× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c21bb4c27491093ce43b527f3344a1890d2019dcfb25a7bc3a1668d008ced5d0
File name: 4cc0988f5bcff3f08a7c7216b6daa06476d390b9
Detection ratio: 15 / 50
Analysis date: 2014-05-09 19:01:08 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1671236 20140509
AntiVir TR/Zbot.A.745 20140509
AVG Zbot.ILV 20140509
BitDefender Trojan.GenericKD.1671236 20140509
Bkav HW32.CDB.F7d4 20140509
Emsisoft Trojan.GenericKD.1671236 (B) 20140509
ESET-NOD32 Win32/Spy.Zbot.YW 20140509
F-Secure Trojan.GenericKD.1671236 20140509
GData Trojan.GenericKD.1671236 20140509
Kaspersky Trojan-Spy.Win32.Zbot.sinc 20140509
eScan Trojan.GenericKD.1671236 20140509
nProtect Trojan.GenericKD.1671236 20140509
Panda Trj/dtcontx.L 20140509
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140507
Sophos AV Mal/Ransom-CO 20140509
AegisLab 20140509
Yandex 20140509
AhnLab-V3 20140509
Antiy-AVL 20140509
Avast 20140509
Baidu-International 20140509
ByteHero 20140227
CAT-QuickHeal 20140508
ClamAV 20140509
CMC 20140506
Commtouch 20140509
Comodo 20140509
DrWeb 20140509
F-Prot 20140509
Fortinet 20140509
Ikarus 20140509
Jiangmin 20140509
K7AntiVirus 20140509
K7GW 20140509
Kingsoft 20140509
Malwarebytes 20140509
McAfee 20140509
McAfee-GW-Edition 20140509
Microsoft 20140509
NANO-Antivirus 20140509
Norman 20140509
Qihoo-360 20140509
SUPERAntiSpyware 20140509
Symantec 20140509
TheHacker 20140508
TotalDefense 20140509
TrendMicro 20140509
TrendMicro-HouseCall 20140509
VBA32 20140507
VIPRE 20140509
ViRobot 20140509
Zillya 20140509
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Ypuryt
Original name Oaqlwcse.exe
Internal name Wyfucil
File version 9, 7, 3
Description Zobowop Omi Waty
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-20 08:03:54
Entry Point 0x00013101
Number of sections 5
PE sections
PE imports
LsaFreeMemory
ExtractFiles
ClusterNetworkControl
PropertySheetA
ImageList_BeginDrag
ImageList_Replace
ImageList_SetDragCursorImage
_TrackMouseEvent
ImageList_DrawIndirect
CreateMappedBitmap
ImageList_SetFlags
FlatSB_ShowScrollBar
ImageList_GetImageInfo
ImageList_Destroy
ImageList_AddMasked
GetMUILanguage
DrawStatusTextA
InitCommonControlsEx
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
CreateUpDownControl
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_DragShowNolock
CreateStatusWindowA
ImageList_Remove
ImageList_Copy
ImageList_LoadImageW
PrintDlgA
WantArrows
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
Ssync_ANSI_UNICODE_Struct_For_WOW
GetOpenFileNameA
ChooseColorA
PrintDlgW
PrintDlgExA
LoadAlterBitmap
PageSetupDlgW
GetSaveFileNameA
CryptUIDlgViewSignerInfoW
GetPixelFormat
CreateFontIndirectW
GdiArtificialDecrementDriver
GetRgnBox
SetICMMode
GetCharABCWidthsI
GetDeviceCaps
CloseMetaFile
LineTo
GdiGetDevmodeForPage
SetMapperFlags
GetWindowOrgEx
DeviceCapabilitiesExW
StartPage
FixBrushOrgEx
GetFontLanguageInfo
EnumEnhMetaFile
GetColorSpace
GetMetaFileBitsEx
DeleteColorSpace
GetCurrentPositionEx
OffsetViewportOrgEx
SelectClipRgn
RoundRect
PolyBezierTo
StretchBlt
Chord
StartDocA
GetGlyphIndicesW
BeginPath
CreateCompatibleDC
SetIfEntry
GetIfTable
GetBestInterface
GetRTTAndHopCount
GetUdpTable
GetAdaptersInfo
InternalCreateIpForwardEntry
IpRenewAddress
DeleteIPAddress
CreateIpForwardEntry
CreateIpNetEntry
GetNumberOfInterfaces
NTPTimeToNTFileTime
InternalCreateIpNetEntry
GetTcpStatistics
InternalSetIfEntry
GetIcmpStatistics
AllocateAndGetIpAddrTableFromStack
NTTimeToNTPTime
GetFriendlyIfIndex
SetIpTTL
GetTempFileNameW
DefineDosDeviceW
ReplaceFileA
DosDateTimeToFileTime
SetThreadLocale
FileTimeToSystemTime
RequestDeviceWakeup
CreateMailslotW
PurgeComm
GlobalUnlock
UpdateResourceA
Process32NextW
OpenFile
GetLocaleInfoA
GetFileSizeEx
GetFileInformationByHandle
GetNamedPipeHandleStateW
CommConfigDialogA
WaitCommEvent
IsDBCSLeadByteEx
CreateDirectoryExW
ExpandEnvironmentStringsW
GetExitCodeThread
WriteFile
_lopen
IsValidLocale
SetThreadIdealProcessor
BindIoCompletionCallback
EnumDateFormatsExW
GetFullPathNameA
OutputDebugStringW
WriteProfileSectionW
WNetConnectionDialog1A
acmFormatTagEnumA
CheckBitmapBits
dn_expand
DsAddSidHistoryA
NPAddConnection
GetDocumentBitStg
PdhUpdateLogW
PdhBrowseCountersW
PdhSetDefaultRealTimeDataSource
PdhGetRawCounterValue
PdhAddCounterA
PdhIsRealTimeQuery
PdhParseCounterPathA
PdhExpandCounterPathA
PdhExpandWildCardPathW
PdhCloseLog
PdhGetDllVersion
PdhComputeCounterStatistics
PdhSelectDataSourceA
PdhGetFormattedCounterArrayW
PdhGetCounterTimeBase
PdhGetLogFileSize
PdhGetFormattedCounterArrayA
PdhMakeCounterPathA
PdhVbGetDoubleCounterValue
PdhOpenLogA
PdhGetCounterInfoW
PdhGetDefaultPerfCounterA
PdhOpenLogW
PdhGetCounterInfoA
PdhParseInstanceNameW
PdhVbOpenLog
EmptyWorkingSet
DoneCIISAPIPerformanceData
CIRestrictionToFullTree
CollectFILTERPerformanceData
SetupCache
BindIFilterFromStorage
CITextToFullTreeEx
SetupCacheEx
InitializeCIPerformanceData
CICreateCommand
EndCacheTransaction
BeginCacheTransaction
BindIFilterFromStream
CIMakeICommand
SvcEntry_CiSvc
CIBuildQueryTree
DoneFILTERPerformanceData
CIBuildQueryNode
ResUtilIsPathValid
ResUtilFindExpandSzProperty
ResUtilGetBinaryValue
ResUtilFindMultiSzProperty
ClusWorkerTerminate
ResUtilGetPropertySize
ResUtilGetResourceDependencyByName
ResUtilFindSzProperty
ResUtilSetResourceServiceStartParameters
ResUtilDupParameterBlock
ResUtilVerifyResourceService
ResUtilGetProperties
NdrByteCountPointerFree
SamQueryInformationAlias
GetUserNameExW
AcceptSecurityContext
QueryContextAttributesW
SealMessage
LsaUnregisterPolicyChangeNotification
AddSecurityPackageA
SaslGetProfilePackageW
LsaCallAuthenticationPackage
InitSecurityInterfaceW
DeleteSecurityPackageW
QuerySecurityPackageInfoW
EnumerateSecurityPackagesA
ImportSecurityContextW
SaslInitializeSecurityContextW
QuerySecurityContextToken
CompleteAuthToken
SaslEnumerateProfilesW
LsaFreeReturnBuffer
SaslAcceptSecurityContext
SaslEnumerateProfilesA
EncryptMessage
FreeCredentialsHandle
SHPathPrepareForWriteA
RegenerateUserEnvironment
SHBrowseForFolderW
InternalExtractIconListA
SHFileOperationW
RealShellExecuteW
SHQueryRecycleBinW
SHGetDiskFreeSpaceA
SheSetCurDrive
RealShellExecuteA
Shell_NotifyIconA
SHGetFileInfoA
ShellAboutA
SHInvokePrinterCommandW
DuplicateIcon
SheChangeDirA
SHGetSpecialFolderLocation
SHGetMalloc
SHLoadInProc
ShellExecuteExA
ExtractAssociatedIconW
DoEnvironmentSubstA
DragQueryPoint
SHGetInstanceExplorer
FindExecutableW
SHGetNewLinkInfoW
ShellExecuteA
StrFormatKBSizeA
SHSetValueW
StrRChrW
PathIsRelativeA
UrlEscapeW
SHDeleteOrphanKeyA
PathFindSuffixArrayW
StrFormatByteSizeW
StrCatW
PathMakeSystemFolderA
PathCombineA
PathFindOnPathW
PathIsLFNFileSpecW
PathFindOnPathA
SHAutoComplete
SHRegGetBoolUSValueA
SHRegQueryUSValueA
SHQueryInfoKeyW
StrToIntA
PathIsUNCServerW
StrIsIntlEqualW
PathCreateFromUrlW
StrCatBuffA
PathIsUNCServerA
SHQueryInfoKeyA
AssocCreate
PathRemoveBlanksA
StrRetToStrA
UrlGetPartA
PathAddExtensionW
PathIsNetworkPathA
PathIsSameRootA
lineBlindTransferW
URLOpenStreamW
RegisterBindStatusCallback
URLOpenStreamA
CopyStgMedium
IsJITInProgress
HlinkSimpleNavigateToMoniker
GetSoftwareUpdateInfo
CreateAsyncBindCtx
FaultInIEFeature
URLDownloadA
RevokeFormatEnumerator
HlinkGoForward
CreateAsyncBindCtxEx
CoInternetGetSession
CoInternetCreateZoneManager
RegisterMediaTypes
URLDownloadToCacheFileW
URLOpenBlockingStreamA
URLDownloadToFileA
BindAsyncMoniker
GetClassFileOrMime
URLDownloadToFileW
GetCaretBlinkTime
GetParent
PostMessageA
TileChildWindows
SendIMEMessageExA
DdeAddData
BroadcastSystemMessageW
MessageBoxW
GetWindowRect
DdeSetUserHandle
OpenWindowStationW
GetSystemMenu
SetKeyboardState
MsgWaitForMultipleObjectsEx
GetCursorPos
SetShellWindow
UnregisterClassW
DdeConnect
UnionRect
ClientToScreen
GetClassLongA
CallNextHookEx
CallWindowProcW
SetMessageExtraInfo
ImpersonateDdeClientWindow
FillRect
ModifyMenuW
ValidateRect
LoadIconW
ScrollWindow
DeregisterShellHookWindow
DestroyWindow
GetGPOListW
GetAppliedGPOListW
GetGPOListA
GetProfilesDirectoryW
GetAppliedGPOListA
GetProfilesDirectoryA
LoadUserProfileW
GetAllUsersProfileDirectoryA
ProcessGroupPolicyCompleted
VerFindFileA
GetFileVersionInfoW
InternetSetStatusCallbackA
ADVANCEDSETUPDIALOG
FreePrinterNotifyInfo
PlayGdiScriptOnPrinterIC
SoftpubLoadMessage
SoftpubDllUnregisterServer
CryptCATCatalogInfoFromContext
CryptCATCDFEnumAttributesWithCDFTag
WVTAsn1SpcSigInfoDecode
WTHelperCheckCertUsage
OfficeInitializePolicy
WTHelperIsInRootStore
CryptCATPutMemberInfo
WVTAsn1SpcPeImageDataDecode
WTHelperCertIsSelfSigned
AddPersonalTrustDBPages
WTHelperOpenKnownStores
WVTAsn1SpcStatementTypeEncode
CryptSIPCreateIndirectData
CryptCATPutAttrInfo
mssip32DllUnregisterServer
SoftpubCheckCert
CryptCATPutCatAttrInfo
WVTAsn1SpcIndirectDataContentDecode
WintrustSetRegPolicyFlags
WintrustGetRegPolicyFlags
CryptCATClose
IsCatalogFile
CryptCATEnumerateAttr
WinVerifyTrust
CryptCATCDFOpen
SoftpubDumpStructure
WSCWriteProviderOrder
WSACancelAsyncRequest
Number of PE resources by type
RT_DIALOG 198
RT_MENU 159
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 358
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.7.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
380928

EntryPoint
0x13101

OriginalFileName
Oaqlwcse.exe

MIMEType
application/octet-stream

FileVersion
9, 7, 3

TimeStamp
2011:01:20 09:03:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wyfucil

ProductVersion
9, 7

FileDescription
Zobowop Omi Waty

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Walt Disney Internet Group

CodeSize
94208

ProductName
Ypuryt

ProductVersionNumber
9.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0fac9e558d8e97cfcdda01b6befabb24
SHA1 4cc0988f5bcff3f08a7c7216b6daa06476d390b9
SHA256 c21bb4c27491093ce43b527f3344a1890d2019dcfb25a7bc3a1668d008ced5d0
ssdeep
3072:TvZtqxkbi6jEr+uGrYPllvLTmY9HIXBYIx0JAYT01E8cKwpi0fg9qRaUzw6S1FQy:7WxkbR/uGeOWoxYIng01E8cKYUM2ek9

authentihash 81ddbb15012ba099b8c3618cbd846d032907d605fdc39cb8a9cef952f0bc875b
imphash af80076bfd02949075c40d5b588c1c43
File size 275.5 KB ( 282112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-09 19:01:08 UTC ( 4 years, 10 months ago )
Last submission 2014-05-09 19:01:08 UTC ( 4 years, 10 months ago )
File names 4cc0988f5bcff3f08a7c7216b6daa06476d390b9
Wyfucil
Oaqlwcse.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.