× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cdf97b1e63418c26d2b6e48e6fdbaf66e5712cf9e49d3e12877ff3c46dc345a4
File name: vt-upload-L28Z3
Detection ratio: 25 / 47
Analysis date: 2014-06-08 08:26:21 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.391020 20140608
Yandex TrojanSpy.Zbot!qvzwhogRBXM 20140607
AntiVir TR/Crypt.EPACK.4763 20140607
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140608
Avast Win32:Dropper-gen [Drp] 20140608
AVG PSW.Generic12.AOGB 20140607
BitDefender Gen:Variant.Kazy.391020 20140608
Bkav HW32.Keylogger.qwkq 20140606
Emsisoft Gen:Variant.Kazy.391020 (B) 20140608
ESET-NOD32 Win32/Spy.Zbot.YW 20140608
F-Secure Gen:Variant.Kazy.391020 20140608
GData Gen:Variant.Kazy.391020 20140608
Kaspersky Trojan-Spy.Win32.Zbot.tdwa 20140608
Malwarebytes Trojan.Zbot 20140608
McAfee PWSZbot-FYQ!D8CA8EEFA54E 20140608
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!80 20140607
Microsoft PWS:Win32/Zbot.gen!Y 20140608
eScan Gen:Variant.Kazy.391020 20140608
Panda Trj/CI.A 20140607
Qihoo-360 HEUR/Malware.QVM19.Gen 20140608
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140607
Sophos AV Mal/Generic-S 20140608
Tencent Win32.Trojan-spy.Zbot.Wtxi 20140608
TrendMicro-HouseCall TROJ_GEN.R0C1H01F314 20140608
VIPRE Trojan.Win32.Generic!BT 20140608
AegisLab 20140608
AhnLab-V3 20140607
Baidu-International 20140608
ByteHero 20140227
CAT-QuickHeal 20140607
ClamAV 20140608
CMC 20140607
Commtouch 20140608
Comodo 20140608
DrWeb 20140608
F-Prot 20140608
Fortinet 20140608
Ikarus 20140608
K7AntiVirus 20140606
K7GW 20140606
Kingsoft 20140608
NANO-Antivirus 20140608
Norman 20140608
nProtect 20140605
SUPERAntiSpyware 20140607
Symantec 20140608
TheHacker 20140606
TotalDefense 20140608
TrendMicro 20140608
VBA32 20140607
ViRobot 20140607
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-23 07:51:06
Entry Point 0x00001000
Number of sections 6
PE sections
PE imports
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
CallNamedPipeW
Heap32ListFirst
SetThreadPriorityBoost
GetEnvironmentStringsA
GetSystemDefaultLCID
lstrcmpiW
EndUpdateResourceA
CreatePipe
Process32First
ClearCommBreak
WritePrivateProfileSectionW
GetDateFormatW
SetErrorMode
SetThreadExecutionState
ReadProcessMemory
WritePrivateProfileSectionA
GetTimeFormatW
CreateDirectoryExW
_lcreat
LocalFlags
FindNextFileW
GlobalAddAtomA
SetUnhandledExceptionFilter
SetHandleInformation
GetBinaryTypeA
FindCloseChangeNotification
GetProcessShutdownParameters
GetEnvironmentVariableA
GetStringTypeExW
AllocConsole
GetProfileIntA
ReadFileEx
GetPrivateProfileSectionA
SetMenuItemInfoW
GetForegroundWindow
ChangeMenuA
PostQuitMessage
HideCaret
mouse_event
GetShellWindow
GetClipboardFormatNameA
GetKeyState
RemoveMenu
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
GERMAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Acronis

SubsystemVersion
4.1

Comments
Acronis True Image

InitializedDataSize
31253

ImageVersion
0.0

ProductName
Acronis True Image

FileVersionNumber
17.0.0.6614

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
1.64

OriginalFilename
TrueImage.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
17,0,0,6614

TimeStamp
2005:05:23 08:51:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TrueImage

FileAccessDate
2014:06:08 09:23:34+01:00

ProductVersion
17,0,0,6614

FileDescription
Acronis True Image

OSVersion
1.0

FileCreateDate
2014:06:08 09:23:34+01:00

FileOS
Win32

LegalCopyright
Copyright (C) 2000-2013 Acronis

MachineType
Intel 386 or later, and compatibles

CompanyName
Acronis

CodeSize
156672

FileSubtype
0

ProductVersionNumber
17.0.0.6614

EntryPoint
0x1000

ObjectFileType
Dynamic link library

File identification
MD5 d8ca8eefa54e75dc0a06f7e4b801dc21
SHA1 8a445907ea8eadc816abc0cef6879052a1118184
SHA256 cdf97b1e63418c26d2b6e48e6fdbaf66e5712cf9e49d3e12877ff3c46dc345a4
ssdeep
3072:uG+JZHH+R8ixUbKucoAPw5Z76zQxsjYH:uG+Jh+DxUbKeDL7+u

imphash 72aee30d150702a88570bba7afd68147
File size 184.5 KB ( 188928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-08 08:26:21 UTC ( 4 years, 9 months ago )
Last submission 2014-06-08 08:26:21 UTC ( 4 years, 9 months ago )
File names vt-upload-L28Z3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications