× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d1b0f66927a86e67baf33367a1c2c76ce68c6bb8ebe1fb19df213293e391e2db
File name: drugvokrug-dlyakompa-znaemsoft-ru.exe
Detection ratio: 24 / 55
Analysis date: 2014-11-10 20:00:40 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Adware.Kazy.432610 20141110
AhnLab-V3 PUP/Win32.LoadMoney 20141110
Avast Win32:LoadMoney-JU [PUP] 20141110
AVG Win32/Cryptor 20141110
AVware Trojan.Win32.Generic.pak!cobra 20141110
BitDefender Gen:Variant.Adware.Kazy.432610 20141110
Bkav HW32.Packed.420C 20141110
DrWeb Trojan.LoadMoney.364 20141110
Emsisoft Gen:Variant.Adware.Kazy.432610 (B) 20141110
ESET-NOD32 a variant of Win32/Adware.LoadMoney.AAA 20141110
F-Secure Gen:Variant.Adware.Kazy.432610 20141110
GData Gen:Variant.Adware.Kazy.432610 20141110
K7AntiVirus Trojan ( 7000000f1 ) 20141110
K7GW Trojan ( 7000000f1 ) 20141110
Malwarebytes PUP.Optional.LoadMoney 20141110
McAfee Packed-CQ 20141110
McAfee-GW-Edition BehavesLike.Win32.Downloader.gh 20141110
Microsoft TrojanDownloader:Win32/Ogimant.gen!C 20141110
eScan Gen:Variant.Adware.Kazy.432610 20141110
NANO-Antivirus Trojan.Win32.Plocust.dijsal 20141110
Norman Kryptik.CDIC 20141110
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141110
VBA32 Malware-Cryptor.Limpopo 20141110
VIPRE Trojan.Win32.Generic.pak!cobra 20141110
AegisLab 20141110
Yandex 20141110
Antiy-AVL 20141110
Avira (no cloud) 20141110
Baidu-International 20141107
ByteHero 20141110
CAT-QuickHeal 20141110
ClamAV 20141110
CMC 20141110
Comodo 20141110
Cyren 20141110
F-Prot 20141110
Fortinet 20141110
Ikarus 20141110
Jiangmin 20141110
Kaspersky 20141110
Kingsoft 20141110
nProtect 20141110
Panda 20141110
Qihoo-360 20141110
Sophos AV 20141110
SUPERAntiSpyware 20141110
Symantec 20141110
Tencent 20141110
TheHacker 20141110
TotalDefense 20141110
TrendMicro 20141110
TrendMicro-HouseCall 20141110
ViRobot 20141110
Zillya 20141110
Zoner 20141110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
998 Ma8-20no0rk Ruichssiv

Publisher Slsysernaint
Product ternals Desin wbugvieSy
Original name fdjuu5we.exe
Internal name rnaStels Deut Viebug sinOuertpw
File version 4.76
Description AllowMultipleInstances
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000016C0
Number of sections 6
PE sections
PE imports
DecryptFileA
GetInheritanceSourceA
SetNamedSecurityInfoExA
AccessCheckByTypeResultListAndAuditAlarmW
WmiCloseBlock
RegDisablePredefinedCache
RegConnectRegistryW
RegEnumKeyA
MapGenericMask
QueryAllTracesW
RegQueryInfoKeyW
StopTraceW
ProcessIdleTasks
AccessCheckAndAuditAlarmA
WmiQuerySingleInstanceA
LogonUserW
WmiFileHandleToInstanceNameA
QueryServiceObjectSecurity
GetEffectiveRightsFromAclA
GetServiceDisplayNameA
LsaSetSecret
SetUserFileEncryptionKey
ObjectOpenAuditAlarmW
ImageList_Read
CreateToolbar
PropertySheetA
ImageList_SetOverlayImage
ImageList_GetImageRect
DrawInsert
CreateStatusWindowA
ImageList_DragMove
ImageList_DragLeave
ImageList_DrawEx
ImageList_SetIconSize
ImageList_GetIcon
InitializeFlatSB
ImageList_ReplaceIcon
ImageList_EndDrag
FindTextA
GetSaveFileNameW
PageSetupDlgA
GetOpenFileNameA
ChooseColorA
FindTextW
ReplaceTextW
CommDlgExtendedError
PrintDlgExA
LoadAlterBitmap
GetSaveFileNameA
dwOKSubclass
GdiIsPlayMetafileDC
SetBoundsRect
CreateFontIndirectExA
Pie
EngStretchBlt
DrawEscape
FONTOBJ_pifi
STROBJ_vEnumStart
EngDeleteSemaphore
SetViewportExtEx
SetDIBitsToDevice
LocalLock
CloseHandle
CopyFileW
DosDateTimeToFileTime
LCMapStringW
HeapCreate
FileTimeToSystemTime
GetFileAttributesA
RequestDeviceWakeup
FindFirstVolumeMountPointW
GetOEMCP
QueryPerformanceCounter
DefineDosDeviceA
GetHandleInformation
GetModuleFileNameA
LockFile
FindNextVolumeW
UpdateResourceA
FoldStringA
SetDefaultCommConfigW
SetSystemTimeAdjustment
SetThreadPriority
Heap32First
CopyFileExA
SetVolumeMountPointA
LZCreateFileW
SetCommMask
FatalAppExitA
GetVolumePathNamesForVolumeNameA
GetConsoleProcessList
CreateDirectoryW
SetThreadAffinityMask
GlobalLock
GetConsoleAliasesA
CommConfigDialogA
GetProfileStringW
GetConsoleWindow
LoadModule
InterlockedExchangeAdd
CreateDirectoryExW
WideCharToMultiByte
GetStringTypeA
WriteConsoleOutputA
DeleteAtom
EnumTimeFormatsW
WriteFileEx
FatalAppExitW
CreateMemoryResourceNotification
ResetEvent
IsBadHugeReadPtr
CreateFileMappingA
IsValidLocale
GetCommConfig
GetCPInfoExA
GetBinaryTypeA
SetPriorityClass
MoveFileA
GetLongPathNameW
GetTimeZoneInformation
EnumResourceNamesA
ReadConsoleInputExW
WriteConsoleOutputCharacterW
ResetWriteWatch
FindResourceW
GlobalAlloc
VirtualFree
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
EnumSystemGeoID
LocalHandle
FormatMessageA
IsBadStringPtrA
GetProcessVersion
HeapValidate
SetWaitableTimer
GetExpandedNameA
ReadConsoleInputExA
FreeLibraryAndExitThread
ReadConsoleOutputA
StgPropertyLengthAsVariant
StgCreateDocfileOnILockBytes
CoRevokeClassObject
HMENU_UserSize
HPALETTE_UserFree
CoSuspendClassObjects
HDC_UserSize
StgCreatePropStg
OleGetAutoConvert
CoInstall
CoGetObjectContext
CoIsOle1Class
GetErrorInfo
CLSIDFromString
GetClassFile
SetConvertStg
OleCreateFromDataEx
SysStringLen
VarUI1FromBool
VarBstrFromDec
LPSAFEARRAY_UserUnmarshal
VarUI1FromCy
OleCreatePropertyFrame
SafeArrayAccessData
VarBstrFromI4
VarBstrFromDate
VarBstrFromUI1
VariantCopyInd
VarR8FromUI8
VarI1FromUI2
VarPow
VarUI1FromUI2
RegisterActiveObject
VarR8FromI2
SafeArrayGetElement
DispCallFunc
VarI2FromI1
BSTR_UserSize
VarDecDiv
VarUI2FromUI4
VarI2FromI4
VarUI1FromI4
VarBstrFromDisp
OleLoadPictureFile
SafeArrayCreateEx
StrStrA
StrCmpNIW
SHGetSpecialFolderPathW
RealShellExecuteExW
Options_RunDLL
StrChrIW
StrNCmpA
StrNCmpW
PrintersGetCommand_RunDLLA
ExtractIconEx
FreeIconList
SHGetIconOverlayIndexW
DllCanUnloadNow
Control_RunDLLA
SHQueryRecycleBinW
SHHelpShortcuts_RunDLLW
DragQueryFileAorW
DllGetVersion
Shell_NotifyIconA
StrCSpnIW
PathIsFileSpecA
SHQueryValueExA
AssocQueryKeyW
PathUnmakeSystemFolderA
ColorAdjustLuma
SHOpenRegStream2W
StrCpyW
SHStrDupA
StrToInt64ExA
PathGetDriveNumberW
StrRChrA
SHRegCreateUSKeyA
PathFileExistsW
SHRegDeleteEmptyUSKeyW
PathSearchAndQualifyA
StrNCatA
PathRelativePathToW
EmptyClipboard
AdjustWindowRect
SetPropA
SetMenuDefaultItem
LoadBitmapW
InvalidateRect
DefWindowProcW
DrawIcon
CreateDialogIndirectParamA
GetKeyboardLayoutNameW
SetMenuItemBitmaps
CreatePopupMenu
ShowWindow
GetWindowRgnBox
PrivateExtractIconExA
DlgDirListW
CharToOemBuffA
GetTabbedTextExtentW
GetClipboardFormatNameA
UnregisterClassW
CreateIcon
RegisterClassExW
IsDialogMessage
LoadStringA
SetRectEmpty
LoadKeyboardLayoutW
GrayStringA
UnregisterHotKey
MessageBoxA
CascadeChildWindows
IsCharAlphaA
SetProcessWindowStation
GetInputDesktop
DialogBoxParamA
ChildWindowFromPoint
SetMenuItemInfoW
SwapMouseButton
DispatchMessageW
InsertMenuItemA
GetThreadDesktop
OemKeyScan
GetWindowModuleFileNameA
LockWorkStation
GetTopWindow
BroadcastSystemMessageExW
GetWindowLongW
AnyPopup
IsZoomed
CharUpperW
CreateMDIWindowA
GetClientRect
GetRawInputDeviceInfoA
GetDlgItem
GetMenuDefaultItem
CharLowerBuffA
ScrollChildren
SetWindowWord
GetClassInfoW
BroadcastSystemMessageExA
DrawCaption
GetAltTabInfoW
DragDetect
GetSubMenu
GetDCEx
TrackPopupMenu
SetMessageExtraInfo
BlockInput
ShowOwnedPopups
FillRect
RegisterHotKey
MonitorFromPoint
SetWindowContextHelpId
SetActiveWindow
SetDlgItemInt
ValidateRect
LoadIconW
RealChildWindowFromPoint
ToUnicode
InsertMenuW
FlashWindow
GetUserObjectSecurity
GetMenuContextHelpId
IsChild
GetWindowWord
OpenClipboard
VerLanguageNameA
GetFileVersionInfoSizeA
VerQueryValueW
VerLanguageNameW
VerFindFileA
GetFileVersionInfoW
GetFileVersionInfoSizeW
SetPrinterDataW
AddPrintProcessorA
PrinterMessageBoxW
AddPrinterConnectionW
EnumMonitorsW
EXTDEVICEMODE
GetPrinterDataExA
DeviceCapabilitiesA
EnumFormsW
GetDefaultPrinterA
AddPrinterW
EnumMonitorsA
SetFormA
EnumPortsA
AddFormW
WSAStartup
getaddrinfo
WSCUpdateProvider
gethostname
WSAIsBlocking
WSASend
WSACreateEvent
WSAGetOverlappedResult
WSAHtonl
WSCEnableNSProvider
WSAResetEvent
WSANtohs
WTSRegisterSessionNotification
WTSSetSessionInformationA
WTSCloseServer
WTSSendMessageW
WTSVirtualChannelClose
WTSVirtualChannelRead
WTSOpenServerA
WTSVirtualChannelPurgeInput
WTSFreeMemory
WTSShutdownSystem
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSEnumerateServersW
WTSOpenServerW
WTSVirtualChannelQuery
WTSEnumerateServersA
CryptDestroyKey
LookupPrivilegeValueA
BuildTrusteeWithNameW
DecryptFileA
MD5Update
AddAccessAllowedAce
GetServiceKeyNameA
SaferRecordEventLogEntry
RegDisablePredefinedCache
DecryptFileW
LsaClearAuditLog
GetInformationCodeAuthzLevelW
SetEntriesInAuditListA
ObjectDeleteAuditAlarmA
CryptEnumProviderTypesW
AbortSystemShutdownA
WmiOpenBlock
GetTrusteeTypeA
SetServiceObjectSecurity
ElfRegisterEventSourceA
LsaDelete
GetFileSecurityA
RegEnumKeyA
FileEncryptionStatusA
LsaRemoveAccountRights
CryptSetProvParam
RegLoadKeyA
CreateCodeAuthzLevel
ElfDeregisterEventSource
EqualDomainSid
OpenEventLogW
GetLocalManagedApplications
CredReadDomainCredentialsW
SetSecurityInfo
ConvertStringSDToSDRootDomainW
RevertToSelf
LsaStorePrivateData
PrivilegeCheck
BackupEventLogA
RegSetValueExA
StartServiceA
SetEntriesInAclA
WmiMofEnumerateResourcesW
EnumDependentServicesW
CreatePrivateObjectSecurityEx
EnumServiceGroupW
CryptSignHashA
FlatSB_GetScrollProp
PropertySheetW
GetEffectiveClientRect
ImageList_SetOverlayImage
FlatSB_GetScrollInfo
CreateStatusWindow
MakeDragList
DllGetVersion
FlatSB_SetScrollProp
ImageList_Create
ImageList_AddIcon
ImageList_DrawEx
UninitializeFlatSB
ImageList_Write
CreateToolbarEx
MenuHelp
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIconSize
ImageList_GetFlags
GetMUILanguage
ImageList_GetBkColor
ImageList_DragEnter
CreateMappedBitmap
ImageList_SetImageCount
ImageList_Duplicate
CreateUpDownControl
CreatePropertySheetPageW
FlatSB_GetScrollPos
ImageList_Remove
ImageList_Copy
WantArrows
PageSetupDlgW
GetFileTitleW
ChooseColorW
ChooseFontW
GetSaveFileNameW
ReplaceTextA
GetFileTitleA
FindTextW
ReplaceTextW
PrintDlgW
dwLBSubclass
GetSaveFileNameA
ChooseFontA
EngCreateDeviceBitmap
SetDCBrushColor
CreateICW
ModifyWorldTransform
GetObjectA
CreateDCA
GdiEndDocEMF
GdiConvertDC
SetColorAdjustment
EngWideCharToMultiByte
GdiSetPixelFormat
GetTextExtentExPointI
GdiReleaseDC
GdiAlphaBlend
GdiComment
GetBitmapAttributes
GetTextFaceW
DrawEscape
GetAspectRatioFilterEx
SetPixelFormat
GetDCOrgEx
SelectBrushLocal
GetViewportExtEx
XFORMOBJ_bApplyXform
SetThreadLocale
GetVolumePathNameW
FileTimeToDosDateTime
GetPrivateProfileStructA
QueryInformationJobObject
GetOverlappedResult
ReplaceFileA
DebugBreak
GetVolumePathNameA
SetThreadPriorityBoost
CreateTimerQueue
SetInformationJobObject
SystemTimeToTzSpecificLocalTime
GetTapeParameters
DeleteCriticalSection
WritePrivateProfileStructW
GetDriveTypeW
Heap32Next
FreeEnvironmentStringsW
lstrcatA
IsProcessInJob
GetConsoleFontSize
SetCommTimeouts
FatalAppExitA
FindNextVolumeMountPointA
GetFileAttributesA
WaitForDebugEvent
WriteConsoleOutputA
WritePrivateProfileStructA
GetThreadTimes
FreeUserPhysicalPages
HeapReAlloc
InitAtomTable
AllocConsole
GetProfileIntA
SetFileAttributesW
GetPrivateProfileSectionNamesW
OutputDebugStringA
GlobalFindAtomW
GetNamedPipeInfo
FindNextVolumeA
RemoveDirectoryW
DeleteTimerQueueEx
VerLanguageNameW
FlushViewOfFile
FindNextVolumeW
UpdateResourceA
FatalAppExitW
GetPriorityClass
SetTapePosition
FindClose
EnumCalendarInfoW
GetCalendarInfoA
FlushInstructionCache
MapViewOfFileEx
MoveFileExW
GetPrivateProfileSectionA
GetExitCodeThread
SetNamedPipeHandleState
SetCalendarInfoW
EnumSystemLanguageGroupsW
WaitForMultipleObjectsEx
GetDiskFreeSpaceExA
DosPathToSessionPathW
CreateDirectoryExA
ReadConsoleOutputW
GetCommState
CopyFileW
SearchPathA
DosPathToSessionPathA
GetNumberFormatW
LocalCompact
EnterCriticalSection
SetCommBreak
WriteConsoleInputA
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
CallNamedPipeA
FlushFileBuffers
LoadLibraryA
LocalLock
GetDateFormatA
GetNamedPipeHandleStateA
SetProcessPriorityBoost
GetDateFormatW
GenerateConsoleCtrlEvent
SetVolumeMountPointW
FindVolumeMountPointClose
GlobalLock
GetNamedPipeHandleStateW
SetSystemTimeAdjustment
CreateWaitableTimerW
CreateHardLinkA
SetCriticalSectionSpinCount
LZCopy
VirtualLock
FindNextFileW
WaitNamedPipeA
EnumResourceNamesA
CreateHardLinkW
GetComputerNameExW
GetProcessWorkingSetSize
FindCloseChangeNotification
SetVolumeLabelW
GetPrivateProfileSectionW
WriteProfileSectionA
LocalSize
GetCurrencyFormatA
PrivCopyFileExW
CreateDirectoryW
CreateEventA
WriteProfileSectionW
SetFileTime
RemoveVectoredExceptionHandler
GetLastError
LocalReAlloc
Heap32ListFirst
lstrlenA
GetTapeStatus
CompareStringW
SetProcessShutdownParameters
GlobalAlloc
BuildCommDCBW
GetDevicePowerState
LZStart
ProcessIdToSessionId
GetProcessHeaps
MapUserPhysicalPages
GetComPlusPackageInstallStatus
BackupRead
CopyFileExW
GetHandleContext
OpenMutexA
EnumResourceTypesA
GetSystemDefaultLangID
GetConsoleCursorMode
SetSystemPowerState
WriteFileEx
IsBadCodePtr
CreateSocketHandle
CloseHandle
PeekConsoleInputA
GetACP
SetComputerNameExW
IsBadStringPtrW
IsBadHugeWritePtr
WriteConsoleOutputCharacterW
GetLocalTime
IsValidCodePage
SetComputerNameExA
OpenSemaphoreA
VirtualQuery
GetLongPathNameA
GetProcessVersion
SetMailslotInfo
OpenSemaphoreW
OleConvertIStorageToOLESTREAM
EnableHookObject
HPALETTE_UserFree
CoSuspendClassObjects
UtConvertDvtd16toDvtd32
CoMarshalHresult
CoIsHandlerConnected
CreateFileMoniker
OleCreateLinkToFileEx
MonikerRelativePathTo
HICON_UserMarshal
CoRegisterSurrogateEx
StgGetIFillLockBytesOnFile
ReleaseStgMedium
OleRegGetMiscStatus
RegisterDragDrop
CoLockObjectExternal
GetHGlobalFromILockBytes
OleSave
GetConvertStg
PropSysFreeString
CoSetProxyBlanket
OleCreateFromFile
CLSIDFromString
CoRetireServer
HWND_UserMarshal
CreateILockBytesOnHGlobal
SNB_UserMarshal
DllGetClassObjectWOW
HBITMAP_UserFree
CoInvalidateRemoteMachineBindings
OleConvertIStorageToOLESTREAMEx
WriteStringStream
SNB_UserFree
PropVariantCopy
OleQueryLinkFromData
HENHMETAFILE_UserFree
DllGetClassObject
CoTaskMemAlloc
CoFileTimeToDosDateTime
OleIsRunning
CoFreeUnusedLibraries
CreateOleAdviseHolder
CoGetStdMarshalEx
HACCEL_UserSize
CoGetClassVersion
OleGetIconOfClass
CoCancelCall
CoMarshalInterface
VarBstrFromBool
SafeArrayCreateVectorEx
VarI2FromDate
VarDecFromStr
VarR8Pow
VarDateFromDisp
VarR8FromI8
SafeArraySetIID
VarDateFromBool
VarI8FromR4
VarI1FromDec
VarI4FromI8
SetVarConversionLocaleSetting
CreateErrorInfo
VarR8FromUI8
LPSAFEARRAY_UserFree
VarUI2FromDate
VarR4FromDisp
SafeArrayUnlock
VarDecFromBool
VarI1FromDate
SysAllocStringByteLen
VarInt
VarBstrCat
VarR8FromDate
VarFormatCurrency
VarNeg
VarUI2FromI1
VarR8FromStr
VarDecFix
DispCallFunc
VarMod
BstrFromVector
OleCreatePictureIndirect
SafeArrayRedim
VarUI8FromI1
VarR4FromUI8
VarDateFromUdateEx
VarI8FromStr
SafeArrayDestroy
VarUI1FromI2
VarR8FromUI4
GetAltMonthNames
VarDateFromUI8
StrCmpNIW
SHHelpShortcuts_RunDLL
SHFileOperationW
PrintersGetCommand_RunDLL
SHGetDiskFreeSpaceA
SHBrowseForFolderA
SHQueryRecycleBinA
Shell_NotifyIcon
RealShellExecuteA
SHLoadNonloadedIconOverlayIdentifiers
SHCreateShellItem
SHGetIconOverlayIndexA
SHHelpShortcuts_RunDLLA
StrNCmpW
StrChrIW
SHOpenFolderAndSelectItems
SHGetIconOverlayIndexW
SHExtractIconsW
SHHelpShortcuts_RunDLLW
DragQueryFile
SHGetDiskFreeSpaceExA
StrStrIW
OpenAs_RunDLL
OpenAs_RunDLLA
SHGetFolderPathW
FindExecutableA
Options_RunDLL
FreeIconList
ShellHookProc
SHGetNewLinkInfo
SHGetDataFromIDListA
SHParseDisplayName
DoEnvironmentSubstW
PathRemoveArgsA
StrRChrW
PathRenameExtensionW
PathRemoveBackslashA
ColorAdjustLuma
PathIsDirectoryA
SHRegGetUSValueW
UrlEscapeW
StrSpnA
PathUndecorateA
wvnsprintfW
SHRegGetUSValueA
PathRemoveBackslashW
SHRegDuplicateHKey
SHLoadIndirectString
SHRegEnumUSKeyA
PathIsLFNFileSpecA
wnsprintfW
PathMakeSystemFolderA
PathFindOnPathW
UrlIsNoHistoryA
PathIsLFNFileSpecW
PathMakePrettyA
StrChrA
StrFormatByteSizeW
StrCSpnIA
StrCmpIW
SHDeleteValueW
UrlUnescapeA
PathCompactPathExW
StrRetToBSTR
PathStripPathW
AssocQueryStringByKeyA
SHQueryInfoKeyW
UrlIsOpaqueW
UrlCompareA
PathIsDirectoryEmptyW
SHRegGetPathW
UrlHashA
SHRegOpenUSKeyW
StrTrimW
PathQuoteSpacesW
PathMatchSpecW
SHRegQueryInfoUSKeyW
PathIsURLA
SHRegSetPathA
PathRemoveBlanksA
StrRChrIA
UrlIsW
PathFindFileNameA
PathAddExtensionW
PathFindNextComponentA
StrRetToStrW
PathBuildRootA
RedrawWindow
ChangeDisplaySettingsW
ShowStartGlass
GetMenuInfo
GetInputState
LoadBitmapW
DrawStateA
EnumDesktopsW
GetGuiResources
SetWindowPos
GetNextDlgTabItem
IsWindow
GrayStringW
SetDeskWallpaper
ScrollWindowEx
OpenIcon
CharUpperBuffA
GrayStringA
WindowFromPoint
ChildWindowFromPoint
GetDC
GetCursorPos
LockWorkStation
GetMenu
SetThreadDesktop
GetClassInfoW
SetCaretPos
CharLowerBuffA
GetScrollPos
GetWindowTextLengthA
GetSysColor
CopyAcceleratorTableA
SetMessageExtraInfo
MapVirtualKeyExW
GetWindowTextLengthW
MapVirtualKeyExA
InvalidateRgn
GetComboBoxInfo
GetPropW
PostQuitMessage
CharNextExA
CreateCaret
GetClassInfoExA
GetDesktopWindow
ValidateRgn
PeekMessageW
GetTabbedTextExtentA
InsertMenuItemW
SetWindowPlacement
GetClipboardFormatNameW
CharToOemBuffW
IsCharAlphaA
IsWindowEnabled
GetDlgItemTextW
DestroyCaret
BroadcastSystemMessageExW
GetMenuBarInfo
EditWndProc
GetIconInfo
LoadStringA
SetClipboardData
OpenDesktopW
IsCharLowerA
IsZoomed
GetWindowPlacement
LoadStringW
WindowFromDC
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
EnumPropsA
GetDCEx
FlashWindow
MonitorFromPoint
CopyRect
EnumPropsW
GetWindowLongW
GetWindowInfo
CharNextW
DragDetect
IsDialogMessageA
MapWindowPoints
DrawAnimatedRects
OpenInputDesktop
GetProgmanWindow
OffsetRect
DefWindowProcW
SetLastErrorEx
KillTimer
MapVirtualKeyW
ClipCursor
GetClassNameA
ToUnicodeEx
GetWindowRect
BroadcastSystemMessageExA
SetCapture
InvertRect
SetProcessWindowStation
SendDlgItemMessageW
GetProcessWindowStation
GetAltTabInfoW
WaitMessage
CreatePopupMenu
GetTitleBarInfo
SetTimer
RemovePropW
CloseWindowStation
FindWindowExA
LoadIconA
TrackPopupMenu
PostThreadMessageW
GetMenuItemInfoA
IsDlgButtonChecked
GetMenuState
GetSystemMenu
FindWindowExW
DragObject
GetMenuItemInfoW
HideCaret
PrivateExtractIconsW
CreateIconIndirect
GetCapture
FindWindowA
PrivateExtractIconsA
LoadMenuW
RemoveMenu
MessageBoxExA
ScrollChildren
AppendMenuA
MonitorFromRect
RegisterClassExW
SetMenu
RegisterClipboardFormatA
CallWindowProcA
SetDlgItemInt
AppendMenuW
DestroyCursor
CreateIcon
MenuWindowProcW
SystemParametersInfoA
MenuItemFromPoint
DestroyIcon
SetDoubleClickTime
SubtractRect
UnionRect
FrameRect
RealGetWindowClassA
GetKeyNameTextW
AnimateWindow
IsCharUpperA
InvalidateRect
TranslateAcceleratorA
DefDlgProcA
AdjustWindowRect
ModifyMenuW
CloseDesktop
UnregisterDeviceNotification
IsRectEmpty
IsCharUpperW
wsprintfW
VerLanguageNameA
GetFileVersionInfoA
VerFindFileW
VerInstallFileA
VerQueryValueW
VerLanguageNameW
VerFindFileA
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA
FtpCreateDirectoryA
SetDefaultPrinterA
SetPrinterA
EnumFormsW
AdvancedSetupDialog
DocumentEvent
DeletePortA
AddMonitorW
SetPrinterW
DocumentPropertiesA
WritePrinter
AddMonitorA
ExtDeviceMode
DeleteMonitorW
GetDefaultPrinterW
ConfigurePortA
GetPrinterA
DeletePrinterDataExA
OpenPrinterA
SpoolerPrinterEvent
SetPortA
GetFormA
SplDriverUnloadComplete
SpoolerDevQueryPrintW
EnumPrinterDataExW
DeletePrinterDataW
EnumJobsA
GetJobW
GetPrinterDriverA
EnumPrintProcessorDatatypesA
AddPortExW
GetPrinterDriverDirectoryA
StartDocPrinterA
SeekPrinter
StartDocDlgW
QueryColorProfile
AddPrinterDriverA
GetPrinterDriverDirectoryW
DeleteFormA
EnumPrintersW
AddPrinterDriverW
PerfClose
PrinterMessageBoxA
WSCUpdateProvider
WSAInstallServiceClassA
WSCInstallNameSpace
getpeername
select
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAEnumProtocolsA
WSAHtons
WSASetServiceA
WSAGetServiceClassNameByClassIdW
WSCUnInstallNameSpace
WSAProviderConfigChange
WSACleanup
WSAGetOverlappedResult
gethostbyname
getnameinfo
WSASetLastError
WSACancelBlockingCall
WSAIsBlocking
getprotobyname
WSAEnumNetworkEvents
WSANSPIoctl
getprotobynumber
WTSVirtualChannelPurgeInput
WTSEnumerateSessionsA
WTSTerminateProcess
WTSVirtualChannelClose
WTSVirtualChannelPurgeOutput
WTSEnumerateSessionsW
WTSDisconnectSession
WTSSendMessageW
WTSSendMessageA
WTSWaitSystemEvent
WTSSetSessionInformationA
WTSCloseServer
WTSOpenServerA
WTSRegisterSessionNotification
WTSSetSessionInformationW
WTSOpenServerW
WTSQuerySessionInformationA
WTSLogoffSession
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSEnumerateProcessesW
WTSQuerySessionInformationW
WTSEnumerateServersW
WTSEnumerateProcessesA
WTSEnumerateServersA
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
RUSSIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
62464

ImageVersion
0.0

ProductName
ternals Desin wbugvieSy

FileVersionNumber
4.76.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

OriginalFilename
fdjuu5we.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.76

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
rnaStels Deut Viebug sinOuertpw

FileAccessDate
2014:11:10 21:01:56+01:00

ProductVersion
4.76

FileDescription
AllowMultipleInstances

OSVersion
4.0

FileCreateDate
2014:11:10 21:01:56+01:00

FileOS
Windows NT 32-bit

LegalCopyright
998 Ma8-20no0rk Ruichssiv

MachineType
Intel 386 or later, and compatibles

CompanyName
Slsysernaint

CodeSize
427520

FileSubtype
0

ProductVersionNumber
4.76.0.0

EntryPoint
0x16c0

ObjectFileType
Executable application

File identification
MD5 1aa95691508ef4be24b9a17f04d7b242
SHA1 25105bf50f79f832e91ee4056a51f87382be61f9
SHA256 d1b0f66927a86e67baf33367a1c2c76ce68c6bb8ebe1fb19df213293e391e2db
ssdeep
12288:PQpTJTz0UdkO7czd22PBub/Z9olrjjeZKSY:PQtJTz1dDqd23b/ZSxjjeu

authentihash d985371359430bc1ee0999c9ed107a6a9dd2f6844bec76af41706785d3623d2b
imphash 913fc64bcc61045c956613290a54d69f
File size 479.5 KB ( 491008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (32.6%)
Windows Screen Saver (29.1%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-10 20:00:40 UTC ( 3 years, 9 months ago )
Last submission 2014-11-10 20:00:40 UTC ( 3 years, 9 months ago )
File names drugvokrug-dlyakompa-znaemsoft-ru.exe
rnaStels Deut Viebug sinOuertpw
fdjuu5we.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections