× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cc71a86760d8ff1da52fb52ef9c0cc30ebcd53f843b07de5e59e8c46bb3fcb35
File name: Images
Detection ratio: 38 / 56
Analysis date: 2014-12-11 14:28:55 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.Emotet.B 20141211
AhnLab-V3 Trojan/Win32.MDA 20141211
ALYac Trojan.Emotet.B 20141211
Antiy-AVL Trojan/Win32.SGeneric 20141211
Avast Win32:Crypt-RNW [Trj] 20141211
AVG SHeur4.CEIE 20141211
Avira (no cloud) TR/ZbotCitadel.A.1009 20141211
AVware Trojan.Win32.Generic!BT 20141211
Baidu-International Trojan.Win32.Zbot.AaX 20141211
BitDefender Trojan.Emotet.B 20141211
Comodo UnclassifiedMalware 20141211
Cyren W32/Trojan.NPVQ-1148 20141211
DrWeb Trojan.Emotet.50 20141211
Emsisoft Trojan.Emotet.B (B) 20141211
ESET-NOD32 a variant of Win32/Injector.BQQF 20141211
F-Prot W32/Trojan2.OMJR 20141211
F-Secure Trojan.Emotet.B 20141211
Fortinet W32/Emotet.AB!tr 20141210
GData Trojan.Emotet.B 20141211
Ikarus Trojan-Spy.Zbot 20141211
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20141211
K7GW Unwanted-Program ( 004a8e8a1 ) 20141211
Kaspersky Trojan-Spy.Win32.Zbot.uqqy 20141211
Malwarebytes Spyware.Zbot.ED 20141211
McAfee Generic-FAVO!A4444FB8B606 20141211
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fc 20141211
Microsoft VirTool:Win32/CeeInject.gen!KK 20141211
eScan Trojan.Emotet.B 20141211
NANO-Antivirus Trojan.Win32.Emotet.djrsxx 20141211
Norman Emotet.AE 20141211
nProtect Trojan.Emotet.B 20141211
Panda Generic Malware 20141211
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20141211
Symantec Trojan.Zbot 20141211
Tencent Win32.Backdoor.Bp-generic.Oayz 20141211
TotalDefense Win32/Tnega.CLQFUK 20141211
TrendMicro-HouseCall TROJ_GEN.R04AH09L414 20141211
VIPRE Trojan.Win32.Generic!BT 20141211
AegisLab 20141211
Yandex 20141211
Bkav 20141210
ByteHero 20141211
CAT-QuickHeal 20141210
ClamAV 20141211
CMC 20141211
Jiangmin 20141210
Kingsoft 20141211
Rising 20141210
Sophos 20141211
SUPERAntiSpyware 20141211
TheHacker 20141208
TrendMicro 20141211
VBA32 20141211
ViRobot 20141211
Zillya 20141210
Zoner 20141210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2011

Publisher
Product Images
Original name Images.exe
Internal name Images
File version 1, 0, 0, 1
Description Images
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-02 15:31:02
Entry Point 0x00005000
Number of sections 4
PE sections
PE imports
ImageList_Draw
ImageList_AddMasked
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetModuleFileNameW
GetStartupInfoW
CreateFileW
GetModuleHandleW
Ord(3820)
Ord(2406)
Ord(2438)
Ord(4621)
Ord(537)
Ord(5298)
Ord(1634)
Ord(354)
Ord(2980)
Ord(6371)
Ord(1971)
Ord(925)
Ord(6113)
Ord(5237)
Ord(665)
Ord(4073)
Ord(6048)
Ord(5278)
Ord(5006)
Ord(3733)
Ord(755)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(2873)
Ord(3917)
Ord(1569)
Ord(6370)
Ord(815)
Ord(366)
Ord(3257)
Ord(2717)
Ord(641)
Ord(4155)
Ord(5233)
Ord(1165)
Ord(2388)
Ord(3566)
Ord(567)
Ord(3076)
Ord(3345)
Ord(1633)
Ord(4430)
Ord(3142)
Ord(5285)
Ord(6195)
Ord(2400)
Ord(5097)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(5261)
Ord(2874)
Ord(540)
Ord(4692)
Ord(3737)
Ord(1767)
Ord(384)
Ord(2371)
Ord(975)
Ord(4480)
Ord(4229)
Ord(823)
Ord(415)
Ord(2047)
Ord(2504)
Ord(6166)
Ord(5257)
Ord(6451)
Ord(800)
Ord(5157)
Ord(4298)
Ord(470)
Ord(6051)
Ord(5593)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(2641)
Ord(1834)
Ord(674)
Ord(4831)
Ord(2715)
Ord(5977)
Ord(3398)
Ord(640)
Ord(1081)
Ord(4461)
Ord(289)
Ord(686)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(323)
Ord(4074)
Ord(5601)
Ord(1089)
Ord(5180)
Ord(4421)
Ord(3254)
Ord(2506)
Ord(3341)
Ord(4237)
Ord(5468)
Ord(4451)
Ord(5273)
Ord(5871)
Ord(4847)
Ord(818)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(324)
Ord(5296)
Ord(4992)
Ord(1768)
Ord(4704)
Ord(2640)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5286)
Ord(1720)
Ord(4075)
Ord(5094)
Ord(3313)
Ord(4459)
Ord(4435)
Ord(1172)
Ord(5303)
Ord(2546)
Ord(2088)
Ord(1230)
Ord(561)
Ord(5781)
Ord(1143)
Ord(3054)
Ord(3658)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(6211)
Ord(4072)
Ord(715)
Ord(4370)
Ord(613)
Ord(4270)
Ord(2745)
Ord(2382)
Ord(3621)
_purecall
__p__fmode
malloc
__wgetmainargs
srand
__dllonexit
_controlfp
_except_handler3
?terminate@@YAXXZ
_onexit
exit
_XcptFilter
__setusermatherr
rand
__p__commode
_wcmdln
__CxxFrameHandler
_adjust_fdiv
_initterm
time
_exit
__set_app_type
GetSystemMetrics
SetTimer
UpdateWindow
IntersectRect
EnableWindow
LoadBitmapW
CopyRect
KillTimer
LoadCursorW
Number of PE resources by type
RT_STRING 9
RT_DIALOG 1
16 1
RT_ICON 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 14
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
299008

ImageVersion
0.0

ProductName
Images

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Polish

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

LinkerVersion
6.0

OriginalFilename
Images.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2014:12:02 16:31:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Images

FileAccessDate
2014:12:11 15:29:06+01:00

ProductVersion
1, 0, 0, 1

FileDescription
Images

OSVersion
4.0

FileCreateDate
2014:12:11 15:29:06+01:00

FileOS
Win32

LegalCopyright
(C) 2011

MachineType
Intel 386 or later, and compatibles

CodeSize
20480

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x5000

ObjectFileType
Executable application

File identification
MD5 a4444fb8b6062976b1d0745514e4ba73
SHA1 ac9083880cd9e5927df735c7918c0a5962805808
SHA256 cc71a86760d8ff1da52fb52ef9c0cc30ebcd53f843b07de5e59e8c46bb3fcb35
ssdeep
6144:lV3Awmd0ymDTQv293hcYBH4KE10G9BewDMwySPN2pwjj+vGUAzWUg:lVwwmOwv2ReYBYKm00JDMwySPN2GvE95

authentihash 820f8bb2729e72efd7febc4c7fd961c13ce2c4cbe6d48a3593c9a252c3358508
imphash 444d53b124188449ac1fd408739c44a4
File size 317.1 KB ( 324676 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-09 18:11:50 UTC ( 2 years, 4 months ago )
Last submission 2014-12-09 18:11:50 UTC ( 2 years, 4 months ago )
File names Images
cc71a86760d8ff1da52fb52ef9c0cc30ebcd53f843b07de5e59e8c46bb3fcb35.exe
a4444fb8b6062976b1d0745514e4ba73
Images.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.