× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c747166821b3bca2d72122409f02f62e35ce026e8a10a072d1a41472b1209fec
File name: 15b7039c71465a24839dfc96f63e6461.virobj
Detection ratio: 43 / 57
Analysis date: 2015-09-26 09:51:09 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.384020 20150926
Yandex TrojanSpy.Zbot!hCOlae1tMpA 20150925
ALYac Gen:Variant.Kazy.384020 20150926
Antiy-AVL Trojan/Win32.SGeneric 20150926
Arcabit Trojan.Kazy.D5DC14 20150926
Avast Win32:Agent-ATVN [Trj] 20150926
AVG Zbot.JAM 20150926
Avira (no cloud) TR/Kazy.384020 20150926
AVware Trojan.Win32.Generic!BT 20150926
Baidu-International Trojan.Win32.Zbot.AAO 20150926
BitDefender Gen:Variant.Kazy.384020 20150926
Bkav HW32.Packed.973E 20150925
CAT-QuickHeal TrojanSpy.Zbot.r4 20150926
Comodo UnclassifiedMalware 20150926
DrWeb Trojan.PWS.Panda.2977 20150926
Emsisoft Gen:Variant.Kazy.384020 (B) 20150926
ESET-NOD32 Win32/Spy.Zbot.AAO 20150926
F-Secure Gen:Variant.Kazy.384020 20150925
Fortinet W32/Zbot.SWIE!tr 20150926
GData Gen:Variant.Kazy.384020 20150926
Ikarus Trojan-Spy.Zbot 20150926
Jiangmin Pack.Obfu.Gen 20150925
K7AntiVirus Spyware ( 0029a43a1 ) 20150926
K7GW Spyware ( 0029a43a1 ) 20150926
Kaspersky HEUR:Trojan.Win32.Generic 20150926
Kingsoft Win32.Troj.Zbot.sw.(kcloud) 20150926
Malwarebytes Spyware.Zbot.VXGen 20150926
McAfee RDN/Spybot.bfr!l 20150926
McAfee-GW-Edition BehavesLike.Win32.PackedAP.dc 20150926
Microsoft PWS:Win32/Zbot!CI 20150926
eScan Gen:Variant.Kazy.384020 20150926
NANO-Antivirus Trojan.Win32.Zbot.cznzil 20150926
Panda Generic Suspicious 20150926
Qihoo-360 HEUR/Malware.QVM20.Gen 20150926
Rising PE:Trojan.Kryptik!1.9A50[F1] 20150925
Sophos AV Troj/Agent-AHEI 20150926
SUPERAntiSpyware Trojan.Agent/Gen-Kazy 20150926
Symantec Trojan.Gen 20150925
Tencent Win32.Trojan-spy.Zbot.Dzal 20150926
TrendMicro TROJ_CRILOCK.SMN 20150926
TrendMicro-HouseCall TROJ_CRILOCK.SMN 20150926
VIPRE Trojan.Win32.Generic!BT 20150926
Zillya Trojan.Zbot.Win32.156936 20150926
AegisLab 20150926
AhnLab-V3 20150925
Alibaba 20150925
ByteHero 20150926
ClamAV 20150926
CMC 20150925
Cyren 20150926
F-Prot 20150926
nProtect 20150925
TheHacker 20150923
TotalDefense 20150926
VBA32 20150924
ViRobot 20150926
Zoner 20150926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher iolo technologies, LLC
Original name Tenok.exe
Internal name Uwit
File version 10, 9, 1
Description Voq Tohy Ajeqis
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-10 16:39:38
Entry Point 0x0001226D
Number of sections 4
PE sections
PE imports
ReplaceTextA
GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
GetOpenFileNameA
FindTextW
PrintDlgExA
LoadAlterBitmap
PageSetupDlgW
CryptUIDlgViewCTLW
CryptUIDlgSelectStoreA
CryptUIDlgViewSignerInfoA
CryptUIFreeViewSignaturesPagesA
CryptUIDlgSelectCertificateW
CryptUIWizDigitalSign
CryptUIDlgViewCertificatePropertiesW
CryptUIGetCertificatePropertiesPagesW
ACUIProviderInvokeUI
CryptUIStartCertMgr
CryptUIWizFreeDigitalSignContext
CryptUIFreeViewSignaturesPagesW
CryptUIDlgSelectCertificateA
PlayEnhMetaFileRecord
PolylineTo
CreateFontIndirectW
CreateICW
EndPath
GetClipBox
GetROP2
GetViewportOrgEx
GetBitmapBits
GetMetaFileBitsEx
GetMetaFileW
GetPixelFormat
GetMetaFileA
BitBlt
CreateDIBSection
GetTextFaceA
CreateHatchBrush
ExtTextOutW
GetOutlineTextMetricsA
DeleteColorSpace
OffsetViewportOrgEx
GdiEndPageEMF
ExtEscape
EndPage
SetDIBColorTable
ResetDCA
CreateScalableFontResourceA
GetStretchBltMode
CombineTransform
GetBkColor
CreatePenIndirect
LocalLock
SystemTimeToFileTime
EnumResourceTypesA
GetVersionExW
GetCommMask
FatalExit
GetCommProperties
LoadModule
SetLocaleInfoW
GlobalLock
EscapeCommFunction
CancelIo
GetComputerNameW
GetTimeFormatW
FindResourceExA
FoldStringW
WaitForDebugEvent
lstrcmpA
FindFirstFileA
EnumResourceNamesA
GetComputerNameExW
GetLongPathNameW
PrepareTape
GetBinaryTypeA
ResumeThread
GetNumberFormatW
GetProcessAffinityMask
GlobalAlloc
IsBadReadPtr
SetWaitableTimer
FindFirstVolumeMountPointA
GetEnvironmentVariableW
acmDriverAddA
XRegThunkEntry
acmDriverMessage
acmDriverEnum
acmFilterTagEnumA
acmDriverClose
acmDriverRemove
acmDriverDetailsW
acmFormatSuggest
acmStreamPrepareHeader
acmFormatEnumA
acmFilterEnumW
acmStreamConvert
acmStreamSize
acmDriverPriority
acmDriverDetailsA
acmFormatTagDetailsW
InstallColorProfileA
InternalGetDeviceConfig
ConvertColorNameToIndex
GetPS2ColorRenderingIntent
GetColorProfileHeader
InstallColorProfileW
GetNamedProfileInfo
GetColorDirectoryW
DisassociateColorProfileFromDeviceW
GetColorDirectoryA
CreateProfileFromLogColorSpaceW
GetColorProfileFromHandle
UninstallColorProfileA
SetColorProfileHeader
GetStandardColorSpaceProfileA
InternalGetPS2CSAFromLCS
GenerateCopyFilePaths
InternalGetPS2ColorRenderingDictionary
GetPS2ColorSpaceArray
SelectCMM
TranslateBitmapBits
IsColorProfileValid
TranslateColors
NetSessionGetInfo
NetReplExportDirAdd
NetDfsRemoveFtRoot
NetUserAdd
NetReplSetInfo
NetUnjoinDomain
I_NetLogonControl
NetApiBufferSize
NetWkstaSetInfo
NetDfsGetClientInfo
NetServerDiskEnum
RxNetAccessDel
NetGetJoinInformation
DsGetDcNameA
CoFileTimeNow
HDC_UserUnmarshal
CoQueryClientBlanket
HICON_UserFree
ReadOleStg
IsValidIid
CoGetApartmentID
CoGetTreatAsClass
CoAddRefServerProcess
OleRegGetMiscStatus
StgGetIFillLockBytesOnILockBytes
RevokeDragDrop
ReadFmtUserTypeStg
HBRUSH_UserFree
GetDocumentBitStg
HENHMETAFILE_UserFree
CreateOleAdviseHolder
StgIsStorageILockBytes
HENHMETAFILE_UserUnmarshal
CoReleaseServerProcess
OleMetafilePictFromIconAndLabel
OleRegEnumFormatEtc
OleFlushClipboard
StgOpenAsyncDocfileOnIFillLockBytes
UtGetDvtd32Info
StgCreatePropStg
HMETAFILEPICT_UserSize
HMENU_UserSize
WdtpInterfacePointer_UserSize
CoReleaseMarshalData
GetHookInterface
RpcBindingToStringBindingA
I_RpcClearMutex
NdrNonEncapsulatedUnionUnmarshall
RpcServerRegisterAuthInfoA
RpcProtseqVectorFreeW
RpcStringBindingParseW
NdrPointerFree
RpcMgmtSetComTimeout
NdrCorrelationFree
RpcServerYield
NdrRpcSmClientFree
RpcStringFreeA
MesDecodeBufferHandleCreate
NdrStubCall
NdrDllGetClassObject
NdrConformantArrayUnmarshall
RpcBindingInqAuthClientA
RpcServerUseProtseqEpA
I_RpcDeleteMutex
RpcMgmtInqIfIds
NdrSimpleTypeUnmarshall
NdrStubGetBuffer
I_RpcSend
NdrNonConformantStringBufferSize
RpcSmSwapClientAllocFree
MesEncodeFixedBufferHandleCreate
RpcServerUseProtseqEpExW
RpcObjectSetType
I_RpcTransGetThreadEvent
NdrClientContextUnmarshall
RpcServerRegisterIf2
RpcBindingCopy
SendNotifyMessageA
SetMenuInfo
GetWindowRgn
EnumDesktopsW
SetMenuContextHelpId
FindWindowA
DrawStateW
LoadMenuW
IMPGetIMEW
IMPSetIMEW
OpenIcon
DdeAddData
GetNextDlgGroupItem
SetCaretBlinkTime
ActivateKeyboardLayout
RegisterClipboardFormatW
DrawTextA
SetWindowTextA
GetSubMenu
GetQueueStatus
UnpackDDElParam
GetThreadDesktop
SetRect
GetWindowLongA
CountClipboardFormats
EnumClipboardFormats
IsWindowUnicode
ToAscii
LoadAcceleratorsW
GetGUIThreadInfo
ToAsciiEx
mxd32Message
waveInOpen
midiStreamStop
mciGetDeviceIDFromElementIDA
mmDrvInstall
midiConnect
waveOutOpen
mmioFlush
waveOutGetNumDevs
midiInReset
midiOutReset
joyGetPosEx
waveInGetDevCapsW
mmioOpenW
mixerGetID
waveOutClose
midiInClose
mciDriverNotify
midiOutGetDevCapsA
timeGetDevCaps
DrvGetModuleHandle
waveInGetNumDevs
mmioInstallIOProcW
mmsystemGetVersion
mixerGetControlDetailsA
waveInStart
mmioInstallIOProcA
mciSendCommandA
mci32Message
EnumFormsW
EnumPortsW
FreePrinterNotifyInfo
AddMonitorW
ConvertAnsiDevModeToUnicodeDevmode
SetFormW
GetPrinterW
ConfigurePortW
EnumPrintProcessorsW
CommitSpoolData
GetPrinterDataExA
EnumPrintProcessorsA
ClosePrinter
AddPrinterConnectionA
DeletePrinterIC
StartPagePrinter
DeletePrinterKeyA
AddPrintProcessorA
DeletePrinterDataW
GetJobW
DeletePrinterKeyW
DeletePrintProvidorW
DeleteFormW
SeekPrinter
FlushPrinter
GetPrinterDriverDirectoryW
SetJobA
SplDriverUnloadComplete
SetPrinterDataA
SoftpubDllUnregisterServer
DriverInitializePolicy
SoftpubAuthenticode
WVTAsn1SpcIndirectDataContentEncode
WTHelperProvDataFromStateData
CryptSIPGetSignedDataMsg
WinVerifyTrustEx
WVTAsn1SpcSigInfoEncode
CryptCATHandleFromStore
DriverFinalPolicy
AddPersonalTrustDBPages
CryptCATCDFEnumMembers
WVTAsn1SpcStatementTypeEncode
SoftpubCleanup
CryptCATEnumerateCatAttr
DriverCleanupPolicy
SoftpubCheckCert
TrustFindIssuerCertificate
WVTAsn1SpcIndirectDataContentDecode
CryptCATAdminAcquireContext
WintrustGetRegPolicyFlags
WintrustCertificateTrust
WTHelperGetFileHandle
WintrustAddActionID
CryptSIPVerifyIndirectData
SoftpubInitialize
WintrustRemoveActionID
CryptCATCDFClose
CryptCATEnumerateMember
Number of PE resources by type
RT_DIALOG 205
RT_ICON 193
RT_VERSION 1
Number of PE resources by language
ENGLISH EIRE 399
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:02:10 17:39:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
86016

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
380928

SubsystemVersion
5.0

EntryPoint
0x1226d

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
0

File identification
MD5 15b7039c71465a24839dfc96f63e6461
SHA1 13e0b6a20fb7d584710ea88ce3e424f2321ae6cc
SHA256 c747166821b3bca2d72122409f02f62e35ce026e8a10a072d1a41472b1209fec
ssdeep
3072:qfMP8t4EQUKicowHW9HoZE2H7oJzDn2F0ajkRhsTTgh+zpUFZD6m9IUMxM4w7Zs6:KtbuiTXmHgz7CjkzkqzkmiyXNZqUKW4

authentihash 647d6eb871c81e93f60b24055f18b19b2a48f62d2b497f4616f3c016af0bcdeb
imphash c6f062aac38dc02082bccb442f64a141
File size 258.5 KB ( 264704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-23 20:47:55 UTC ( 4 years, 9 months ago )
Last submission 2015-09-26 09:51:09 UTC ( 3 years, 4 months ago )
File names 80oPIplLl.wsf
Uwit
Tenok.exe
virussign.com_15b7039c71465a24839dfc96f63e6461.vir
c747166821b3bca2d72122409f02f62e35ce026e8a10a072d1a41472b1209fec.bin
15b7039c71465a24839dfc96f63e6461.virobj
15b7039c71465a24839dfc96f63e6461
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests