× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9d6d36fc6c40b254f81962bff879b62f1492ccfdfaeb9f8e9b06a9c51b97251
File name: pzjcsJLtLVTSiFF.exe
Detection ratio: 56 / 58
Analysis date: 2017-02-19 13:52:53 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKDV.963216 20170219
AegisLab W32.W.Luder.akd!c 20170219
AhnLab-V3 Trojan/Win32.MalCrypted.R66392 20170219
ALYac Worm.Dorkbot.I 20170219
Antiy-AVL Worm/Win32.Luder 20170219
Arcabit Trojan.GenericV.DEB290 20170219
Avast Win32:Dropper-gen [Drp] 20170219
AVG Win32/DH.FF840167{Mw} 20170219
Avira (no cloud) WORM/Luder.akd 20170219
AVware Worm.Win32.Dorkbot 20170219
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9847 20170217
BitDefender Trojan.GenericKDV.963216 20170219
CAT-QuickHeal Worm.DorkBot.I3 20170218
CMC Worm.Win32.Luder!O 20170219
Comodo TrojWare.Win32.Trojan.Agent.Gen 20170219
CrowdStrike Falcon (ML) malicious_confidence_73% (D) 20170130
Cyren W32/Dorkbot.WZPO-3062 20170219
DrWeb BackDoor.IRC.NgrBot.42 20170219
Emsisoft Trojan.GenericKDV.963216 (B) 20170219
Endgame malicious (high confidence) 20170217
ESET-NOD32 Win32/Dorkbot.B 20170219
F-Prot W32/Dorkbot.GH 20170219
F-Secure Trojan.GenericKDV.963216 20170219
Fortinet W32/Luder.AKD!worm 20170219
GData Trojan.GenericKDV.963216 20170219
Ikarus Worm.Win32.Luder 20170219
Sophos ML worm.win32.dorkbot.i 20170203
Jiangmin Trojan/Generic.awlvk 20170218
K7AntiVirus Trojan ( 0040f3ca1 ) 20170219
K7GW Trojan ( 0040f3ca1 ) 20170219
Kaspersky Worm.Win32.Luder.akd 20170219
Kingsoft Worm.Luder.a.(kcloud) 20170219
Malwarebytes Trojan.Agent.SZ 20170219
McAfee Ainslot.b 20170219
McAfee-GW-Edition Ainslot.b 20170219
Microsoft Worm:Win32/Dorkbot.I 20170219
eScan Trojan.GenericKDV.963216 20170219
NANO-Antivirus Trojan.Win32.Androm.bxpjrz 20170219
nProtect Backdoor/W32.Androm.134656 20170219
Panda Trj/OCJ.E 20170219
Qihoo-360 HEUR/Malware.QVM18.Gen 20170219
Rising Trojan.Generic (cloud:lm3V00plpJH) 20170219
Sophos AV Troj/Zbot-ETH 20170219
SUPERAntiSpyware Trojan.Agent/Gen-Dorkbot 20170219
Symantec W32.IRCBot.NG 20170219
Tencent Win32.Worm.Luder.Sxfb 20170219
TheHacker Posible_Worm32 20170218
TotalDefense Win32/Dorkbot.TT 20170219
TrendMicro WORM_LUDER.CD 20170219
TrendMicro-HouseCall WORM_LUDER.CD 20170219
VBA32 BScope.Trojan.MTA.0661 20170217
VIPRE Worm.Win32.Dorkbot 20170219
Webroot Malicious 20170219
Yandex Worm.Luder!OuOMmIJ8s6w 20170218
Zillya Worm.Luder.Win32.297 20170218
Zoner I-Worm.Dorkbot.B 20170219
Alibaba 20170217
ClamAV 20170219
Trustlook 20170219
ViRobot 20170219
WhiteArmor 20170215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Wohyded
Original name Gwg3m2a.exe
Internal name Qyd
Description Ota Ymar Ozi
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-22 06:28:12
Entry Point 0x00061E90
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteW
SetMenu
AddPrintProcessorA
Number of PE resources by type
RT_DIALOG 13
RT_ACCELERATOR 13
RT_ICON 8
RT_STRING 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ARABIC QATAR 41
PE resources
ExifTool file metadata
G6vi4JytUYr48mDKMA
xlGtHtQreG52

CodeSize
118784

SubsystemVersion
4.0

I3Sxrij7xgIvJTFK
CsDMduetilQxWcNOSk

InitializedDataSize
16384

ImageVersion
0.0

FileSubtype
0

wrkPR3Fh5d
3Sr6HGi32amFousNd

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

Htmgu7CSYV
4dBEqsuXOagYj

FileDescription
Ota Ymar Ozi

Tag1DA7ijPkN5tDxcb3s
PjjbitbAEMQcA

FileVersionNumber
9.1.0.0

CharacterSet
Unicode

HHUvFHNRdRGA
yW3KLD4bKBT5iLCs

LinkerVersion
4.0

FileOS
Windows NT 32-bit

NH25o3tlMfs5lgYlR
RkiX7eBq5eWk

EntryPoint
0x61e90

OriginalFileName
Gwg3m2a.exe

JYQkijhVkhgk5e3mIs
sAm4hXXImUg6k

MIMEType
application/octet-stream

h7I1ocfl7pTb
bDxqKSgjytdqpPa

TimeStamp
2011:05:22 07:28:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Qyd

IVQFRckKtMm
tRHbwxaU8wuW

UninitializedDataSize
282624

unrwB5YfeHHKY
QErN5NW5E6xLVDL

OSVersion
4.0

HNmWXJLhyKckDq
vxa3AuDBrK4LSn

k3KujVRdNNCrRhSB
w7bfLf7UheLY6y

Subsystem
Windows GUI

NEjSLY6gjkijU
MCpAN8hafr6NfYX

MachineType
Intel 386 or later, and compatibles

CompanyName
En

Tag2lAqxLyevy
eo6sGtIfpd

ktl88DHMXfpJwRh
cBWRqmxtgU

ProductName
Wohyded

ProductVersionNumber
9.1.0.0

VL6tJhj8FHtFioAvoLP
w7STfgbd3x2

FileTypeExtension
exe

ObjectFileType
Executable application

yt8NVRLYKgbfNO
fNbnGl3uQJnLXkliT

Compressed bundles
File identification
MD5 5d4f87572e67dd07e814f8e05dbd5759
SHA1 e9a3bc806062c4c7c158f1bc60d30500dfe5aedf
SHA256 b9d6d36fc6c40b254f81962bff879b62f1492ccfdfaeb9f8e9b06a9c51b97251
ssdeep
3072:/CQgIZhgZBf5qYl2f7Juyxy8KKpXgRKapWwwiwb0m1PouVcx://ZhUYtJZA5bmNomc

authentihash 507b0369a15e58da9dbd65c61ae98d9bda44ccc99483ae566fc2dc01352c232d
imphash b2f5fdf79496b84e1671f66b1381be16
File size 131.5 KB ( 134656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe upx usb-autorun

VirusTotal metadata
First submission 2013-04-24 22:38:57 UTC ( 5 years, 10 months ago )
Last submission 2016-03-09 08:14:50 UTC ( 2 years, 11 months ago )
File names temp.bin
5d4f87572e67dd07e814f8e05dbd5759
uowLLYoauIWPHrl.exe
Gwg3m2a.exe
file-5523869_exe
PpdBfCpbcWWQYlt.exe
pcWGnMlmpnueAlG.exe
PhCDNzIcIKXuKTw.exe
pzjcsJLtLVTSiFF.exe
005621147
ScreenSaverPro.scr
TCvsLmEbQODwsUs.exe
Qyd
VbigPVPEdoVpmvW.exe
WL-a44d9e999959e458b199fb72002f4218-0.ex$
C__Documents and Settings_Lup_Application Data_ScreenSaverPro.scr
5d4f87572e67dd07e814f8e05dbd5759
B2706.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!