× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cfdd8c2aa7621e786b1540634458c9c75012873d5c170dcbc930fd8819dc4ff5
File name: f074c0f51bc7c89ce94570b857b70101
Detection ratio: 25 / 52
Analysis date: 2014-06-09 18:09:39 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.390073 20140609
Yandex TrojanSpy.Zbot!c9wVEjHD+vc 20140608
AhnLab-V3 Spyware/Win32.Zbot 20140609
AntiVir TR/PSW.Zbot.Y.2117 20140609
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140609
Avast Win32:Malware-gen 20140609
AVG Crypt3.UQQ 20140609
BitDefender Gen:Variant.Kazy.390073 20140609
CMC Packed.Win32.Obfuscated.10!O 20140609
DrWeb Trojan.Siggen6.18691 20140609
Emsisoft Gen:Variant.Kazy.390073 (B) 20140609
ESET-NOD32 a variant of Win32/Kryptik.CDGJ 20140609
F-Secure Gen:Variant.Kazy.390073 20140609
GData Gen:Variant.Kazy.390073 20140609
Kaspersky Trojan-Spy.Win32.Zbot.tdjl 20140609
Malwarebytes Backdoor.Bot 20140609
McAfee RDN/Generic PWS.y!zv 20140609
McAfee-GW-Edition Artemis!F074C0F51BC7 20140609
Microsoft PWS:Win32/Zbot.gen!Y 20140609
eScan Gen:Variant.Kazy.390073 20140609
Rising PE:Malware.XPACK!1.9C22 20140609
Sophos AV Mal/Generic-S 20140609
TrendMicro TROJ_GEN.R0C1C0DF514 20140609
TrendMicro-HouseCall TROJ_GEN.R0C1C0DF514 20140609
VIPRE Trojan.Win32.Generic!BT 20140609
AegisLab 20140609
Baidu-International 20140609
Bkav 20140606
ByteHero 20140609
CAT-QuickHeal 20140609
ClamAV 20140609
Commtouch 20140609
Comodo 20140609
F-Prot 20140609
Fortinet 20140608
Ikarus 20140609
Jiangmin 20140609
K7AntiVirus 20140609
K7GW 20140609
Kingsoft 20140609
NANO-Antivirus 20140609
Norman 20140609
nProtect 20140609
Panda 20140609
Qihoo-360 20140609
SUPERAntiSpyware 20140609
Symantec 20140609
Tencent 20140609
TheHacker 20140609
TotalDefense 20140609
VBA32 20140609
ViRobot 20140609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CONIME.EXE
Internal name Console
File version 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
Description Console IME
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-31 07:45:17
Entry Point 0x00041580
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteKeyW
RegEnumValueA
RegQueryValueExA
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegCreateKeyExA
RegQueryValueExW
CloseServiceHandle
RegOpenKeyA
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueA
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueW
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
InitiateSystemShutdownExW
RegSetValueExA
EqualSid
FreeSid
GetTextMetricsW
SetMapMode
CreateFontIndirectW
PatBlt
CreatePen
CreateFontIndirectA
GetTextMetricsA
GetObjectType
GetObjectA
DeleteDC
SetBkMode
GetObjectW
SetTextColor
GetDeviceCaps
ExtTextOutW
CreateFontA
GetStockObject
CreateCompatibleDC
GetTextFaceA
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindFirstFileW
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
lstrcatA
ExpandEnvironmentStringsA
SetErrorMode
GetLocaleInfoW
GetFileTime
GetTempPathA
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
MoveFileA
InitializeCriticalSection
FindClose
InterlockedDecrement
QueryDosDeviceW
MoveFileW
SetFileAttributesW
SetLastError
DeviceIoControl
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
CopyFileA
HeapAlloc
RemoveDirectoryA
LoadLibraryExA
GetPrivateProfileStringA
WriteProfileStringA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
WriteProfileStringW
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
GetSystemDirectoryA
MoveFileExA
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
CreateEventW
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
CloseHandle
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
GetVersionExA
LoadLibraryA
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetProfileStringW
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
GetProfileStringA
ResetEvent
CreateFileMappingA
FindNextFileA
WaitForMultipleObjects
GlobalLock
GetModuleFileNameA
GetTimeZoneInformation
CreateFileW
CreateEventA
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
GetShortPathNameW
VirtualAllocEx
lstrlenA
GlobalFree
OpenEventW
GlobalUnlock
lstrlenW
GetShortPathNameA
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
GetCommandLineW
GetCurrentDirectoryA
WritePrivateProfileStringW
lstrcpynW
GetSystemDefaultLangID
MapViewOfFile
SetFilePointer
ReadFile
FindFirstFileA
GetModuleHandleW
CreateProcessA
UnmapViewOfFile
GetTempPathW
CreateProcessW
Sleep
IsBadReadPtr
OpenEventA
CompareStringA
ShellExecuteExA
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
PathGetCharTypeA
PathRemoveBlanksW
PathGetCharTypeW
MapWindowPoints
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
DispatchMessageW
ReleaseDC
SendMessageW
UnregisterClassA
SendMessageA
UnregisterClassW
GetClientRect
DrawTextW
LoadImageW
GetActiveWindow
GetWindowTextW
LoadImageA
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
GetMessageW
ShowWindow
PeekMessageW
EnableWindow
PeekMessageA
TranslateMessage
LoadStringA
RegisterClassW
LoadStringW
RegisterClassA
DrawFocusRect
CreateWindowExA
IsDialogMessageW
CharNextA
CreateWindowExW
GetWindowLongW
IsDialogMessageA
SetFocus
BeginPaint
DefWindowProcW
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
SetWindowLongW
GetWindowRect
PostMessageA
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
SetWindowTextA
GetWindowLongA
SetWindowTextW
GetDlgItem
CreateDialogParamA
ScreenToClient
GetClassLongA
FindWindowExA
LoadCursorA
LoadIconA
PostThreadMessageW
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
GetDC
PostThreadMessageA
DrawTextA
GetScrollInfo
FindWindowW
FindWindowA
MessageBeep
MessageBoxW
MoveWindow
MessageBoxA
DestroyCursor
SetScrollInfo
InvalidateRect
CallWindowProcW
CallWindowProcA
GetClassNameA
SetCursor
_purecall
__p__fmode
malloc
_wcsupr
_endthread
_ftol
_wcsnicmp
__dllonexit
_cexit
_wcslwr
wcstok
wcsncat
towupper
_vsnwprintf
strncpy
_except_handler3
_c_exit
wcschr
iswalnum
__p__commode
_onexit
wcslen
_wtol
_strlwr
_XcptFilter
_itow
exit
__setusermatherr
wcsncpy
_acmdln
_wcsicmp
wcspbrk
strrchr
_adjust_fdiv
time
free
ceil
iswalpha
wcsncmp
__getmainargs
calloc
_stricmp
_exit
_snwprintf
strpbrk
_vsnprintf
strstr
memmove
strncat
strchr
wcscmp
swscanf
wcsrchr
iswdigit
_beginthreadex
iswspace
wcsstr
_initterm
_controlfp
_wtoi
__set_app_type
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 2
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.3790.1830

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
22528

EntryPoint
0x41580

OriginalFileName
CONIME.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)

TimeStamp
2014:05:31 08:45:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Console

ProductVersion
5.2.3790.1830

FileDescription
Console IME

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
264704

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.2.3790.1830

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 f074c0f51bc7c89ce94570b857b70101
SHA1 8f7ddbcc3f23a85a5c4b4f16de21acdc217f3496
SHA256 cfdd8c2aa7621e786b1540634458c9c75012873d5c170dcbc930fd8819dc4ff5
ssdeep
6144:LJ682p9WcDMkRZE38X8g2ApBG251Hf7Zph4BEXoL0Mfu5bOURw1FC1w3CK:16z9WcQp6pwGBTZYpmCt1U

authentihash d47d7f04011c4cef0dfad8177d70472dbd8061a84a8c21f617666d270df2841c
imphash d8494e134fd992865aefc4c393a3f6ee
File size 281.5 KB ( 288256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-09 18:09:39 UTC ( 4 years, 9 months ago )
Last submission 2014-06-09 18:09:39 UTC ( 4 years, 9 months ago )
File names Console
f074c0f51bc7c89ce94570b857b70101
CONIME.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.