× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bc7bf56481001c64266019a64473b6b6dfa8fcea1da9161142a5c4814c50deac
File name: B2580.exe
Detection ratio: 43 / 53
Analysis date: 2014-05-16 10:30:21 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.946845 20140516
Yandex Trojan.Llac!KbDP5LjNuew 20140515
AhnLab-V3 Trojan/Win32.Zbot 20140515
AntiVir TR/Agent.AZJI 20140516
Antiy-AVL Trojan/Win32.Llac 20140516
Avast Win32:Jorik-UI [Trj] 20140516
AVG Generic32.BRPP 20140516
Baidu-International Trojan.Win32.ZBot.42 20140516
BitDefender Trojan.GenericKD.946845 20140516
Bkav W32.DamsozH.Trojan 20140515
CAT-QuickHeal Trojan.Neurevt 20140516
Comodo TrojWare.Win32.Trojan.Agent.Gen 20140516
DrWeb Trojan.PWS.Siggen1.1068 20140516
Emsisoft Trojan.GenericKD.946845 (B) 20140516
ESET-NOD32 a variant of Win32/Kryptik.AYWN 20140516
F-Secure Trojan.GenericKD.946845 20140516
GData Trojan.GenericKD.946845 20140516
Ikarus Trojan-PWS.Win32.Zbot 20140516
Jiangmin Trojan/Jorik.kbqv 20140516
K7AntiVirus Trojan ( 0040f3081 ) 20140516
K7GW Trojan ( 0040f3081 ) 20140515
Kaspersky Trojan.Win32.Jorik.Llac.sgz 20140516
Kingsoft Win32.Troj.Agent.k.(kcloud) 20140516
Malwarebytes Trojan.Agent.ED 20140516
McAfee Artemis!0FBE04C54C05 20140516
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140516
Microsoft Trojan:Win32/Neurevt.A 20140516
eScan Trojan.GenericKD.946845 20140516
Norman Troj_Generic.KHLEN 20140516
nProtect Trojan.GenericKD.946845 20140516
Panda Trj/OCJ.D 20140516
Qihoo-360 Win32/Trojan.f77 20140516
Sophos Troj/Zbot-ETH 20140516
Symantec Trojan.Betabot 20140516
Tencent Win32.Trojan.Jorik.Jwo 20140516
TheHacker Trojan/Kryptik.ayve 20140515
TotalDefense Win32/Tnega.ASAR 20140516
TrendMicro TROJ_FAKEAV.BMC 20140516
TrendMicro-HouseCall TROJ_FAKEAV.BMC 20140516
VBA32 BScope.Trojan.MTA.0661 20140514
VIPRE Trojan.Win32.Zbot.eth (v) 20140516
ViRobot Trojan.Win32.S.Zbot.189952.A 20140516
Zillya Trojan.Jorik.Win32.217714 20140516
AegisLab 20140516
ByteHero 20140516
ClamAV 20140516
CMC 20140512
Commtouch 20140516
F-Prot 20140516
Fortinet 20140516
NANO-Antivirus 20140516
Rising 20140507
SUPERAntiSpyware 20140516
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2000 Gopusew Fyt. Ani Mefa Vosexo.

Product Fyfyho
Original name Bfk2ct64ijj.exe
Description Zose Mew Gudahi
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-28 19:28:12
Entry Point 0x001C71D0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
IsChild
CryptDecrypt
Number of PE resources by type
RT_ACCELERATOR 15
RT_DIALOG 12
RT_BITMAP 4
RT_MESSAGETABLE 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ARABIC EGYPT 35
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

CodeSize
184320

SubsystemVersion
4.0

Tag6h7SLfh67gAoyMw
Y3upo838P58A

FileDescription
Zose Mew Gudahi

LinkerVersion
4.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.7.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

Cf1TfyH8fVGsr8KnVjM
5sjNLqPHDKt4RSHyVLk

bqKQNHWiioeRq
5WhW8MTkro

CharacterSet
Unicode

InitializedDataSize
8192

nOcsYcvNvx2HLsK
LwmWEQSl5kKcobkdav8

FileOS
Windows NT 32-bit

AIOeq5xf1PQRhjfB5T
2B5TcRUXSsBcvc4kRgwE

ma14vnljHjRm4lloUNIU
rG7VY1AmEOtvDacD

xt82Pf3eCUgSC4cHaCv
xD1bpmggLnLputxJ

tFRVFT8WPqsMAlV7Vdsw
vK6pyyIgjRKNQGPosx1X

LegalCopyright
2000 Gopusew Fyt. Ani Mefa Vosexo.

PEType
PE32

rmmoPlbmEGiW
Do83Uwycqbb

TimeStamp
2011:07:28 20:28:12+01:00

FileType
Win32 EXE

Q6b83OtIMhXgvewn3qT
FLDnyjvwufcbWCXesuKN

FileAccessDate
2014:05:16 11:27:39+01:00

UninitializedDataSize
1679360

OSVersion
4.0

yedvvcjcWJnrglMgU5qC
2N8FxPoRuBTVmYpH1A

OriginalFilename
Bfk2ct64ijj.exe

hlHUOqVy2yhtPLW
sV1EXleASl2xYUipMD

Subsystem
Windows GUI

MTubwGWCfXcR
vSf8rKxpQaHQsfr

MachineType
Intel 386 or later, and compatibles

VukNedyi2O7DUR
RPtDKGLHiSmlQC

n6AOykcQjfmtd
tkr12aID5dIbIhb

MBcFHtsNEnMvktUX
QIQjuYajawravrBT5

FileCreateDate
2014:05:16 11:27:39+01:00

ProductName
Fyfyho

ProductVersionNumber
7.7.0.0

EntryPoint
0x1c71d0

ObjectFileType
Executable application

pW6ROiEGim
WKR3jto6bVdQrj

Tag5P67T4OHfDOBksMNy
gdCREI3MMepngQ

Tag87Hgs8WqYiaNEfH
VrhbAAYiXbWWC2

File identification
MD5 0fbe04c54c05ba1cfa3233efbab81ede
SHA1 4ce8f5cee3ea7acf11d3c808e4227fdd779e0470
SHA256 bc7bf56481001c64266019a64473b6b6dfa8fcea1da9161142a5c4814c50deac
ssdeep
3072:UX5WFKZen5Dp1l0zQZYPKIK5B9pFHXsBNcPSw6BHfzMx0fziFrB9l7VbYGuEX9U:mKGQZlSQZYCTrAqPSnhi0qB9LYGuEX

imphash 3492e288e28088538adb413b297b6848
File size 185.5 KB ( 189952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-04-15 23:33:55 UTC ( 4 years ago )
Last submission 2014-05-16 10:30:21 UTC ( 2 years, 11 months ago )
File names 0fbe04c54c05ba1cfa3233efbab81ede
vti-rescan
nwrdsyetp.exeee
Bfk2ct64ijj.exe
B2580.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Moved files
Deleted files
Set keys
Deleted keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications