× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d15d5830045bc550b12c058103d93b7ce3909af472cd0d8258fab34b6bc21655
File name: D15D5830045BC550B12C058103D93B7CE3909AF472CD0D8258FAB34B6BC21655
Detection ratio: 37 / 58
Analysis date: 2016-08-31 09:09:50 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3501806 20160831
AegisLab Heur.Advml.Gen!c 20160831
AhnLab-V3 Trojan/Win32.ZBot.N2092039004 20160831
ALYac Trojan.GenericKD.3501806 20160831
Arcabit Trojan.Generic.D356EEE 20160831
Avast Win32:Malware-gen 20160831
AVG Crypt5.CMFH 20160831
Avira (no cloud) TR/Crypt.Xpack.wobg 20160831
AVware Trojan.Win32.Generic!BT 20160831
Baidu Win32.Trojan.WisdomEyes.151026.9950.9992 20160831
BitDefender Trojan.GenericKD.3501806 20160831
Bkav HW32.Packed.7A9B 20160831
CAT-QuickHeal Trojan.Bublik 20160831
ClamAV Win.Malware.Zbot-70188 20160831
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
DrWeb Trojan.PWS.Papras.2275 20160831
Emsisoft Trojan.GenericKD.3501806 (B) 20160831
ESET-NOD32 Win32/PSW.Papras.EJ 20160831
F-Secure Trojan.GenericKD.3501806 20160831
GData Trojan.GenericKD.3501806 20160831
Ikarus Trojan.Crypt.XPACK 20160831
Sophos ML backdoor.win32.vawtrak.o 20160830
K7AntiVirus Riskware ( 0040eff71 ) 20160831
K7GW Riskware ( 0040eff71 ) 20160831
Kaspersky Trojan.Win32.Bublik.eqnx 20160831
Malwarebytes Trojan.Agent 20160831
McAfee Artemis!2DEC5EDC4D1F 20160831
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160831
Microsoft Backdoor:Win32/Vawtrak.E 20160831
eScan Trojan.GenericKD.3501806 20160831
Panda Trj/GdSda.A 20160831
Rising Backdoor.Vawtrak!8.11D-eFU97gjYha (cloud) 20160831
Sophos AV Troj/Agent-ATIR 20160831
Symantec Trojan.Snifula.F 20160831
TrendMicro TSPY_ZBOT.YYSXZ 20160831
TrendMicro-HouseCall TSPY_ZBOT.YYSXZ 20160831
VIPRE Trojan.Win32.Generic!BT 20160831
Alibaba 20160831
Antiy-AVL 20160831
CMC 20160830
Comodo 20160831
Cyren 20160831
F-Prot 20160831
Fortinet 20160831
Jiangmin 20160831
Kingsoft 20160831
NANO-Antivirus 20160831
nProtect 20160831
Qihoo-360 20160831
SUPERAntiSpyware 20160831
Tencent 20160831
TheHacker 20160829
TotalDefense 20160831
VBA32 20160831
ViRobot 20160831
Yandex 20160830
Zillya 20160831
Zoner 20160831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1991-1997 Compuware Corp.

Product SmartHeap
Internal name SHW32.DLL
File version 4.01
Description Memory Management Library for Win32
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-21 03:25:51
Entry Point 0x00002BE3
Number of sections 7
PE sections
PE imports
GetStockObject
LocalAlloc
GetLastError
AttachConsole
GetThreadPriorityBoost
FreeLibrary
CreateTimerQueue
GetDateFormatA
IsDebuggerPresent
DeleteTimerQueueEx
GetCommMask
VirtualProtect
GetModuleFileNameA
LockFile
LoadLibraryA
SystemTimeToTzSpecificLocalTime
VerSetConditionMask
FoldStringA
GetCurrentProcess
UnlockFile
AssignProcessToJobObject
AddAtomA
DebugActiveProcessStop
GetWindowsDirectoryA
GetCommProperties
TlsGetValue
MultiByteToWideChar
FoldStringW
DeleteFileW
lstrcatW
CommConfigDialogA
GetCurrentThread
RestoreLastError
GetSystemDefaultLangID
GetNextVDMCommand
RaiseException
CheckRemoteDebuggerPresent
GetBinaryTypeW
MapViewOfFile
SetFilePointer
WaitNamedPipeA
ReadFile
InterlockedExchange
CreateDirectoryExA
WriteFile
MoveFileA
GetExitCodeThread
IsBadHugeReadPtr
lstrcpynA
ClearCommError
GetCommConfig
GetProcAddress
GetProcessHeap
AddRefActCtx
SetConsoleHardwareState
AddLocalAlternateComputerNameW
WaitForMultipleObjectsEx
FreeLibraryAndExitThread
GetTimeZoneInformation
GetConsoleCursorMode
CreateFileW
GetCommState
CopyFileA
Sleep
GetExitCodeProcess
GetProcessTimes
ReadConsoleOutputA
GetDefaultCommConfigA
GetEnvironmentVariableW
CloseHandle
IntersectRect
FindWindowW
GetClipboardOwner
GetShellWindow
LoadMenuW
CharLowerA
GetWindowRect
InflateRect
RegisterClassExW
CharUpperW
GetWindow
GetClipboardSequenceNumber
GetMenu
GetClipboardViewer
RegisterClassA
GetSubMenu
FindWindowExA
LoadCursorA
GetKeyboardLayout
GetActiveWindow
CopyRect
LoadIconW
FindWindowExW
GetMenuItemCount
SCardListInterfacesW
SCardRemoveReaderFromGroupA
SCardGetProviderIdA
SCardBeginTransaction
SCardAccessStartedEvent
SCardIntroduceCardTypeW
SCardRemoveReaderFromGroupW
SCardListReadersA
SCardSetCardTypeProviderNameW
SCardLocateCardsA
SCardForgetReaderGroupA
SCardState
SCardReconnect
SCardIntroduceReaderA
SCardEndTransaction
SCardAddReaderToGroupA
SCardStatusW
SCardForgetReaderW
SCardDisconnect
SCardEstablishContext
SCardSetAttrib
SCardListReaderGroupsW
SCardListCardsW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
77824

EntryPoint
0x2be3

MIMEType
application/octet-stream

LegalCopyright
Copyright 1991-1997 Compuware Corp.

FileVersion
4.01

TimeStamp
2015:01:21 04:25:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SHW32.DLL

ProductVersion
4.01

FileDescription
Memory Management Library for Win32

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MicroQuill Software Publishing, Inc.

CodeSize
81920

ProductName
SmartHeap

ProductVersionNumber
4.0.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

PCAP parents
File identification
MD5 2dec5edc4d1f59d10e3925eb2d7bfe7d
SHA1 87185385e31fff37be53caee78951763e864b1fc
SHA256 d15d5830045bc550b12c058103d93b7ce3909af472cd0d8258fab34b6bc21655
ssdeep
3072:hNv/yVigV72r6lEwbA2AOsPJl+uNQzYZHvmUXcub6:n3ytdltqJlZQzY4U1b6

authentihash 43f3bd4f116c619001f19f7e5ca26b475e1c9b7438df7e72a81e9c12121dc2ec
imphash 4cd1145466c2c9777ebb4b00bb754d60
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-29 14:56:24 UTC ( 2 years, 6 months ago )
Last submission 2017-01-06 10:37:16 UTC ( 2 years, 2 months ago )
File names d15d5830045bc550b12c058103d93b7ce3909af472cd0d8258fab34b6bc21655
inst.exe
SHW32.DLL
Jukley.exe
Jukley.exe
2dec5edc4d1f59d10e3925eb2d7bfe7d
d15d5830045bc550b12c058103d93b7ce3909af472cd0d8258fab34b6bc21655.exe.000
Jukley.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Code injections in the following processes
Created mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications