× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3a06e5234624fe08dbd10922bfce03009bd6e0b53eedbc2b74e9bf03933edaa
File name: vt-upload-qjcMI
Detection ratio: 23 / 53
Analysis date: 2014-05-15 21:36:52 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.141315 20140515
Yandex TrojanSpy.Zbot!owP90DhDnCs 20140515
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140515
Avast Win32:Dropper-gen [Drp] 20140515
AVG Inject2.AERY 20140515
BitDefender Gen:Variant.Graftor.141315 20140515
Bkav HW32.CDB.262d 20140515
Emsisoft Gen:Variant.Graftor.141315 (B) 20140515
ESET-NOD32 a variant of Win32/Injector.BDPY 20140515
Fortinet W32/Simda.NEX!tr 20140515
GData Gen:Variant.Graftor.141315 20140515
Kaspersky Trojan-Spy.Win32.Zbot.slaa 20140515
Malwarebytes Spyware.Zbot.VXGen 20140515
McAfee PWSZbot-FXW!7BFC781C3A17 20140515
McAfee-GW-Edition PWSZbot-FXW!7BFC781C3A17 20140515
Microsoft PWS:Win32/Zbot.gen!Y 20140515
eScan Gen:Variant.Graftor.141315 20140515
Qihoo-360 Win32/Trojan.Spy.0c1 20140515
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140507
Sophos AV Mal/Ransom-CO 20140515
TrendMicro TROJ_GEN.R0CBC0DEF14 20140515
TrendMicro-HouseCall TROJ_GEN.R0CBC0DEF14 20140515
VIPRE Trojan.Win32.Generic!BT 20140515
AegisLab 20140515
AhnLab-V3 20140515
AntiVir 20140515
Baidu-International 20140515
ByteHero 20140515
CAT-QuickHeal 20140515
ClamAV 20140515
CMC 20140512
Commtouch 20140515
Comodo 20140515
DrWeb 20140515
F-Prot 20140515
F-Secure 20140515
Ikarus 20140515
Jiangmin 20140515
K7AntiVirus 20140515
K7GW 20140515
Kingsoft 20140515
NANO-Antivirus 20140515
Norman 20140515
nProtect 20140515
Panda 20140515
SUPERAntiSpyware 20140515
Symantec 20140515
Tencent 20140515
TheHacker 20140515
TotalDefense 20140515
VBA32 20140514
ViRobot 20140515
Zillya 20140514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
 2000

Publisher Dachshund Software
Product Ewi
Original name Vlfckg.exe
Internal name Lal
File version 9, 8, 3
Description Fuzep Nykuby Ytifyby
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-24 15:49:27
Entry Point 0x0000F3B6
Number of sections 5
PE sections
PE imports
LsaSetSystemAccessAccount
LsaLookupPrivilegeDisplayName
OpenINFEngine
RebootCheckOnInstall
SetPerUserSecValues
GetClusterNodeKey
ClusterOpenEnum
AddClusterResourceDependency
ClusterGroupCloseEnum
CloseClusterNetInterface
ClusterRegGetKeySecurity
FailClusterResource
SetClusterNetworkName
SetClusterQuorumResource
GetClusterNetInterfaceState
AddClusterResourceNode
GetClusterResourceTypeKey
ClusterResourceTypeCloseEnum
GetClusterFromGroup
OpenClusterNetInterface
GetClusterResourceNetworkName
ClusterResourceControl
SetClusterGroupNodeList
GetNodeClusterState
ResumeClusterNode
OpenClusterNetwork
GetClusterNodeId
OpenClusterNode
CloseCluster
ClusterResourceTypeControl
OnlineClusterGroup
CreateClusterNotifyPort
DeleteClusterGroup
ClusterNodeControl
CreatePropertySheetPageW
FlatSB_EnableScrollBar
ImageList_GetDragImage
PrintDlgA
PrintDlgExW
ReplaceTextA
FindTextA
GetFileTitleW
ChooseFontW
GetSaveFileNameW
GetFileTitleA
ReplaceTextW
CommDlgExtendedError
PrintDlgExA
ChooseFontA
SystemTimeToFileTime
CreateDirectoryExW
ReadDirectoryChangesW
GetNumberFormatA
LCMapStringA
CreateJobObjectW
ExitProcess
EnumCalendarInfoW
RpcBindingSetObject
RpcSmDisableAllocate
RpcSmDestroyClientContext
RpcBindingToStringBindingW
RpcImpersonateClient
I_RpcBindingToStaticStringBindingW
NdrEncapsulatedUnionMarshall
NdrDllRegisterProxy
NdrConformantVaryingArrayBufferSize
NdrConformantStructMarshall
NdrConformantArrayMarshall
NdrStubForwardingFunction
I_RpcIfInqTransferSyntaxes
RpcServerUnregisterIf
NdrServerCall2
DceErrorInqTextW
RpcMgmtInqDefaultProtectLevel
NdrFullPointerQueryPointer
NdrConformantArrayFree
I_RpcSend
RpcServerUseAllProtseqsIfEx
MesEncodeDynBufferHandleCreate
RpcIfIdVectorFree
RpcServerUseProtseqIfW
NdrSendReceive
NdrFixedArrayUnmarshall
RpcMgmtSetAuthorizationFn
NdrEncapsulatedUnionBufferSize
MesBufferHandleReset
UuidHash
RpcServerRegisterIf
GetCursorPos
IsWindowUnicode
GetFocus
Number of PE resources by type
RT_MENU 204
RT_DIALOG 192
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 397
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:04:24 16:49:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
9.0

FileAccessDate
2014:05:15 23:16:54+01:00

EntryPoint
0xf3b6

InitializedDataSize
458752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:05:15 23:16:54+01:00

UninitializedDataSize
0

File identification
MD5 7bfc781c3a17178d0a45beeb9a67f977
SHA1 bee0e5c8740ab7daa36b683ce460a5b00d96afaf
SHA256 c3a06e5234624fe08dbd10922bfce03009bd6e0b53eedbc2b74e9bf03933edaa
ssdeep
6144:eBFfr6jD7QD8DrNwHvkvlRt04SXOIyM7mNx:iG7RDrqMtTSXX7Ex

imphash a6b2d92a75de3095c7e5fc558d812cd9
File size 227.0 KB ( 232448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-15 21:36:52 UTC ( 4 years, 10 months ago )
Last submission 2014-05-15 21:36:52 UTC ( 4 years, 10 months ago )
File names Lal
Vlfckg.exe
vt-upload-qjcMI
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.