× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c017bf18e3decdac48edb513075def9e19d086244426c5e196ceb5af3294fcd0
File name: 80bc1eebe0688d8b58bd6a6eb2411119
Detection ratio: 46 / 51
Analysis date: 2014-04-10 14:14:55 UTC ( 4 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.5874705 20140410
Yandex Trojan.Tinxy!BULp5g1NLsc 20140410
AhnLab-V3 Win32/Koobface.Worm.44032 20140410
AntiVir TR/Spy.24064.7 20140410
Antiy-AVL Worm[Net]/Win32.Koobface 20140409
Avast Win32:Malware-gen 20140410
AVG Dropper.Generic2.CHIT 20140410
Baidu-International Worm.Win32.Koobface.AX 20140410
BitDefender Trojan.Generic.5874705 20140410
Bkav W32.Clod0b8.Trojan.70f6 20140410
CAT-QuickHeal I-Worm.Koobface.hif 20140410
Commtouch W32/Risk.JZMQ-1760 20140410
Comodo Worm.Win32.Koobface.~BC 20140410
DrWeb Win32.HLLW.Facebook.909 20140410
Emsisoft Trojan.Generic.5874705 (B) 20140410
ESET-NOD32 a variant of Win32/Tinxy.CG 20140410
F-Prot W32/MalwareF.AAOSO 20140410
F-Secure Trojan.Generic.5874705 20140410
Fortinet W32/Dx.VEZ!tr 20140410
GData Trojan.Generic.5874705 20140410
Ikarus Net-Worm.Win32.Koobface 20140410
Jiangmin Worm/Koobface.bob 20140410
K7AntiVirus Riskware ( 42f471190 ) 20140410
K7GW Trojan ( 0018c5d41 ) 20140410
Kaspersky Net-Worm.Win32.Koobface.hif 20140410
Kingsoft Win32.Troj.Generic.(kcloud) 20140410
Malwarebytes Worm.Koobface 20140410
McAfee Artemis!80BC1EEBE068 20140410
McAfee-GW-Edition Artemis!80BC1EEBE068 20140410
Microsoft Trojan:Win32/Malagent 20140410
eScan Trojan.Generic.5874705 20140410
NANO-Antivirus Trojan.Win32.Koobface.bqfib 20140410
Norman Suspicious_Gen2.FEMCR 20140410
nProtect Trojan/W32.Small.44032.BX 20140410
Panda Generic Malware 20140410
Qihoo-360 Win32/Trojan.b7f 20140410
Rising PE:Trojan.Win32.Generic.12648176!308576630 20140410
Sophos AV Mal/Behav-150 20140410
Symantec Suspicious.MH690.A 20140410
TheHacker W32/Koobface.hif 20140408
TotalDefense Win32/Koobface.ABQ 20140410
TrendMicro TROJ_GEN.FA2EZLI 20140410
TrendMicro-HouseCall TROJ_GEN.FA2EZLI 20140410
VBA32 Worm.Koobface 20140410
VIPRE Trojan.Win32.Generic!BT 20140410
ViRobot Worm.Win32.Net-Koobface.44032.A 20140410
AegisLab 20140410
ByteHero 20140410
ClamAV 20140410
CMC 20140410
SUPERAntiSpyware 20140410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Copyright 2009-2010

Publisher zup
Product zup
Original name zup.exe
Internal name zup.exe
File version 1.7.12.09
Description zup
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-09 13:14:09
Entry Point 0x00013EF0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
VerQueryValueA
connect
Number of PE resources by type
RES 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
36864

InitializedDataSize
4096

ImageVersion
0.0

ProductName
zup

FileVersionNumber
1.7.12.9

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
zup

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
zup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.7.12.09

TimeStamp
2010:12:09 14:14:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
zup.exe

FileAccessDate
2014:04:10 15:17:07+01:00

ProductVersion
1.7.12.09

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:04:10 15:17:07+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2009-2010

MachineType
Intel 386 or later, and compatibles

CompanyName
zup

CodeSize
45056

FileSubtype
6

ProductVersionNumber
1.7.12.9

EntryPoint
0x13ef0

ObjectFileType
Driver

File identification
MD5 80bc1eebe0688d8b58bd6a6eb2411119
SHA1 0ce5286841bb1f34780282cf5b91fe4119fc121c
SHA256 c017bf18e3decdac48edb513075def9e19d086244426c5e196ceb5af3294fcd0
ssdeep
768:i8U+NfzWUkOph/zd/T5A/b0grZ/vxdJjStLLxT9qAWZtb34NPNMjiXjbo5lBK:i8U4LWu/5T5AT/rZXxfjStfJHWbojbo

imphash 47a18781e8a48e53068fe9b835db8bf1
File size 43.0 KB ( 44032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2010-12-13 18:32:22 UTC ( 8 years, 3 months ago )
Last submission 2014-04-10 14:14:55 UTC ( 4 years, 11 months ago )
File names aa
80bc1eebe0688d8b58bd6a6eb2411119.exe
80bc1eebe0688d8b58bd6a6eb2411119
80BC1EEBE0688D8B58BD6A6EB2411119.swat
sTsUE_tg.hta
zup.exe
0ce5286841bb1f34780282cf5b91fe4119fc121c
smona130683432236691985576
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!