× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bed3f7314d74bfee4a1faf158768f8078681436774a3389728ce057f97ceb828
File name: Zalult.exe_
Detection ratio: 52 / 60
Analysis date: 2017-03-06 09:34:25 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Heur.CryptoWall.1 20170306
AegisLab W32.W.Ngrbot.annl!c 20170306
AhnLab-V3 Trojan/Win32.Injector.R138803 20170305
ALYac Gen:Heur.CryptoWall.1 20170306
Antiy-AVL Worm/Win32.Ngrbot 20170306
Arcabit Trojan.CryptoWall.1 20170306
Avast Win32:Androp [Drp] 20170306
AVG Generic37.CNQW 20170306
Avira (no cloud) TR/Dorkbot.A.338 20170306
AVware Trojan.Win32.Generic!BT 20170306
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20170306
BitDefender Gen:Heur.CryptoWall.1 20170306
Bkav W32.GustopbinLTAO.Trojan 20170303
CAT-QuickHeal Ransom.Crowti.B4 20170306
Comodo Backdoor.Win32.Androm.GLT 20170306
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/FakeAlert.ACZ.gen!Eldorado 20170306
DrWeb BackDoor.IRC.NgrBot.42 20170306
Emsisoft Gen:Heur.CryptoWall.1 (B) 20170306
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/Kryptik.DCVQ 20170306
F-Prot W32/FakeAlert.ACZ.gen!Eldorado 20170306
F-Secure Gen:Heur.CryptoWall.1 20170306
Fortinet W32/Kryptik.DTSF!tr 20170306
GData Gen:Heur.CryptoWall.1 20170306
Ikarus Trojan.Win32.Lethic 20170305
Sophos ML virtool.win32.ceeinject.gf 20170203
Jiangmin Backdoor/Kasidet.s 20170301
K7AntiVirus Trojan ( 004ce5441 ) 20170306
K7GW Trojan ( 004ce5441 ) 20170306
Kaspersky HEUR:Trojan.Win32.Generic 20170306
Malwarebytes Trojan.Agent.DED 20170306
McAfee Generic-FAWH!FA20E413002E 20170306
McAfee-GW-Edition BehavesLike.Win32.Ransomware.dh 20170306
Microsoft Worm:Win32/Dorkbot.I 20170306
eScan Gen:Heur.CryptoWall.1 20170306
NANO-Antivirus Trojan.Win32.Ngrbot.dpmaeq 20170306
Panda Trj/Genetic.gen 20170305
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20170306
Sophos AV Mal/Wonton-AS 20170306
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20170306
Symantec Ransom.CryptoWall!g13 20170305
Tencent Win32.Trojan.Kryptik.Ectk 20170306
TotalDefense Win32/Dorkbot.SYEYMU 20170306
TrendMicro TROJ_GEN.R002C0CHF16 20170306
TrendMicro-HouseCall TROJ_GEN.R002C0CHF16 20170306
VBA32 OScope.Malware-Cryptor.Ngrbot 20170303
VIPRE Trojan.Win32.Generic!BT 20170306
Webroot Malicious 20170306
Yandex Worm.Ngrbot!/anKx/4Ae58 20170225
Zillya Worm.Ngrbot.Win32.6751 20170304
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170306
Alibaba 20170228
ClamAV 20170306
CMC 20170306
Kingsoft 20170306
nProtect 20170306
Rising 20170304
TheHacker 20170305
Trustlook 20170306
ViRobot 20170306
WhiteArmor 20170303
Zoner 20170306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Pig 2002-2013

Product Pig
File version 7.0.0.5
Description Columbus fastened mail outline stronger worse
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-22 12:52:16
Entry Point 0x000024E3
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
QueryServiceObjectSecurity
CopySid
RegQueryValueExA
GetAce
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
CloseServiceHandle
GetSidSubAuthority
QueryServiceConfigW
OpenProcessToken
QueryServiceStatus
RegConnectRegistryW
AddAccessAllowedAce
RegEnumKeyW
SetServiceObjectSecurity
SetTokenInformation
RegOpenKeyW
LookupAccountNameW
RegOpenKeyExA
EqualSid
RegQueryValueW
GetTokenInformation
LookupPrivilegeNameW
CryptReleaseContext
GetSidSubAuthorityCount
IsValidSid
GetSidIdentifierAuthority
RegQueryInfoKeyW
RegDeleteValueW
CryptAcquireContextW
RegLoadKeyW
GetLengthSid
RegCreateKeyW
CreateProcessAsUserW
CryptDestroyHash
MapGenericMask
RegEnumValueW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
CryptGetHashParam
OpenSCManagerW
AllocateAndInitializeSid
ImpersonateLoggedOnUser
RegUnLoadKeyW
GetKernelObjectSecurity
SetKernelObjectSecurity
AddAce
IsValidSecurityDescriptor
CreateToolbarEx
InitCommonControlsEx
ImageList_Destroy
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_Create
ImageList_DrawEx
PropertySheetW
ImageList_ReplaceIcon
ImageList_Add
GetOpenFileNameW
ChooseColorW
ChooseFontW
GetSaveFileNameW
FindTextW
PrintDlgW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReleaseMutex
SetHandleCount
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
CreateThread
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
SetStdHandle
CreateMutexA
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
GetConsoleCP
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
ColorRGBToHLS
UrlUnescapeW
ColorHLSToRGB
SetFocus
SetWindowPos
ClientToScreen
ScrollWindowEx
SetMenuItemInfoW
GetDC
GetCursorPos
ReleaseDC
SendMessageW
GetClientRect
DefMDIChildProcW
DrawTextW
LoadImageW
GetUpdateRgn
GetWindowTextW
InvalidateRgn
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
GetMessageW
ShowWindow
DrawFrameControl
SetPropW
EnableWindow
SetWindowPlacement
ShowWindowAsync
EnumDisplaySettingsW
ChildWindowFromPoint
RegisterClassW
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
SetTimer
FillRect
CopyRect
WaitForInputIdle
GetSysColorBrush
CreateWindowExW
GetWindowLongW
GetUpdateRect
DestroyWindow
MapWindowPoints
RegisterWindowMessageW
IsIconic
BeginPaint
OffsetRect
DefWindowProcW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
PostMessageW
CheckDlgButton
CreatePopupMenu
CheckMenuItem
GetClassLongW
SetWindowTextW
GetDlgItem
FindWindowW
ScreenToClient
GetScrollInfo
DialogBoxIndirectParamW
GetMenuItemCount
IsDlgButtonChecked
ValidateRect
LoadCursorW
LoadIconW
FindWindowExW
GetMenuItemID
InsertMenuW
SetForegroundWindow
OpenClipboard
EmptyClipboard
EndPaint
IntersectRect
EndDialog
CreateIconIndirect
GetCapture
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
DefFrameProcW
RegisterClassExW
MoveWindow
DialogBoxParamW
AppendMenuW
GetWindowDC
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
SystemParametersInfoW
UnionRect
FrameRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
DefDlgProcW
ModifyMenuW
GetFocus
CloseClipboard
GetMenu
SetCursor
CoUninitialize
CoInitialize
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoSetProxyBlanket
Number of PE resources by type
RT_ICON 5
RT_DLGINCLUDE 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
LITHUANIAN 1
ASSAMESE DEFAULT 1
PE resources
ExifTool file metadata
LegalTrademarks
Pig

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.7.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Columbus fastened mail outline stronger worse

CharacterSet
Windows, Latin1

InitializedDataSize
187392

FileOS
Windows 16-bit

EntryPoint
0x24e3

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Pig 2002-2013

FileVersion
7.0.0.5

TimeStamp
2015:03:22 13:52:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Mississippi.exe

ProductVersion
6.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Mississippi.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Seldom plus - www.Pig.com

CodeSize
76288

ProductName
Pig

ProductVersionNumber
7.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fa20e413002e17b938b2451552721027
SHA1 00523f607bb2c523c12297949afb7dc461be72b6
SHA256 bed3f7314d74bfee4a1faf158768f8078681436774a3389728ce057f97ceb828
ssdeep
6144:Tw6/ZzQGAOgKZXYerf9kMXFkMzCyXMwyEcy6Zj/+I:E6/Zz9BZIerf15XryEH0/+I

authentihash 6a683076bd09c1e3b2c738502f40ddd792fbafafee563dbca4c5440997b32032
imphash b28d5681dc36e3a76a5b8e1d4298ea7c
File size 258.5 KB ( 264704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2015-03-24 02:38:25 UTC ( 4 years ago )
Last submission 2015-03-24 02:38:25 UTC ( 4 years ago )
File names Zalult.exe_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications