× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d01a681d8d45eda27448785cc949b21a2f8d0cced06285b84257a9b337cb77f8
File name: soft.exe
Detection ratio: 30 / 46
Analysis date: 2013-06-10 18:41:47 UTC ( 5 years, 10 months ago ) View latest
Antivirus Result Update
Yandex TrojanSpy.Zbot!6uCZYc3ChdE 20130609
AhnLab-V3 Spyware/Win32.Zbot 20130610
AntiVir TR/Crypt.XPACK.Gen 20130610
Antiy-AVL Trojan/Win32.Generic 20130610
Avast Win32:MalPack-G [Trj] 20130610
AVG PSW.Generic11.JKV 20130610
BitDefender Gen:Variant.Kazy.169509 20130610
Comodo UnclassifiedMalware 20130610
Emsisoft Gen:Variant.Kazy.169509 (B) 20130610
ESET-NOD32 Win32/Spy.Zbot.AAO 20130610
F-Secure Gen:Variant.Kazy.169509 20130610
Fortinet W32/Kryptik.AGAJ!tr 20130610
GData Gen:Variant.Kazy.169509 20130610
Ikarus Trojan-PWS.Win32.Zbot 20130610
K7AntiVirus EmailWorm 20130610
K7GW EmailWorm 20130610
Kaspersky HEUR:Trojan.Win32.Generic 20130610
Kingsoft Win32.Troj.Undef.(kcloud) 20130506
Malwarebytes Trojan.Zbot.RV 20130610
McAfee PWS-Zbot-FAXS!20610EA38CE1 20130610
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!83 20130610
Microsoft PWS:Win32/Zbot.gen!AJ 20130610
eScan Gen:Variant.Kazy.169509 20130610
Norman ZBot.JNQW 20130610
nProtect Trojan-Spy/W32.ZBot.308736.BM 20130610
Panda Generic Malware 20130610
Sophos AV Mal/ZboCheMan-N 20130610
TrendMicro-HouseCall TROJ_GEN.F47V0607 20130610
VBA32 BScope.Trojan.Zbot.3507 20130610
VIPRE Trojan.Win32.Generic!BT 20130610
ByteHero 20130606
CAT-QuickHeal 20130610
ClamAV 20130610
Commtouch 20130610
DrWeb 20130610
eSafe 20130610
F-Prot 20130610
Jiangmin 20130610
NANO-Antivirus 20130610
PCTools 20130521
Rising 20130607
SUPERAntiSpyware 20130610
Symantec 20130610
TheHacker 20130610
TotalDefense 20130610
TrendMicro 20130610
ViRobot 20130610
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Hizyb
Original name Siye6rs22eqtsyq.exe
Description Suti Jexod Ozuni
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2032-01-06 09:07:23
Entry Point 0x00017271
Number of sections 4
PE sections
Overlays
MD5 772544ada3a9e2ccf110d204cd5835ed
File type data
Offset 307712
Size 1024
Entropy 7.81
PE imports
GetCurrencyFormatA
DosDateTimeToFileTime
GetDriveTypeA
ExitProcess
GetVolumePathNameA
lstrcmpiW
OpenFileMappingW
OpenFileMappingA
FreeEnvironmentStringsW
GlobalLock
WriteProfileStringW
SuspendThread
_lclose
EnumDateFormatsA
GetCPInfo
GetModuleHandleA
SetCalendarInfoW
GlobalUnWire
GetTimeFormatA
GetThreadTimes
GetCommConfig
SetEnvironmentVariableA
HeapLock
InitializeCriticalSection
LocalFileTimeToFileTime
SetVolumeLabelA
FindFirstVolumeMountPointA
GetNumberFormatW
DdeAccessData
LoadBitmapW
DrawStateA
PostQuitMessage
WINNLSGetIMEHotkey
DdeDisconnect
OemToCharBuffA
ScrollDC
GetDlgCtrlID
LockWorkStation
SendMessageW
DdeInitializeW
GetThreadDesktop
LoadAcceleratorsA
SetMessageExtraInfo
RegisterHotKey
DdeConnectList
ScrollWindow
MapVirtualKeyExA
DefDlgProcW
SetPropA
SetWindowsHookW
GetCaretPos
DrawFrameControl
SetWindowWord
ChildWindowFromPoint
DdeQueryConvInfo
GetQueueStatus
SetClipboardData
IsZoomed
CloseWindow
IsHungAppWindow
InvertRect
GetPriorityClipboardFormat
DlgDirListA
IsDialogMessageW
WaitForInputIdle
DeferWindowPos
EnumDesktopWindows
GetGUIThreadInfo
CreateAcceleratorTableA
SetFocus
DdeAbandonTransaction
OffsetRect
DefMDIChildProcW
SetLastErrorEx
SendNotifyMessageW
ArrangeIconicWindows
RegisterDeviceNotificationA
GetUserObjectSecurity
IMPGetIMEA
GetProcessWindowStation
GetWindowLongA
GetClassLongW
DdeGetLastError
CreateIconIndirect
PostMessageW
CloseWindowStation
ChangeMenuA
CountClipboardFormats
SetWindowsHookExA
SetParent
GetMenuState
CreateIconFromResource
FindWindowExW
TranslateAcceleratorA
ExitWindowsEx
GetScrollRange
FindWindowW
LoadMenuW
BeginDeferWindowPos
GetLastInputInfo
FlashWindowEx
LookupIconIdFromDirectory
SendMessageCallbackA
DestroyCursor
MessageBoxExW
SetScrollInfo
SystemParametersInfoA
DestroyIcon
GetKeyNameTextA
IsWindowVisible
DeleteMenu
CharNextW
GetClassNameW
ImpersonateDdeClientWindow
DragObject
ModifyMenuW
UnregisterDeviceNotification
CallWindowProcA
GetAncestor
TranslateAcceleratorW
Number of PE resources by type
RT_BITMAP 200
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
SPANISH DOMINICAN REPUBLIC 202
PE resources
ExifTool file metadata
SYhhndW5HlQLjXqlVT
nTAY7gpXT3LefE4EHx3Q

FileTypeExtension
exe

FileDescription
Suti Jexod Ozuni

LinkerVersion
4.0

ImageVersion
0.0

ProductName
Hizyb

FileVersionNumber
1.1.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

vl4fhnMdsMp16P
BcyTgvij64tw7

uf4sVxY2XiKvlfRu
Q8Qkb5B7VhC

w4UybiCe368
AWgDIpwNSB8

CharacterSet
Unicode

InitializedDataSize
206336

EOJKk8DmuyDFvFdjG
osltm5J2gXc3GpP

Tag5VrPsVwlg6NWoufjtE
BGVYgVLlak16v

SDf5hPn3YdBl
QRxwCgkumVgTAE5gaU

HlcnYS8EkHYGCYPW
7oMECPiNP5Dnsm

OriginalFileName
Siye6rs22eqtsyq.exe

MIMEType
application/octet-stream

WfQqhly6EjeGSw1
lv6m5oCtIINGOEda6pY

TimeStamp
2032:01:06 10:07:23+01:00

FileType
Win32 EXE

PEType
PE32

oErFJPDh7cWWtWXdoFM
RLjyC1FUSr

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

IfcvT4M6e7nd
WtYalJPb4q

MachineType
Intel 386 or later, and compatibles

CompanyName
Broadcom Corporation.

CodeSize
124779

FileSubtype
0

ProductVersionNumber
1.1.0.0

EntryPoint
0x17271

ObjectFileType
Executable application

lPsV7GerD1iAJtTvhwEc
OHERLDr4Wfx

Overlay parents
Compressed bundles
File identification
MD5 20610ea38ce12a29ff6a6d382a96e253
SHA1 fcb64920d61c4f20cb1fe6cd89b7dfeee77197f3
SHA256 d01a681d8d45eda27448785cc949b21a2f8d0cced06285b84257a9b337cb77f8
ssdeep
6144:E88Uy915Kn4lFpiwPAomg2m+f8I2//vHJOcJI+41HVoKscB:Ej5KkMwPDmgWZYJlI3VH7B

authentihash d5b276de14aa77b9031059cdbff3d32b65c3e93268f08d0bb03438248d990bc7
imphash 37d4f681c26da5c5470ae6f13e6da1a2
File size 301.5 KB ( 308736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-06-07 19:52:13 UTC ( 5 years, 10 months ago )
Last submission 2016-04-12 21:02:34 UTC ( 3 years ago )
File names citadel_krebs-10891289
soft.exe
soft._
Siye6rs22eqtsyq.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications