× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9daaac6f68dd4fe3f858201957986996f2da4a4c71200d68be08652e3077024
File name: 33ea0bc4a574954f90501f4dfe65572348754065
Detection ratio: 22 / 53
Analysis date: 2014-06-14 03:20:59 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.393818 20140614
AntiVir TR/Crypt.ZPACK.72110 20140613
Avast Win32:Kryptik-NXN [Trj] 20140614
AVG Crypt3.WKL 20140613
BitDefender Gen:Variant.Kazy.393818 20140614
CMC Trojan.Win32.Krap.2!O 20140613
Emsisoft Gen:Variant.Kazy.393818 (B) 20140614
F-Secure Gen:Variant.Kazy.393818 20140614
GData Gen:Variant.Kazy.393818 20140614
Kaspersky Trojan-Spy.Win32.Zbot.sbek 20140614
Kingsoft Win32.Troj.ZBot.sb.(kcloud) 20140614
Malwarebytes Spyware.Zbot.VXGen 20140614
McAfee Artemis!A7A233230702 20140614
McAfee-GW-Edition Artemis!A7A233230702 20140613
Microsoft PWS:Win32/Zbot 20140614
eScan Gen:Variant.Kazy.393818 20140614
Panda Trj/Dtcontx.M 20140613
Qihoo-360 Win32/Trojan.b54 20140614
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140613
Sophos AV Mal/Generic-S 20140614
Symantec WS.Reputation.1 20140614
TrendMicro-HouseCall TROJ_GEN.R0CBH01FD14 20140614
AegisLab 20140614
Yandex 20140613
AhnLab-V3 20140613
Antiy-AVL 20140611
Baidu-International 20140613
Bkav 20140613
ByteHero 20140614
CAT-QuickHeal 20140613
ClamAV 20140614
Commtouch 20140614
Comodo 20140614
DrWeb 20140614
F-Prot 20140614
Fortinet 20140614
Ikarus 20140613
Jiangmin 20140613
K7AntiVirus 20140613
K7GW 20140613
NANO-Antivirus 20140614
Norman 20140613
nProtect 20140613
SUPERAntiSpyware 20140613
Tencent 20140614
TheHacker 20140612
TotalDefense 20140613
TrendMicro 20140614
VBA32 20140613
VIPRE 20140613
ViRobot 20140613
Zillya 20140613
Zoner 20140613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2001-2011

Product qLVsedF
Original name AJFKuvVTB.exe
Internal name udmIX.exe
File version 55,50,29,93
Description yaTzRY
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-11 10:56:54
Entry Point 0x000031A0
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CloseServiceHandle
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExW
QueryServiceStatus
RegQueryValueExA
AdjustTokenPrivileges
ControlService
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyA
OpenSCManagerA
RegQueryValueExW
PrintDlgA
PrintDlgExW
GetFileTitleW
ChooseColorA
ReplaceTextW
CommDlgExtendedError
PageSetupDlgW
ChooseFontA
SetDIBits
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps
DeleteDC
SetBkMode
EndDoc
DeleteObject
GetObjectW
GetTextFaceW
GetObjectA
CreateBitmap
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
StartDocA
CreateCompatibleBitmap
SetWindowExtEx
SetBkColor
StartDocW
GetTextExtentPoint32A
GetStdHandle
GetOverlappedResult
HeapDestroy
GetHandleInformation
QueueUserAPC
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetSystemTimeAsFileTime
GetStringTypeW
GetFullPathNameA
LocalFree
FormatMessageW
ResumeThread
GetEnvironmentVariableA
LoadResource
GlobalCompact
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
LocalLock
HeapAlloc
GetModuleFileNameA
lstrcmpiW
QueryPerformanceFrequency
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
FatalAppExitA
CreateMutexA
SetFilePointer
EraseTape
DebugSetProcessKillOnExit
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SearchPathA
FindAtomA
SetEndOfFile
SleepEx
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
DefineDosDeviceW
SetEvent
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
LoadLibraryA
GetSystemDirectoryA
GetDateFormatA
GetFileSize
GlobalDeleteAtom
DeleteFileA
GetDateFormatW
WaitForMultipleObjects
GetConsoleScreenBufferInfo
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
lstrcpyW
GlobalReAlloc
FindFirstFileA
LocalSize
ResetEvent
CreateFileMappingA
FindFirstFileW
GlobalMemoryStatus
GetUserDefaultLCID
CreateEventW
CreateFileW
CreateEventA
GetFileType
CreateFileA
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
GetCurrentActCtx
GetCommandLineA
GetCurrentThread
OpenMutexA
DecodeSystemPointer
RaiseException
MapViewOfFile
GetModuleHandleA
ReadFile
WriteFileEx
CloseHandle
GetACP
GetCommConfig
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
RtlMoveMemory
Sleep
FindResourceA
VirtualAlloc
CompareStringA
ShellExecuteA
ShellExecuteExA
CommandLineToArgvW
Shell_NotifyIconA
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
EndPaint
SetActiveWindow
GetDC
ReleaseDC
GetDlgCtrlID
SendMessageW
SendMessageA
GetClientRect
LoadAcceleratorsA
IsClipboardFormatAvailable
LoadImageW
LoadAcceleratorsW
DestroyWindow
GetParent
UpdateWindow
CheckRadioButton
SetDlgItemInt
SetWindowPlacement
CharUpperW
GetSystemMenu
ChildWindowFromPoint
InsertMenuItemA
LoadStringA
IsZoomed
GetWindowPlacement
LoadStringW
IsIconic
RegisterClassA
TrackPopupMenuEx
DrawFocusRect
SetTimer
IsDialogMessageW
CharNextA
CreateWindowExW
GetWindowLongW
CharNextW
IsChild
IsDialogMessageA
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
RegisterWindowMessageA
CheckMenuRadioItem
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
CharLowerW
SetWindowLongA
CheckDlgButton
CreateDialogParamW
GetClassLongW
SetWindowTextW
ScreenToClient
LoadCursorA
TrackPopupMenu
GetMenuItemCount
AttachThreadInput
GetMenuState
LoadCursorW
LoadIconW
DispatchMessageW
SetForegroundWindow
DialogBoxIndirectParamA
OpenClipboard
EmptyClipboard
DrawTextA
DrawTextExW
EndDialog
HideCaret
SetWinEventHook
GetShellWindow
FindWindowA
LoadMenuW
GetWindowThreadProcessId
SetDlgItemTextA
DialogBoxParamW
GetSysColor
SetDlgItemTextW
RegisterClassExA
GetProcessDefaultLayout
EnableMenuItem
GetDesktopWindow
SystemParametersInfoW
DeleteMenu
CallWindowProcW
TranslateAcceleratorA
wsprintfW
CloseClipboard
SetCursor
TranslateAcceleratorW
ClosePrinter
OpenPrinterW
Number of PE resources by type
RT_STRING 68
RT_RCDATA 32
RT_ACCELERATOR 8
RT_DIALOG 7
RT_MENU 3
RT_VERSION 1
Number of PE resources by language
ENGLISH US 119
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
55.50.29.93

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
326144

EntryPoint
0x31a0

OriginalFileName
AJFKuvVTB.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2001-2011

FileVersion
55,50,29,93

TimeStamp
2014:06:11 11:56:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
udmIX.exe

ProductVersion
55,50

FileDescription
yaTzRY

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sredios,Company

CodeSize
83456

ProductName
qLVsedF

ProductVersionNumber
55.50.29.93

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a7a2332307021a4de89495d3eb3a7435
SHA1 7dd0912ee3f180f42222cb61064f0af343308f45
SHA256 b9daaac6f68dd4fe3f858201957986996f2da4a4c71200d68be08652e3077024
ssdeep
3072:lW6T7po1oGHqo+hE7J7U6hKTYc+6lP8MzRvOsT60aq+1uqgKaSP0g4Gu7dKcJNE/:lu8smPJXmGZn6w30lG4ucP2l5d8

authentihash e1a9e8d11d2b3be46ced52313a7c006ed0d63e8fccada17c75aa98737bdea697
imphash 0f94d07ab386ddfff729ee980d848d96
File size 225.0 KB ( 230400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-13 19:06:40 UTC ( 4 years, 9 months ago )
Last submission 2014-06-14 03:20:59 UTC ( 4 years, 9 months ago )
File names udmIX.exe
vt-upload-v4JMW
AJFKuvVTB.exe
33ea0bc4a574954f90501f4dfe65572348754065
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections