× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2cc2f42586179e421e9f2e2efe1d9347809d691e8a591bb1fe971b8528298a6
File name: ftc_pdf_complaint.pif
Detection ratio: 36 / 54
Analysis date: 2014-07-05 18:28:03 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1737238 20140705
Yandex TrojanSpy.Zbot!suwrz9p9yp8 20140704
AhnLab-V3 Spyware/Win32.Agent 20140704
AntiVir TR/Spy.ZBot.yahd 20140704
Avast Win32:Malware-gen 20140705
AVG Crypt3.ACDB 20140705
BitDefender Trojan.GenericKD.1737238 20140705
Bkav HW32.CDB.1f2f 20140702
CMC Trojan.Win32.Krap.2!O 20140704
Comodo UnclassifiedMalware 20140705
DrWeb Trojan.PWS.Stealer.13062 20140705
Emsisoft Trojan.Win32.Zbot (A) 20140705
ESET-NOD32 a variant of Win32/Kryptik.CFPJ 20140704
F-Secure Trojan.GenericKD.1737238 20140705
Fortinet W32/Zbot.TKGL!tr 20140705
GData Trojan.GenericKD.1737238 20140705
Ikarus Trojan.Win32.Kryptik 20140705
K7AntiVirus Trojan ( 0049c8301 ) 20140704
K7GW Trojan ( 0049c8301 ) 20140704
Kaspersky Trojan-Spy.Win32.Zbot.tkgl 20140704
Malwarebytes Spyware.Zbot.VXGen 20140705
McAfee RDN/Generic.dx!dd3 20140705
McAfee-GW-Edition RDN/Generic.dx!dd3 20140704
Microsoft PWS:Win32/Zbot 20140705
eScan Trojan.GenericKD.1737238 20140705
NANO-Antivirus Trojan.Win32.Stealer.dbxejo 20140705
Norman Kryptik.CDZP 20140704
Panda Trj/Chgt.C 20140704
Qihoo-360 HEUR/Malware.QVM20.Gen 20140705
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140704
Sophos AV Troj/Agent-AHQI 20140705
Symantec Trojan.Zbot 20140705
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140705
TrendMicro TROJ_KRYPTK.YYLV 20140705
TrendMicro-HouseCall TROJ_KRYPTK.YYLV 20140705
VIPRE Trojan.Win32.Generic!BT 20140705
AegisLab 20140705
Antiy-AVL 20140703
Baidu-International 20140704
ByteHero 20140705
CAT-QuickHeal 20140704
ClamAV 20140705
Commtouch 20140705
F-Prot 20140705
Jiangmin 20140705
Kingsoft 20140705
nProtect 20140704
SUPERAntiSpyware 20140704
TheHacker 20140704
TotalDefense 20140704
VBA32 20140704
ViRobot 20140705
Zillya 20140703
Zoner 20140704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
 1998

Product Axojuw
Original name Bwjqeihh.exe
Internal name Uzedas
File version 6, 9, 8
Description Vyhuf Wypary Ica
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-24 17:01:45
Entry Point 0x00020260
Number of sections 4
PE sections
PE imports
MoveClusterGroup
OpenClusterNetwork
ClusterGroupCloseEnum
DeleteClusterResource
GetClusterResourceKey
EvictClusterNode
ClusterCloseEnum
AddClusterResourceNode
ClusterNetworkControl
OpenCluster
OpenClusterGroup
BackupClusterDatabase
ClusterResourceControl
GetNodeClusterState
CreateClusterGroup
ResumeClusterNode
ClusterResourceCloseEnum
ClusterNodeOpenEnum
ClusterGroupControl
OpenClusterNode
CloseClusterNode
ClusterOpenEnum
ClusterNetworkCloseEnum
GetClusterInformation
CreateClusterResource
ClusterRegEnumValue
ClusterNetworkOpenEnum
ClusterNodeCloseEnum
ImmGetCompositionStringA
ImmUnregisterWordW
ImmGetIMEFileNameA
ImmSetCompositionStringA
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmInstallIMEW
ImmCreateSoftKeyboard
ImmGetHotKey
ImmReSizeIMCC
ImmLockIMC
ImmEnumRegisterWordA
ImmGetRegisterWordStyleA
ImmGetVirtualKey
ImmSetCandidateWindow
ImmUnlockIMCC
ImmGetCompositionFontW
ImmConfigureIMEA
ImmDestroyContext
ImmConfigureIMEW
ImmGetProperty
ImmGetConversionListW
ImmSetStatusWindowPos
ImmReleaseContext
GetTempPathW
TlsGetValue
FatalAppExitW
GetCurrentProcessId
LocalLock
GetTypeByNameA
GetAddressByNameA
GetTypeByNameW
EnumProtocolsA
AcceptEx
s_perror
GetNameByTypeW
rresvport
EnumProtocolsW
rexec
inet_network
GetAcceptExSockaddrs
GetServiceW
getnetbyname
MigrateWinsockConfiguration
WSARecvEx
SetServiceW
NetLocalGroupAddMembers
RxNetAccessAdd
NlBindingSetAuthInfo
NetServerComputerNameDel
I_NetLogonControl2
DsGetDcNameA
NetMessageNameAdd
NetConfigGetAll
NetUnjoinDomain
NetReplExportDirGetInfo
NetReplExportDirEnum
NetDfsAdd
NetApiBufferFree
NetDfsGetClientInfo
NetMessageBufferSend
NetReplImportDirLock
NetReplImportDirGetInfo
NetDfsSetClientInfo
NetShareAdd
NetValidateName
I_NetServerPasswordSet2
NetApiBufferReallocate
NetGroupGetUsers
NetUnregisterDomainNameChangeNotification
NetRegisterDomainNameChangeNotification
NetLocalGroupDel
NetQueryDisplayInformation
NetAlertRaise
NetServerDiskEnum
DsRoleFreeMemory
NetServerComputerNameAdd
DsUnquoteRdnValueA
DsFreeNameResultW
DsRemoveDsServerW
DsCrackNamesA
DsAddSidHistoryW
DsGetDomainControllerInfoW
DsBindWithSpnW
DsReplicaGetInfoW
DsBindWithSpnA
DsFreeSchemaGuidMapA
DsInheritSecurityIdentityA
DsListInfoForServerA
DsListDomainsInSiteA
DsUnBindA
DsQuoteRdnValueA
DsClientMakeSpnForTargetServerW
DsServerRegisterSpnA
DsReplicaAddW
DsCrackSpnA
DsReplicaDelW
DsCrackSpnW
DsReplicaAddA
DsReplicaSyncA
HPALETTE_UserFree
CoSuspendClassObjects
OleDestroyMenuDescriptor
CoUnloadingWOW
SNB_UserUnmarshal
CoEnableCallCancellation
CreateFileMoniker
CoFreeLibrary
StgSetTimes
CoRegisterSurrogate
HACCEL_UserUnmarshal
ReleaseStgMedium
CoRegisterMallocSpy
OleCreateLinkFromData
HMETAFILE_UserFree
RevokeDragDrop
OleGetClipboard
GetDocumentBitStg
CLIPFORMAT_UserFree
CoQueryProxyBlanket
CoCreateInstance
OleRegEnumVerbs
HBRUSH_UserMarshal
STGMEDIUM_UserMarshal
OleRun
HMENU_UserMarshal
CoSwitchCallContext
HMETAFILE_UserMarshal
OleIsCurrentClipboard
OleBuildVersion
WindowFromAccessibleObject
AccessibleObjectFromEvent
AccessibleObjectFromPoint
ObjectFromLresult
AccessibleChildren
CreateStdAccessibleProxyW
OleUIChangeIconW
OleUIAddVerbMenuW
OleUIBusyW
OleUIUpdateLinksA
OleUIObjectPropertiesA
OleUIAddVerbMenuA
OleUIPasteSpecialW
OleUIChangeIconA
OleUIEditLinksA
OleUIUpdateLinksW
OleUIChangeSourceW
OleUIInsertObjectA
RasSetOldPassword
RasValidateEntryNameA
RasCreatePhonebookEntryW
RasInvokeEapUI
RasGetSubEntryPropertiesW
RasConnectionNotificationW
RasSetCredentialsW
RasEditPhonebookEntryA
RasSetAutodialAddressA
RasGetEntryHrasconnW
RasEnumEntriesA
RasGetEntryDialParamsA
RasGetAutodialAddressA
RasGetAutodialParamW
RasGetCountryInfoW
RasGetAutodialParamA
RasIsSharedConnection
RasEnumDevicesW
RasAutodialEntryToNetwork
RasEnumAutodialAddressesW
RasAutodialAddressToNetwork
RasSetAutodialEnableW
RasFreeEapUserIdentityW
RasEnumConnectionsW
RasEnumAutodialAddressesA
RpcRevertToSelf
RpcSsDontSerializeContext
RpcServerRegisterAuthInfoA
NdrProxySendReceive
RpcProtseqVectorFreeA
I_RpcTransDatagramAllocate2
I_RpcBCacheAllocate
NdrDllRegisterProxy
NdrComplexArrayFree
NdrUserMarshalMarshall
NdrSimpleStructBufferSize
NdrConformantVaryingStructMemorySize
NdrContextHandleInitialize
RpcCertGeneratePrincipalNameW
NdrServerContextNewUnmarshall
I_RpcTransDatagramAllocate
NdrFixedArrayMemorySize
MesDecodeIncrementalHandleCreate
RpcCancelThreadEx
NdrMesTypeEncode
NdrRpcSsEnableAllocate
RpcEpUnregister
RpcBindingSetAuthInfoExA
NdrXmitOrRepAsUnmarshall
RpcBindingInqOption
RpcSmEnableAllocate
NdrMesSimpleTypeDecode
RpcBindingInqAuthInfoA
NDRCContextMarshall
NdrConformantVaryingStructBufferSize
SamDeleteAlias
SamDeleteGroup
SamSetInformationDomain
SamiChangePasswordUser
SamiEncryptPasswords
SamLookupDomainInSamServer
SamRemoveMemberFromGroup
SamFreeMemory
SamSetInformationGroup
SamOpenAlias
SamCloseHandle
SamCreateAliasInDomain
SamEnumerateGroupsInDomain
SamCreateUserInDomain
SamRemoveMemberFromForeignDomain
SamSetMemberAttributesOfGroup
SamCreateUser2InDomain
SamAddMemberToAlias
SamAddMemberToGroup
SamSetInformationUser
SamDeleteUser
SamiLmChangePasswordUser
SamiChangePasswordUser2
SamCreateGroupInDomain
HlinkNavigateMoniker
CoInternetGetSession
UrlMkSetSessionOption
IsAsyncMoniker
HlinkGoForward
URLDownloadA
URLOpenStreamW
HlinkGoBack
CoInternetCompareUrl
ReleaseBindInfo
FindMimeFromData
SetSoftwareUpdateAdvertisementState
URLOpenStreamA
CoInternetCreateZoneManager
URLOpenPullStreamA
IsJITInProgress
FindMediaTypeClass
RegisterFormatEnumerator
GetSoftwareUpdateInfo
IsLoggingEnabledA
UrlMkGetSessionOption
GetMessageA
GetCaretBlinkTime
CharLowerBuffW
GetGuiResources
SendInput
PostQuitMessage
SetMenuContextHelpId
SetMenuInfo
FlashWindowEx
SetClassLongA
VkKeyScanExA
SetDeskWallpaper
FrameRect
DrawIcon
LookupIconIdFromDirectoryEx
SetActiveWindow
GetCursorPos
DdeUnaccessData
CreatePopupMenu
GetClipCursor
SendMessageW
SetClipboardData
MapVirtualKeyExA
GetClassInfoW
SetCursorPos
GetThreadDesktop
CallNextHookEx
GetActiveWindow
ValidateRect
ToUnicode
GetWindowTextA
DestroyWindow
InternetSetCookieW
FtpRemoveDirectoryA
RetrieveUrlCacheEntryStreamA
CreateUrlCacheGroup
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
HttpAddRequestHeadersA
InternetGetLastResponseInfoA
FtpDeleteFileW
InternetGetCookieA
DeleteIE3Cache
FtpGetFileSize
InternetLockRequestFile
ReadUrlCacheEntryStream
FindNextUrlCacheContainerW
IsUrlCacheEntryExpiredA
SetUrlCacheEntryGroupA
InternetFindNextFileA
InternetTimeFromSystemTimeA
FtpSetCurrentDirectoryW
GopherGetAttributeA
FtpGetCurrentDirectoryA
InternetSetDialStateW
HttpSendRequestW
FtpRenameFileA
FtpOpenFileW
FindNextUrlCacheEntryExA
FtpFindFirstFileW
mciGetDeviceIDFromElementIDW
midiInOpen
SendDriverMessage
waveOutGetDevCapsA
timeSetEvent
midiStreamStop
mciGetDeviceIDFromElementIDA
midiOutGetErrorTextA
wod32Message
waveInPrepareHeader
mmioFlush
waveInMessage
mciGetCreatorTask
midiOutMessage
midiInGetID
auxSetVolume
waveOutGetPlaybackRate
mmGetCurrentTask
midiOutGetDevCapsW
sndPlaySoundA
timeGetTime
midiOutCacheDrumPatches
midiStreamClose
mmTaskYield
mmioStringToFOURCCW
mciGetDeviceIDW
CloseDriver
midiStreamProperty
DeviceCapabilitiesW
DocumentEvent
PrinterProperties
GetDefaultPrinterW
SetFormW
QuerySpoolMode
AddPrinterConnectionW
EnumPrinterDataA
ConfigurePortA
DeleteMonitorW
DeletePrinterDataExA
DEVICEMODE
SetPortA
GetFormA
StartDocDlgW
EnumMonitorsW
EnumPrinterDataExA
AddPrintProcessorW
EnumJobsW
AddFormA
PrinterMessageBoxW
FindFirstPrinterChangeNotification
DeletePrinterDriverExA
AddFormW
mssip32DllRegisterServer
mscat32DllRegisterServer
WVTAsn1SpcSigInfoDecode
CryptCATPutCatAttrInfo
WVTAsn1SpcIndirectDataContentEncode
OpenPersonalTrustDBDialog
HTTPSFinalProv
SoftpubLoadSignature
WTHelperGetProvCertFromChain
CryptCATAdminAddCatalog
WVTAsn1SpcPeImageDataDecode
WVTAsn1CatMemberInfoEncode
WTHelperCertIsSelfSigned
CryptCATAdminEnumCatalogFromHash
WTHelperOpenKnownStores
CryptCATStoreFromHandle
mssip32DllUnregisterServer
SoftpubCheckCert
CryptCATPutMemberInfo
WVTAsn1SpcPeImageDataEncode
WintrustGetRegPolicyFlags
CryptCATAdminReleaseCatalogContext
WTHelperGetProvPrivateDataFromChain
CryptCATPersistStore
WTHelperGetProvSignerFromChain
CryptCATEnumerateAttr
TrustOpenStores
CryptCATAdminAcquireContext
WintrustLoadFunctionPointers
WVTAsn1CatMemberInfoDecode
WSASocketA
WSARecvFrom
WSASendDisconnect
WSARecv
WSADuplicateSocketW
WSAAddressToStringA
WSAJoinLeaf
WSACloseEvent
send
getservbyport
WSAHtonl
WSAStringToAddressW
WSAGetServiceClassNameByClassIdW
WSAEventSelect
gethostbyname
WSASetLastError
WSCWriteNameSpaceOrder
closesocket
WSAIoctl
WSANtohs
setsockopt
bind
WSCEnumProtocols
WSAEnumNetworkEvents
WSCDeinstallProvider
WSAEnumNameSpaceProvidersW
sendto
getservbyname
Number of PE resources by type
RT_DIALOG 22
RT_GROUP_CURSOR 19
RT_STRING 19
Struct(15) 17
Struct(13) 9
RT_VXD 3
RT_VERSION 1
Number of PE resources by language
SPANISH PARAGUAY 55
ENGLISH AUS 35
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:01:24 18:01:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
147456

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
200704

SubsystemVersion
4.0

EntryPoint
0x20260

OSVersion
4.0

ImageVersion
6.2

UninitializedDataSize
0

File identification
MD5 4fc7395dcdf7e3f95338d21f25541abd
SHA1 cd7edb0d3ecb005261a3988067d81b9fc2f4206f
SHA256 c2cc2f42586179e421e9f2e2efe1d9347809d691e8a591bb1fe971b8528298a6
ssdeep
6144:mmtfiAbkP/8VTkxtCphub5TrWvMhK4JJq6zl40:H1iYECph2Rh9qQlV

authentihash 7973e1b78aa73821fca68262b33a0dba2fa63a31f162e41b18697b478fba9aee
imphash 5d36abd79aeae121b5ab146886c784bf
File size 215.0 KB ( 220160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-01 12:42:52 UTC ( 4 years, 8 months ago )
Last submission 2015-05-21 05:52:51 UTC ( 3 years, 10 months ago )
File names nxwgFHhmj.tar
ftc_pdf_complaint.pif
file-7188346_exe
amazon_order_invoice.pif
Uzedas
4FC7395DCDF7E3F95338D21F25541ABD.exe
Bwjqeihh.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.