× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c8875aa05c8365744de8533a74c158de144cca639e613ad5b8a86e2d7c5ae9a4
File name: TIyYEIqp
Detection ratio: 48 / 54
Analysis date: 2014-12-05 05:13:32 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.Zbot.5 20141205
Yandex Trojan.Meredrop!BdCUmmLOQWc 20141203
AhnLab-V3 Backdoor/Win32.Protector 20141204
Antiy-AVL Trojan[Packed]/Win32.Krap 20141205
Avast Win32:Trojan-gen 20141205
AVG Generic18.IWK 20141204
Avira (no cloud) TR/Dropper.Gen 20141205
AVware Trojan-Spy.Win32.Zbot.gen.y.2 (v) 20141205
Baidu-International Trojan.Win32.Krap.Aeo 20141204
BitDefender Gen:Trojan.Heur.Zbot.5 20141205
Bkav W32.ProtectorBS.Trojan 20141204
ByteHero Trojan.Malware.Obscu.Gen.002 20141205
ClamAV Win.Trojan.Protector-72 20141205
CMC Backdoor.Win32.Protector!O 20141204
Comodo Heur.Suspicious 20141204
Cyren W32/Risk.ZOHQ-0693 20141205
DrWeb Trojan.Proxy.14858 20141205
ESET-NOD32 Win32/Wigon.KQ 20141205
F-Prot W32/Dropper.AZHQ 20141205
Fortinet W32/Protector.BS!tr.bdr 20141205
GData Gen:Trojan.Heur.Zbot.5 20141205
Ikarus Backdoor.Win32.Protector 20141205
Jiangmin Backdoor/Protector.ae 20141204
K7AntiVirus Backdoor ( 04c4ea261 ) 20141204
K7GW Backdoor ( 04c4ea261 ) 20141204
Kaspersky Packed.Win32.Krap.hk 20141205
Kingsoft Win32.Troj.Protector.bs.(kcloud) 20141205
Malwarebytes Trojan.Meredrop 20141205
McAfee Generic.dx!4B22E1F25A01 20141205
McAfee-GW-Edition Generic.dx!4B22E1F25A01 20141205
Microsoft TrojanDownloader:Win32/Cutwail 20141205
eScan Gen:Trojan.Heur.Zbot.5 20141205
NANO-Antivirus Trojan.Win32.Protector.bjtae 20141205
Norman Suspicious_Gen3.GCIJ 20141204
nProtect Backdoor/W32.Protector.35328 20141204
Panda Generic Malware 20141204
Qihoo-360 Malware.Radar01.Gen 20141205
Sophos AV Mal/FakeAV-CH 20141205
SUPERAntiSpyware Trojan.Agent/Gen-Falofn 20141205
Symantec Trojan.Gen 20141205
Tencent Win32.Packed.Krap.Pcso 20141205
TheHacker Trojan/Wigon.kq 20141205
TotalDefense Win32/Gobacker.GL 20141204
TrendMicro TROJ_MEREDROP.OJ 20141205
TrendMicro-HouseCall TROJ_MEREDROP.OJ 20141205
VIPRE Trojan-Spy.Win32.Zbot.gen.y.2 (v) 20141205
ViRobot Backdoor.Win32.A.Protector.35328 20141205
Zillya Backdoor.Protector.Win32.45 20141204
AegisLab 20141205
ALYac 20141205
CAT-QuickHeal 20141204
Rising 20141204
VBA32 20141204
Zoner 20141204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
ewTDyTS Copyright (C) 2009

Product TIyYEIqp Application
Original name CcvJcOUCeGroh.exe
Internal name TIyYEIqp
File version 7, 6, 0, 1
Description uzkdFNGjAMCpqJ
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-06-09 11:47:03
Entry Point 0x00003424
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
LocalAlloc
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
GetCPInfo
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
LocalFree
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetVersion
VirtualAlloc
SetLastError
LeaveCriticalSection
RegisterClassExW
MapVirtualKeyA
GetParent
IntersectRect
GetScrollPos
CreateCaret
ScreenToClient
InsertMenuItemW
GetPropA
EndPaint
BeginDeferWindowPos
SetWindowLongW
IsWindow
ReleaseCapture
InflateRect
EnableWindow
SetCapture
SetMenuItemInfoA
GetMessageTime
GetWindow
GetSysColor
SetScrollInfo
EndDeferWindowPos
MapDialogRect
GetDlgCtrlID
IsWindowEnabled
GetDlgItem
DrawTextW
LoadCursorA
ClientToScreen
GetKeyNameTextW
CreateMenu
CallWindowProcW
GetMenuItemInfoA
DeferWindowPos
SetWindowsHookExW
LockWindowUpdate
GetClassNameA
CreateWindowExW
ScrollWindow
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
150016

ImageVersion
0.0

ProductName
TIyYEIqp Application

FileVersionNumber
7.6.0.1

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
CcvJcOUCeGroh.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7, 6, 0, 1

TimeStamp
2010:06:09 12:47:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TIyYEIqp

FileAccessDate
2014:12:05 06:13:33+01:00

ProductVersion
7, 6, 0, 1

FileDescription
uzkdFNGjAMCpqJ

OSVersion
4.0

FileCreateDate
2014:12:05 06:13:33+01:00

FileOS
Win32

LegalCopyright
ewTDyTS Copyright (C) 2009

MachineType
Intel 386 or later, and compatibles

CodeSize
20480

FileSubtype
0

ProductVersionNumber
7.6.0.1

EntryPoint
0x3424

ObjectFileType
Executable application

File identification
MD5 4b22e1f25a014c8ba6dbd8d2af49bd0c
SHA1 038fdfb6ec732adbb4fc59f777d572006455a6e9
SHA256 c8875aa05c8365744de8533a74c158de144cca639e613ad5b8a86e2d7c5ae9a4
ssdeep
768:6vYtYFdrAUf9dLG72LgPD58FTToKxDuLTlHRsIQtdM43+w5x:6vYtqrX+PD58FTTzsLhUty43+w5x

authentihash d2353445607010bf920271b9bb2e7c8342f4ac91a51ad328f3907f8ee188db4a
imphash 10f3cfb664c923df354e3d2be411ed1c
File size 34.5 KB ( 35328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2010-06-09 14:05:48 UTC ( 7 years, 5 months ago )
Last submission 2012-12-24 13:03:35 UTC ( 4 years, 11 months ago )
File names M4K20Oik65.ocx
TIyYEIqp
Gk7fGoN4.msc
aa
CcvJcOUCeGroh.exe
4b22e1f25a014c8ba6dbd8d2af49bd0c
1276443900.err1.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!