× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: beebf4e34488079bb6918f714fe3370ccd56c5302865202ba435e1599e2a325e
File name: 78ac0e78669016b32aa0e389c92b65c86b6c8ae6
Detection ratio: 15 / 57
Analysis date: 2015-04-17 06:14:04 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150417
AVG Zbot.AAUS 20150417
Avira (no cloud) TR/Spy.ZBot.241664.1 20150417
Bkav HW32.Packed.96B6 20150415
CMC Trojan.Win32.Krap.2!O 20150416
ESET-NOD32 Win32/Spy.Zbot.ACB 20150417
Fortinet W32/Zbot.ACB!tr.spy 20150417
Kaspersky Trojan-Spy.Win32.Zbot.vitn 20150417
McAfee Artemis!5EBE5FD9D3ED 20150417
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150416
Sophos AV Mal/Generic-S 20150417
Symantec WS.Reputation.1 20150417
Tencent Trojan.Win32.YY.Gen.24 20150417
TrendMicro TROJ_FORUCON.BMC 20150417
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150417
Ad-Aware 20150417
AegisLab 20150417
Yandex 20150416
AhnLab-V3 20150417
Alibaba 20150417
ALYac 20150417
Antiy-AVL 20150417
AVware 20150417
Baidu-International 20150416
BitDefender 20150417
ByteHero 20150417
CAT-QuickHeal 20150417
ClamAV 20150417
Comodo 20150417
Cyren 20150417
DrWeb 20150417
Emsisoft 20150417
F-Prot 20150417
F-Secure 20150417
GData 20150417
Ikarus 20150417
Jiangmin 20150414
K7AntiVirus 20150416
K7GW 20150416
Kingsoft 20150417
Malwarebytes 20150417
McAfee-GW-Edition 20150417
Microsoft 20150417
eScan 20150417
NANO-Antivirus 20150417
Norman 20150416
nProtect 20150416
Panda 20150416
Qihoo-360 20150417
SUPERAntiSpyware 20150417
TheHacker 20150417
TotalDefense 20150416
VBA32 20150416
VIPRE 20150417
ViRobot 20150417
Zillya 20150416
Zoner 20150416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
IF26l3N9Y99 1977-2011

Publisher IVT Corporation
Product a9502I
Original name dt4J2l.exe
Internal name dt4J2l.exe
File version 6.9.4.7
Description wxzQ6Q4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-11-10 14:09:29
Entry Point 0x0002AB90
Number of sections 3
PE sections
PE imports
RegRestoreKeyA
CopySid
RegCreateKeyW
RegSetKeySecurity
GetSecurityDescriptorGroup
RegOpenKeyExW
RegOpenKeyExA
SetTokenInformation
SetSecurityDescriptorSacl
GetTokenInformation
GetUserNameW
GetSecurityDescriptorDacl
OpenThreadToken
GetUserNameA
SetSecurityInfo
LsaQueryInformationPolicy
GetServiceDisplayNameA
SetSecurityDescriptorOwner
LookupPrivilegeValueA
SetNamedSecurityInfoA
OpenServiceA
AddAccessDeniedAce
RegQueryValueExA
OpenServiceW
RegNotifyChangeKeyValue
GetSecurityInfo
RegQueryValueExW
GetSidSubAuthority
RegisterEventSourceW
AddAccessAllowedAce
RegisterEventSourceA
GetFileSecurityA
RegEnumValueA
RegLoadKeyW
DeleteAce
RegDeleteValueW
LsaClose
SetThreadToken
RegCloseKey
LookupAccountSidW
AccessCheck
LsaLookupSids
DeleteService
GetSecurityDescriptorLength
DeregisterEventSource
DuplicateToken
SetFileSecurityW
SetFileSecurityA
InitiateSystemShutdownA
GetSidIdentifierAuthority
RegEnumKeyExW
LockServiceDatabase
LsaAddAccountRights
RegisterServiceCtrlHandlerA
MapGenericMask
RegEnumValueW
RevertToSelf
RegSaveKeyA
StartServiceW
FreeSid
MakeSelfRelativeSD
RegSaveKeyW
EnumServicesStatusW
SetEntriesInAclA
RegDeleteKeyA
QueryServiceConfigA
GetSecurityDescriptorControl
GetAce
AdjustTokenPrivileges
ControlService
LsaOpenPolicy
RegSetValueExA
RegQueryValueA
CloseEventLog
AbortSystemShutdownA
RegOpenKeyW
LsaEnumerateAccountRights
RegConnectRegistryA
DuplicateTokenEx
GetFileSecurityW
EncryptFileW
RegQueryInfoKeyA
RegUnLoadKeyA
GetSecurityDescriptorSacl
EnumDependentServicesW
ChangeServiceConfigW
ReportEventA
SetSecurityDescriptorGroup
ImageLoad
SymCleanup
MapDebugInformation
SymGetSearchPath
SearchTreeForFile
ImageEnumerateCertificates
SymGetSymNext
BindImageEx
SymGetModuleBase
ImmGetCompositionFontA
AreFileApisANSI
GlobalGetAtomNameW
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
GetShortPathNameW
GetModuleFileNameW
GetLastError
GetConsoleCP
CreateIoCompletionPort
GetDriveTypeA
DefineDosDeviceA
GetVolumeInformationW
GetEnvironmentStringsW
GetVersionExA
FlushViewOfFile
DefineDosDeviceW
FreeEnvironmentStringsA
CreatePipe
HeapReAlloc
EnumSystemLocalesA
EnterCriticalSection
GetFileType
GetConsoleMode
GetDateFormatW
DeleteFileA
EnumSystemLocalesW
FatalAppExitA
GetLogicalDrives
GetFileInformationByHandle
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
FlushInstructionCache
GetProcessHeap
ExitProcess
CreateMutexA
CompareStringW
FindResourceExA
CreateSemaphoreA
FileTimeToLocalFileTime
FreeEnvironmentStringsW
FlushFileBuffers
HeapCompact
CreateSemaphoreW
ConvertDefaultLocale
GetProfileStringA
CreateFileMappingA
GetDateFormatA
GetDiskFreeSpaceA
GetVersion
FreeResource
ConnectNamedPipe
Beep
FormatMessageW
GetProcessAffinityMask
CreateFileW
GetThreadContext
AllocConsole
DeleteCriticalSection
FindNextChangeNotification
DebugBreak
GetProcessTimes
FindResourceA
GetNumberFormatW
AlphaBlend
GradientFill
_except_handler3
AccessibleObjectFromPoint
VarBoolFromI4
VarI1FromDisp
ResUtilGetAllProperties
ResUtilGetDwordProperty
ResUtilSetPropertyTable
ResUtilStartResourceService
ResUtilGetBinaryProperty
ResUtilDupParameterBlock
ResUtilGetEnvironmentWithNetName
ResUtilVerifyPropertyTable
ResUtilEnumResources
ResUtilVerifyService
ResUtilGetDwordValue
ResUtilStopService
ResUtilGetSzProperty
ResUtilGetPropertiesToParameterBlock
ResUtilGetResourceDependency
ResUtilVerifyPrivatePropertyList
ResUtilVerifyResourceService
ClusWorkerCheckTerminate
ResUtilGetProperty
ResUtilGetResourceNameDependency
ResUtilResourcesEqual
ResUtilGetBinaryValue
ResUtilGetPrivateProperties
ResUtilGetPropertySize
ResUtilSetExpandSzValue
ResUtilDupString
ResUtilPropertyListFromParameterBlock
ResUtilSetPrivatePropertyList
RpcAsyncRegisterInfo
RpcBindingToStringBindingA
NdrXmitOrRepAsMemorySize
IUnknown_QueryInterface_Proxy
RpcSmDestroyClientContext
RpcBindingToStringBindingW
I_RpcPauseExecution
IUnknown_AddRef_Proxy
NdrSimpleTypeMarshall
NdrComplexArrayFree
DceErrorInqTextW
RpcEpRegisterA
UuidToStringA
I_RpcNsBindingSetEntryNameA
NdrServerInitializeMarshall
MesDecodeBufferHandleCreate
RpcNsBindingInqEntryNameA
NdrStubCall
NdrServerInitializePartial
NdrServerContextUnmarshall
RpcBindingInqAuthClientA
NdrClientInitializeNew
NdrPointerBufferSize
RpcMgmtEnableIdleCleanup
long_array_from_ndr
RpcBindingInqAuthClientW
RpcServerRegisterIf
NdrMesTypeEncode
RpcSsDisableAllocate
I_UuidCreate
I_RpcFree
I_RpcConnectionInqSockBuffSize
NdrComplexArrayMemorySize
RpcServerUseAllProtseqs
NdrComplexStructMarshall
RpcMgmtInqServerPrincNameA
RpcServerUseProtseqEpExW
NDRCContextUnmarshall
RpcServerUseProtseqIfExA
NdrServerContextMarshall
RpcBindingVectorFree
RpcStringBindingComposeA
RpcBindingInqObject
tree_into_ndr
MesHandleFree
data_size_ndr
NdrNonConformantStringMemorySize
RpcProtseqVectorFreeW
RpcMgmtInqDefaultProtectLevel
RpcSmSetThreadHandle
NdrComplexStructBufferSize
RpcEpRegisterNoReplaceA
tree_size_ndr
NdrConformantStructUnmarshall
float_from_ndr
short_array_from_ndr
I_RpcMapWin32Status
NdrConformantVaryingStructMarshall
NdrByteCountPointerFree
NdrConformantArrayBufferSize
NdrComplexArrayMarshall
NdrXmitOrRepAsFree
RpcBindingReset
RpcSsAllocate
NdrConformantVaryingArrayFree
NdrConformantArrayMarshall
RpcAsyncGetCallStatus
NdrUserMarshalUnmarshall
I_RpcDeleteMutex
RpcAsyncInitializeHandle
NdrConformantVaryingStructFree
RpcSmFree
MesDecodeIncrementalHandleCreate
RpcSsDestroyClientContext
NdrGetBuffer
NdrConformantStructBufferSize
I_RpcServerInqTransportType
NdrClearOutParameters
NdrComplexStructUnmarshall
NDRSContextMarshallEx
RpcSmClientFree
MesBufferHandleReset
I_RpcServerRegisterForwardFunction
RpcEpResolveBinding
UuidCreate
NdrServerInitialize
RpcTestCancel
tree_peek_ndr
RpcMgmtEpEltInqDone
RpcSsDontSerializeContext
RpcMgmtEpUnregister
MesEncodeDynBufferHandleCreate
RpcNetworkIsProtseqValidA
NdrServerInitializeUnmarshall
NdrNonEncapsulatedUnionBufferSize
RpcNsBindingInqEntryNameW
long_from_ndr
NdrByteCountPointerBufferSize
MIDL_wchar_strlen
RpcServerUseProtseqExA
RpcMgmtEpEltInqBegin
UuidIsNil
I_RpcAsyncSetHandle
UuidEqual
NdrRpcSsDisableAllocate
NdrNonConformantStringUnmarshall
RpcEpRegisterNoReplaceW
NdrConformantArrayMemorySize
NdrServerCall
NdrComplexArrayUnmarshall
MesEncodeIncrementalHandleCreate
NdrFixedArrayMemorySize
NDRCContextBinding
RpcRaiseException
NdrGetDcomProtocolVersion
NdrRpcSsEnableAllocate
I_RpcGetBuffer
RpcMgmtSetAuthorizationFn
RpcBindingSetAuthInfoExA
NdrVaryingArrayBufferSize
RpcMgmtInqStats
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoExW
RpcServerUseAllProtseqsIf
NdrFixedArrayFree
RpcServerListen
NdrEncapsulatedUnionFree
RpcBindingFromStringBindingW
NdrNonEncapsulatedUnionMemorySize
long_from_ndr_temp
NdrComplexStructFree
I_RpcReallocPipeBuffer
NdrConvert
NdrStubCall2
RpcAsyncCancelCall
NdrAllocate
NdrClientContextUnmarshall
RpcServerRegisterAuthInfoW
NdrConformantVaryingStructUnmarshall
NdrNonEncapsulatedUnionUnmarshall
NdrConformantVaryingArrayBufferSize
float_array_from_ndr
NdrFullPointerXlatFree
RpcEpRegisterW
NdrInterfacePointerMarshall
NdrConformantVaryingStructMemorySize
NdrPointerUnmarshall
RpcServerTestCancel
short_from_ndr_temp
RpcServerUseProtseqEpA
NdrSimpleStructFree
NdrOleAllocate
NdrNsSendReceive
NdrUserMarshalMarshall
I_RpcReceive
NdrNonEncapsulatedUnionFree
RpcBindingInqAuthInfoExW
RpcBindingSetAuthInfoW
NdrInterfacePointerFree
RpcMgmtWaitServerListen
NdrServerMarshall
RpcSsFree
MesInqProcEncodingId
NdrSendReceive
I_RpcConnectionSetSockBuffSize
RpcBindingInqOption
RpcBindingFree
NdrNonEncapsulatedUnionMarshall
PathStripPathW
SHGetValueA
StrNCatW
PathIsRelativeA
PathIsUNCW
SHSetValueA
PathIsSystemFolderW
PathCompactPathExW
PathMakePrettyW
PathFileExistsW
StrCSpnA
PathMakeSystemFolderA
PathMakePrettyA
StrToIntExA
SHDeleteValueW
StrCSpnW
SHEnumKeyExA
SHDeleteKeyW
PathIsFileSpecW
StrFromTimeIntervalA
PathIsUNCServerW
SHRegGetUSValueW
SHDeleteKeyA
PathAppendW
PathStripPathA
SHRegEnumUSValueW
StrIsIntlEqualA
StrSpnA
PathBuildRootA
PathRemoveBlanksA
PathRenameExtensionW
PathAddExtensionW
PathSkipRootW
SendNotifyMessageA
CreateDialogIndirectParamW
GetWindowRgn
DrawTextExW
GetPropW
LoadBitmapW
OffsetRect
DefWindowProcW
GetScrollPos
CheckRadioButton
KillTimer
CharPrevW
DefWindowProcA
SetClassLongA
UnionRect
SetPropW
ToUnicodeEx
SendDlgItemMessageA
GetSystemMetrics
HiliteMenuItem
MessageBoxW
AppendMenuA
SetMenuItemInfoA
GrayStringA
ChildWindowFromPoint
IsCharAlphaA
AdjustWindowRectEx
GetMessageTime
GetWindow
SetKeyboardState
CharUpperA
SetActiveWindow
DrawCaption
CharLowerBuffW
GetDoubleClickTime
SetProcessWindowStation
SetClipboardData
OpenDesktopW
SendMessageTimeoutA
SendMessageA
GetDesktopWindow
GetKeyboardLayoutList
DrawTextExA
CharLowerBuffA
IsCharLowerW
FindWindowW
GetProcessWindowStation
CloseWindowStation
GetMenuItemCount
InsertMenuA
GetWindowTextLengthA
SetMenuItemInfoW
GetClassNameW
ShowOwnedPopups
GetTopWindow
CopyRect
DragDetect
CreateIconFromResourceEx
SetWindowsHookExW
ScrollWindow
GetUpdateRect
CreateAcceleratorTableA
DefDlgProcW
ReplyMessage
InternetSetStatusCallback
HttpOpenRequestA
InternetUnlockRequestFile
RetrieveUrlCacheEntryFileW
FtpRemoveDirectoryA
CreateUrlCacheEntryW
HttpSendRequestExA
InternetReadFileExA
GopherOpenFileA
FtpRenameFileA
InternetGetCookieA
InternetGetLastResponseInfoW
FtpRenameFileW
SetUrlCacheEntryInfoW
FindFirstUrlCacheEntryExW
InternetFindNextFileW
InternetQueryDataAvailable
CommitUrlCacheEntryW
InternetSetFilePointer
InternetCreateUrlA
InternetOpenW
GopherGetAttributeW
HttpSendRequestW
InternetCombineUrlA
FtpOpenFileW
PrintDlgA
ReplaceTextA
FindTextA
GetOpenFileNameW
PageSetupDlgA
ChooseFontA
Number of PE resources by type
RT_MENU 3
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
ENGLISH *unknown* 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.9.4.7

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
3842048

FileOS
Unknown (0x11004)

EntryPoint
0x2ab90

MIMEType
application/octet-stream

LegalCopyright
IF26l3N9Y99 1977-2011

FileVersion
6.9.4.7

TimeStamp
2004:11:10 15:09:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dt4J2l.exe

ProductVersion
6.9.4.7

FileDescription
wxzQ6Q4

OSVersion
4.0

OriginalFilename
dt4J2l.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IVT Corporation

CodeSize
229376

ProductName
a9502I

ProductVersionNumber
6.9.4.7

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5ebe5fd9d3edd3243fd8ffe24cfb8d62
SHA1 cd0ed25a25d184e0df030c16c2220ef26b631392
SHA256 beebf4e34488079bb6918f714fe3370ccd56c5302865202ba435e1599e2a325e
ssdeep
6144:c1OQDXS8lv5s34VGCel1JeWjnID1aPY2+Nb:c1OQD3J5U4nelq0nIE0

authentihash a345e5fa8c61bb838e98c981d4ddf7e8ea586cc12ed06d9ebfc1db5d3d6cf04d
imphash c2b15a53c22d69618df3b10400aea4e6
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows Screen Saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-17 06:14:04 UTC ( 3 years, 11 months ago )
Last submission 2015-04-17 06:14:04 UTC ( 3 years, 11 months ago )
File names 78ac0e78669016b32aa0e389c92b65c86b6c8ae6
dt4J2l.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications