× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c52a9af99dc5549f6ea15dc25a1cb21946f036a662841ed85ad93304332260b0
File name: vt-upload-eGP3F
Detection ratio: 21 / 53
Analysis date: 2014-07-12 09:30:48 UTC ( 4 years, 5 months ago )
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.58428 20140712
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20140712
AVG Zbot.LJJ 20140712
Bkav HW32.CDB.Ca42 20140711
CMC Trojan.Win32.Krap.1!O 20140711
ESET-NOD32 Win32/Spy.Zbot.AAO 20140712
Fortinet W32/Generic.AAO!tr 20140712
Kaspersky HEUR:Trojan.Win32.Generic 20140712
Kingsoft Win32.Troj.Undef.(kcloud) 20140712
Malwarebytes Spyware.Zbot.VXGen 20140712
McAfee RDN/Generic PWS.y!b2g 20140712
McAfee-GW-Edition RDN/Generic PWS.y!b2g 20140711
Microsoft PWS:Win32/Zbot 20140712
Qihoo-360 HEUR/Malware.QVM20.Gen 20140712
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140711
Sophos AV Troj/Agent-AHQI 20140712
Symantec WS.Reputation.1 20140712
Tencent Win32.Trojan.Bp-qqthief.Ixrn 20140712
TrendMicro TROJ_FORUCON.BMC 20140712
TrendMicro-HouseCall TROJ_FORUCON.BMC 20140712
VIPRE Trojan.Win32.Generic!BT 20140712
Ad-Aware 20140712
AegisLab 20140712
Yandex 20140711
AhnLab-V3 20140711
Avast 20140712
Baidu-International 20140712
BitDefender 20140712
ByteHero 20140712
CAT-QuickHeal 20140711
ClamAV 20140712
Commtouch 20140712
Comodo 20140712
DrWeb 20140712
F-Prot 20140712
F-Secure 20140712
GData 20140712
Ikarus 20140712
Jiangmin 20140712
K7AntiVirus 20140711
K7GW 20140711
eScan 20140712
NANO-Antivirus 20140712
Norman 20140712
nProtect 20140711
Panda 20140711
SUPERAntiSpyware 20140711
TheHacker 20140711
TotalDefense 20140711
VBA32 20140712
ViRobot 20140712
Zillya 20140710
Zoner 20140711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-09 05:26:52
Entry Point 0x0003E682
Number of sections 4
PE sections
PE imports
CryptUIFreeCertificatePropertiesPagesA
CryptUIDlgViewCTLW
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgViewSignerInfoA
CryptUIGetViewSignaturesPagesW
CryptUIWizDigitalSign
CryptUIDlgSelectStoreA
CryptUIDlgViewCRLA
CryptUIDlgSelectStoreW
CryptUIDlgViewSignerInfoW
ACUIProviderInvokeUI
CryptUIDlgViewCTLA
CryptUIFreeCertificatePropertiesPagesW
CryptUIStartCertMgr
CryptUIWizFreeDigitalSignContext
CryptUIDlgFreeCAContext
CryptUIDlgViewCertificatePropertiesA
CryptUIFreeViewSignaturesPagesW
CryptUIDlgSelectCertificateA
RemoveDirectoryA
FindVolumeClose
WNetCancelConnectionA
WNetGetNetworkInformationA
WNetDisconnectDialog1W
WNetGetUniversalNameW
WNetGetResourceInformationW
WNetAddConnection3W
WNetSetLastErrorA
WNetAddConnection2W
WNetOpenEnumA
WNetDisconnectDialog
WNetGetLastErrorW
WNetGetUserW
WNetGetResourceParentW
WNetGetUserA
WNetCloseEnum
WNetGetProviderNameA
CITextToSelectTree
CIRestrictionToFullTree
CollectFILTERPerformanceData
SetupCache
CollectCIPerformanceData
LoadTextFilter
SetupCacheEx
BeginCacheTransaction
InitializeFILTERPerformanceData
CIState
CITextToFullTree
InitializeCIISAPIPerformanceData
CollectCIISAPIPerformanceData
DoneCIPerformanceData
CiSvcMain
LoadBinaryFilter
CIMakeICommand
SvcEntry_CiSvc
CITextToFullTreeEx
DoneFILTERPerformanceData
SetCatalogState
RpcBindingSetObject
NdrRpcSsDefaultFree
RpcSmDisableAllocate
NdrFixedArrayBufferSize
NdrComplexArrayMemorySize
NdrDllCanUnloadNow
NdrServerInitializeUnmarshall
RpcSmSetThreadHandle
I_RpcTransDatagramAllocate2
IUnknown_AddRef_Proxy
NdrXmitOrRepAsFree
NdrConformantVaryingArrayBufferSize
NdrConformantStructUnmarshall
I_RpcDeleteMutex
NdrFullPointerQueryPointer
RpcCertGeneratePrincipalNameW
NdrConformantArrayMemorySize
I_RpcBCacheFree
RpcServerUseProtseqIfA
RpcCancelThread
RpcBindingInqAuthInfoExA
RpcBindingInqAuthInfoW
RpcAsyncCompleteCall
RpcSmSwapClientAllocFree
I_RpcConnectionSetSockBuffSize
MesEncodeFixedBufferHandleCreate
RpcMgmtStopServerListening
NdrUserMarshalBufferSize
NdrComplexStructFree
RpcSsSetThreadHandle
AcceptSecurityContext
ApplyControlToken
LsaUnregisterPolicyChangeNotification
AddSecurityPackageW
SaslGetProfilePackageW
LsaCallAuthenticationPackage
InitSecurityInterfaceW
QueryCredentialsAttributesW
DeleteSecurityPackageA
AddCredentialsA
VerifySignature
ImportSecurityContextW
TranslateNameW
SaslInitializeSecurityContextW
QuerySecurityContextToken
LsaRegisterLogonProcess
CompleteAuthToken
AcquireCredentialsHandleA
GetComputerObjectNameW
RevertSecurityContext
UnsealMessage
EncryptMessage
lineGetTranslateCapsW
lineCompleteTransfer
lineSetCallQualityOfService
lineSetAgentState
lineGetQueueInfo
lineRedirectW
lineGetAddressCapsW
phoneGetIDA
phoneSetHookSwitch
phoneGetButtonInfoW
lineConfigDialogA
lineSetupConferenceA
phoneDevSpecific
MMCGetServerConfig
lineDialA
phoneSetData
lineAddProviderA
lineGetAgentActivityListA
phoneShutdown
lineSetTollListW
lineClose
internalConfig
lineGetIDA
phoneInitializeExW
lineOpenA
linePrepareAddToConferenceW
phoneSetGain
lineSecureCall
lineProxyMessage
lineRemoveFromConference
lineGetDevCapsA
tapiRequestMediaCallA
wvsprintfA
CryptCATCDFEnumMembersByCDFTagEx
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
CryptSIPPutSignedDataMsg
CryptCATEnumerateAttr
MsCatConstructHashTag
HTTPSFinalProv
WTHelperProvDataFromStateData
WTHelperGetFileName
CryptCATAdminAddCatalog
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcSigInfoEncode
SoftpubLoadSignature
WTHelperCertIsSelfSigned
TrustDecode
WVTAsn1SpcIndirectDataContentDecode
CryptCATEnumerateMember
WintrustGetRegPolicyFlags
WintrustCertificateTrust
WintrustAddActionID
IsCatalogFile
OfficeInitializePolicy
WinVerifyTrust
mscat32DllUnregisterServer
WVTAsn1SpcSpOpusInfoEncode
CryptCATCDFEnumAttributes
WTSEnumerateSessionsA
WTSSetUserConfigA
WTSSetSessionInformationA
WTSCloseServer
WTSSendMessageW
WTSTerminateProcess
WTSVirtualChannelWrite
WTSQueryUserConfigW
WTSVirtualChannelClose
WTSFreeMemory
WTSQuerySessionInformationW
WTSSendMessageA
WTSSetSessionInformationW
WTSSetUserConfigW
WTSOpenServerW
WTSVirtualChannelQuery
WTSDisconnectSession
WTSQueryUserConfigA
Number of PE resources by type
RT_DLGINCLUDE 10
RT_MESSAGETABLE 9
RT_STRING 9
RT_ICON 8
RT_RCDATA 7
RT_ANIICON 6
RT_MENU 6
RT_VXD 6
Struct(13) 5
RT_BITMAP 5
RT_PLUGPLAY 3
Struct(18) 2
RT_ACCELERATOR 2
RT_CURSOR 2
RT_VERSION 1
Number of PE resources by language
SPANISH VENEZUELA 57
ENGLISH AUS 24
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:02:09 06:26:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
262656

LinkerVersion
8.0

FileAccessDate
2014:07:12 10:33:51+01:00

EntryPoint
0x3e682

InitializedDataSize
80896

SubsystemVersion
4.0

ImageVersion
10.3

OSVersion
4.0

FileCreateDate
2014:07:12 10:33:51+01:00

UninitializedDataSize
0

File identification
MD5 e58db26ced5aaea0ac564132c2bef36b
SHA1 af60838b28a4d9743e11a2cc8ccfb683c047013f
SHA256 c52a9af99dc5549f6ea15dc25a1cb21946f036a662841ed85ad93304332260b0
ssdeep
6144:E8+LzulO01G4aUKsHr6gCJR4Ju0v/b15mMvvY3Zy83T:E9/QOgbL6f8Juy/b15vAZz

imphash 0efca77689e4f9ebd25f91fd4332fd30
File size 336.5 KB ( 344576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-12 09:30:48 UTC ( 4 years, 5 months ago )
Last submission 2014-07-12 09:30:48 UTC ( 4 years, 5 months ago )
File names vt-upload-eGP3F
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests