidateListW
ImmGetIMEFileNameA
ImmSetCompositionStringA
ImmGetStatusWindowPos
ImmIsIME
ImmGetDescriptionA
ImmEscapeW
ImmSetConversionStatus
ImmIsUIMessageW
ImmEscapeA
ImmSetCompositionFontA
ImmUnregisterWordW
ImmGetCompositionFontA
ImmGetGuideLineA
ImmUnregisterWordA
ImmSetCandidateWindow
ImmRegisterWordA
ImmGetCompositionFontW
ImmIsUIMessageA
ImmConfigureIMEA
ImmSetCompositionWindow
ImmDestroyContext
ImmGetCandidateWindow
ImmSimulateHotKey
ImmConfigureIMEW
ImmCreateContext
ImmGetConversionListW
ImmSetStatusWindowPos
ImmGetRegisterWordStyleW
ImmSetOpenStatus
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
FileTimeToSystemTime
CreateFileMappingA
GetOverlappedResult
CreateIoCompletionPort
GetDriveTypeA
FindFirstFileW
HeapDestroy
GetPrivateProfileSectionNamesW
GetHandleInformation
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DisconnectNamedPipe
HeapReAlloc
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesW
ExitProcess
GetLogicalDrives
FreeEnvironmentStringsW
FindAtomW
GetThreadContext
HeapSize
EnumResourceLanguagesW
GetFileTime
GetTempPathA
GetCPInfo
GetFileAttributesA
GetStringTypeA
GetDiskFreeSpaceW
GetTempPathW
GetProfileIntW
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetThreadTimes
GetDiskFreeSpaceA
GetStringTypeW
GetThreadPriority
GetOEMCP
FormatMessageW
ConnectNamedPipe
GetLogicalDriveStringsA
FreeLibraryAndExitThread
GetEnvironmentVariableA
GlobalHandle
GetLogicalDriveStringsW
FindClose
DeleteCriticalSection
FindNextChangeNotification
GetFullPathNameW
GetStringTypeExA
GetEnvironmentVariableW
GetSystemTime
DeviceIoControl
GlobalFindAtomW
GetUserDefaultLangID
GetModuleFileNameW
Beep
GetNumberOfConsoleInputEvents
HeapAlloc
GetSystemDefaultLCID
GetStringTypeExW
GetVersionExA
GetVolumeInformationA
GetPrivateProfileStringA
AllocConsole
GetVolumeInformationW
LoadLibraryExW
GetTempFileNameA
FatalAppExitA
FoldStringW
GetSystemPowerStatus
FlushInstructionCache
GetPrivateProfileStringW
FormatMessageA
GlobalSize
CreateMutexA
CreateEventW
GlobalAddAtomW
CreateSemaphoreA
EnumResourceNamesW
CreatePipe
GetExitCodeThread
CreateSemaphoreW
ConvertDefaultLocale
GetCurrentProcess
CreateMutexW
ClearCommError
ExitThread
GetThreadSelectorEntry
GetDiskFreeSpaceExA
FindCloseChangeNotification
GetVersion
GetNumberFormatA
CopyFileA
FindAtomA
GetCurrentThreadId
GetNumberFormatW
CloseHandle
AreFileApisANSI
HeapFree
EnterCriticalSection
GetLastError
GetVersionExW
GetExitCodeProcess
GetTickCount
FlushFileBuffers
GetSystemDirectoryA
CopyFileW
CreateRemoteThread
GetStartupInfoA
GetDateFormatA
DosDateTimeToFileTime
GetWindowsDirectoryW
GetFileSize
AddAtomA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetSystemInfo
DebugBreak
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
GetProfileStringW
GetTimeFormatW
GlobalReAlloc
ExpandEnvironmentStringsW
FindFirstFileA
EnumResourceNamesA
CompareStringA
FreeConsole
GetComputerNameA
FindNextFileA
GlobalMemoryStatus
DuplicateHandle
ExpandEnvironmentStringsA
GetBinaryTypeA
EscapeCommFunction
GetPrivateProfileSectionW
GetConsoleScreenBufferInfo
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
AddAtomW
CreateEventA
GlobalFindAtomA
GetFileType
GetPrivateProfileSectionA
CreateFileA
GlobalGetAtomNameA
GetLocaleInfoW
GlobalGetAtomNameW
FlushConsoleInputBuffer
GlobalDeleteAtom
GetShortPathNameW
FindFirstChangeNotificationA
CreateNamedPipeW
GlobalFree
GetConsoleCP
DefineDosDeviceA
GetThreadLocale
GlobalAlloc
GetEnvironmentStringsW
FindResourceExA
GetCommState
CreateNamedPipeA
DefineDosDeviceW
GetShortPathNameA
FindFirstChangeNotificationW
GetQueuedCompletionStatus
FlushViewOfFile
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetDiskFreeSpaceExW
GetCommandLineW
GetCurrentDirectoryA
GetAtomNameW
GetCommandLineA
CancelIo
GetCurrentThread
GetSystemDefaultLangID
GetModuleHandleA
GlobalFlags
GetAtomNameA
DeleteAtom
FindNextFileW
GetPriorityClass
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
EnumSystemLocalesA
GetLongPathNameW
CreateProcessA
HeapCreate
FindResourceW
CreateProcessW
GetFileAttributesExA
GetProcessVersion
GetProfileStringA
GetProcessTimes
FindResourceA
GetTimeFormatA
_except_handler3
_acmdln
__p__fmode
_exit
_adjust_fdiv
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
__set_app_type
RasValidateEntryNameA
RasRenameEntryW
RasCreatePhonebookEntryW
RasSetEntryDialParamsA
RasValidateEntryNameW
RasEnumConnectionsW
RasCreatePhonebookEntryA
RasRenameEntryA
RasGetEntryPropertiesA
RasEnumEntriesW
RasEditPhonebookEntryA
RasGetProjectionInfoW
RasGetEntryPropertiesW
RasEditPhonebookEntryW
RasSetEntryPropertiesA
RasHangUpW
RasGetConnectStatusW
RasGetEntryDialParamsA
RasGetConnectStatusA
RasSetEntryPropertiesW
RasGetEntryDialParamsW
RasDeleteEntryW
RasGetErrorStringW
RasHangUpA
RasDialW
RasEnumDevicesA
RasGetErrorStringA
RasDeleteEntryA
RasDialA
GetMessagePos
SetMenuItemBitmaps
LoadBitmapW
SetWindowPos
DdeCreateStringHandleA
ScreenToClient
WindowFromPoint
CharUpperBuffW
ChangeClipboardChain
GetAsyncKeyState
ChildWindowFromPointEx
GetMenu
UnregisterClassA
SetMenuDefaultItem
LoadAcceleratorsA
GetWindowTextLengthA
LoadImageW
GetActiveWindow
RegisterClipboardFormatW
MsgWaitForMultipleObjects
PtInRect
DrawEdge
GetClassInfoExW
SetPropA
CheckRadioButton
GetClassInfoExA
ShowWindow
ValidateRect
InsertMenuItemW
GetClipboardFormatNameW
GetWindow
GetDlgItemInt
GetIconInfo
LoadStringA
GetQueueStatus
IsZoomed
CloseWindow
InvertRect
DrawFocusRect
DdeClientTransaction
ShowOwnedPopups
DdeCreateDataHandle
IsWindowUnicode
CreateWindowExW
IsChild
DrawAnimatedRects
GetScrollPos
MapVirtualKeyW
ToUnicodeEx
GetSystemMetrics
InflateRect
PostMessageA
DrawIcon
SetProcessWindowStation
SetKeyboardState
WaitMessage
SetWindowTextA
CheckMenuItem
GetClassLongW
GetLastActivePopup
DdeGetLastError
CreateDialogParamA
ClientToScreen
GetProcessWindowStation
GetClassLongA
DialogBoxIndirectParamW
DestroyAcceleratorTable
GetMenuState
EnumDisplaySettingsW
FindWindowExW
NotifyWinEvent
GetMenuItemInfoW
GetCaretBlinkTime
CharLowerBuffW
DrawTextExW
LoadMenuA
RemovePropA
CreatePopupMenu
wvsprintfW
GetSysColorBrush
MessageBoxW
AppendMenuW
DestroyCursor
MessageBoxIndirectW
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
GetKeyNameTextA
SubtractRect
SystemParametersInfoW
InvalidateRect
SendMessageTimeoutA
GetClassNameW
CloseDesktop
ModifyMenuA
DefDlgProcW
ReplyMessage
TranslateAcceleratorW
GetFileVersionInfoSizeA
VerQueryValueW
VerLanguageNameW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
timeKillEvent
waveOutSetVolume
midiInGetErrorTextA
mmioWrite
mciSendStringW
waveOutGetDevCapsA
midiInGetErrorTextW
waveInGetErrorTextA
joyGetDevCapsW
midiOutReset
joyGetDevCapsA
waveInGetDevCapsW
midiOutGetDevCapsW
midiInClose
waveInAddBuffer
mixerMessage
mmioOpenA
midiInUnprepareHeader
mmioSetBuffer
waveInGetNumDevs
midiOutClose
mmioInstallIOProcW
mixerGetControlDetailsW
midiInGetNumDevs
joySetCapture
mciSendCommandA
midiOutLongMsg
waveOutReset
waveInOpen
midiInOpen
mmioDescend
mciGetDeviceIDFromElementIDA
midiOutShortMsg
midiConnect
waveOutOpen
midiOutMessage
midiInReset
auxGetNumDevs
midiStreamPause
mmioStringToFOURCCA
midiDisconnect
waveOutBreakLoop
midiOutOpen
mmioRenameW
OpenDriver
midiStreamClose
mixerGetID
CloseDriver
midiOutGetNumDevs
mmioRead
waveOutUnprepareHeader
joyReleaseCapture
waveInStart
mciGetDeviceIDFromElementIDW
SendDriverMessage
sndPlaySoundA
GetDriverModuleHandle
midiInStart
waveInStop
midiOutSetVolume
sndPlaySoundW
mixerGetLineInfoA
mixerOpen
mmioFlush
midiOutGetVolume
waveInMessage
waveOutGetNumDevs
auxSetVolume
mixerGetLineInfoW
mmioSetInfo
midiInGetDevCapsW
mmioCreateChunk
mixerGetDevCapsA
midiOutGetErrorTextW
PlaySoundA
joySetThreshold
waveOutRestart
mmioAdvance
midiOutCachePatches
mixerClose
waveInUnprepareHeader
midiOutUnprepareHeader
midiInMessage
DefDriverProc
midiInPrepareHeader
mixerGetLineControlsW
auxGetVolume
mixerSetControlDetails
midiStreamPosition
mciGetErrorStringA
mixerGetLineControlsA
waveOutGetPosition
mciGetCreatorTask
mmioClose
joyGetPosEx
waveOutMessage
waveInGetID
midiOutGetDevCapsA
timeGetTime
auxOutMessage
waveInClose
mmioAscend
timeGetDevCaps
DrvGetModuleHandle
mixerGetNumDevs
mmioStringToFOURCCW
midiInGetDevCapsA
mciGetDeviceIDW
midiStreamProperty
midiStreamRestart
midiInStop
midiStreamOpen
mixerGetDevCapsW
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 4
RT_VERSION 1
Number of PE resources by language
GAELIC SCOTTISH 4
MACEDONIAN DEFAULT 4
ENGLISH TRINIDAD 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.178.70.230

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2289664

EntryPoint
0x5a592

OriginalFileName
Strangle.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1961

FileVersion
0.207.250.227

TimeStamp
2006:08:06 00:58:04+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Reticent

FileDescription
Topics

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AT&T Research Labs Cambridge

CodeSize
368640

ProductName
Abstain Vestal

ProductVersionNumber
0.52.35.82

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8440d64816c4038d3675faee4b1c137c
SHA1 a9dd65dd29715388ddfd7d78aa68bb30c9017a78
SHA256 b92ecc53d910512bdf773af72b8eabfc12d470f6c27e245a565e888c6a77b852
ssdeep
12288:sMSmcPWLv1bTzsdiV1Y7UdV3GrZ4wXyx3O7eT3cP5:EPRiV1Y7EVWrWwCx3IW3

authentihash 3d2bbb37fc5c1b3adc237df215988bdd4f6f4286fb5b654c81c902d32d451115
imphash b08f3964d0e8dc2d9e524ce17179909b
File size 412.0 KB ( 421888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-31 16:30:02 UTC ( 3 years, 6 months ago )
Last submission 2015-08-31 16:30:02 UTC ( 3 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs