× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d20e5f7cdec668ec88c2d956d24c68887eac1994d30d8e1a1d2d185133464b29
File name: ff.exe
Detection ratio: 27 / 53
Analysis date: 2014-05-26 17:03:38 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1693889 20140526
AntiVir TR/PSW.Zbot.15929 20140526
Avast Win32:Malware-gen 20140526
AVG Zbot.JEK 20140526
BitDefender Trojan.GenericKD.1693889 20140526
DrWeb Trojan.PWS.Panda.7368 20140526
Emsisoft Trojan.GenericKD.1693889 (B) 20140526
ESET-NOD32 Win32/Spy.Zbot.AAQ 20140526
Fortinet W32/Zbot.SXBV!tr 20140526
GData Trojan.GenericKD.1693889 20140526
Ikarus Virus.Win32.Zbot 20140526
K7AntiVirus Spyware ( 003783441 ) 20140526
K7GW Spyware ( 003783441 ) 20140526
Kaspersky Trojan-Spy.Win32.Zbot.sxbv 20140526
Kingsoft Win32.Troj.Zbot.sx.(kcloud) 20140526
Malwarebytes Trojan.Zbot 20140526
McAfee Artemis!0CBA7EC4D479 20140526
McAfee-GW-Edition Artemis!0CBA7EC4D479 20140525
Microsoft PWS:Win32/Zbot 20140526
eScan Trojan.GenericKD.1693889 20140526
Panda Generic Malware 20140526
Qihoo-360 HEUR/Malware.QVM10.Gen 20140526
Sophos AV Mal/Generic-S 20140526
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140526
Tencent Win32.Trojan-spy.Zbot.Isw 20140526
TrendMicro-HouseCall TROJ_GEN.R0CBH07EP14 20140526
VIPRE Trojan.Win32.Generic!BT 20140526
AegisLab 20140526
Yandex 20140525
AhnLab-V3 20140526
Antiy-AVL 20140526
Baidu-International 20140526
Bkav 20140523
ByteHero 20140526
CAT-QuickHeal 20140526
ClamAV 20140526
CMC 20140526
Commtouch 20140526
Comodo 20140526
F-Prot 20140525
F-Secure 20140526
Jiangmin 20140526
NANO-Antivirus 20140526
Norman 20140526
nProtect 20140526
Rising 20140526
Symantec 20140526
TheHacker 20140526
TotalDefense 20140526
TrendMicro 20140526
VBA32 20140526
ViRobot 20140526
Zillya 20140526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2014 VedSolutions Group

Product Export WF Utility
Original name expwf.exe
Internal name export wf utility
File version 2.0.0.1
Description Export WF Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-23 17:57:37
Entry Point 0x00005B15
Number of sections 6
PE sections
PE imports
PropertySheetA
AddFontResourceA
DeleteDC
SelectObject
GetStockObject
CreateDIBitmap
SetDCBrushColor
SetBkMode
DeleteObject
Rectangle
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
GetQueuedCompletionStatus
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
CreateIoCompletionPort
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
lstrcmpA
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
DecodePointer
ResetEvent
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetConsoleCP
InterlockedDecrement
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
DeleteCriticalSection
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
WriteConsoleW
CloseHandle
GetErrorInfo
ExtractIconA
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
IsWindow
SendMessageW
CreateDialogIndirectParamW
UnregisterClassA
EnableWindow
LoadBitmapW
SendMessageA
EnumWindowStationsW
GetWindow
GetWindowTextA
MessageBoxW
InvalidateRect
UpdateWindow
DestroyWindow
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
225280

ImageVersion
0.0

ProductName
Export WF Utility

FileVersionNumber
2.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Export WF Utility

CharacterSet
Unicode

LinkerVersion
8.1

FileTypeExtension
exe

OriginalFileName
expwf.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.0.1

TimeStamp
2014:05:23 18:57:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
export wf utility

ProductVersion
2.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2014 VedSolutions Group

MachineType
Intel 386 or later, and compatibles

CompanyName
VedSolutions Group

CodeSize
50176

FileSubtype
0

ProductVersionNumber
2.0.0.1

EntryPoint
0x5b15

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0cba7ec4d4799997a778fdadfe601db1
SHA1 7ee6be09bebbfda492932b0db96aa56231590c5f
SHA256 d20e5f7cdec668ec88c2d956d24c68887eac1994d30d8e1a1d2d185133464b29
ssdeep
6144:pO3OkI0NfkM7Clz1Peed3df5Vm/tDNqij0J7J8:MtI0NrClhNf/m1Mn1i

authentihash 48fa5c8d0b0d70c6bcb025dc343921ab6d89ace6ce68158db85350b27ee709ba
imphash d289058fd15df61c8f20fa0eb354f60b
File size 270.0 KB ( 276480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-24 07:11:38 UTC ( 4 years, 10 months ago )
Last submission 2016-12-06 16:04:22 UTC ( 2 years, 3 months ago )
File names ff.exe
2014-07-05-21-16-47-0cba7ec4d4799997a778fdadfe601db1
ff.ex
0cba7ec4d4799997a778fdadfe601db1
2014-07-02-00-51-55-0cba7ec4d4799997a778fdadfe601db1
0cba7ec4d4799997a778fdadfe601db1.exe
2014-07-02-01-17-26-0cba7ec4d4799997a778fdadfe601db1
27552096
output.27552096.txt
2014-07-01-23-00-43-0cba7ec4d4799997a778fdadfe601db1
export wf utility
0CBA7EC4D4799997A778FDADFE601DB1
2014-07-03-02-50-08-0cba7ec4d4799997a778fdadfe601db1
file-7082784_
2014-07-01-21-53-22-0cba7ec4d4799997a778fdadfe601db1
expwf.exe
2014-07-04-22-48-46-0cba7ec4d4799997a778fdadfe601db1
2014-07-03-21-50-05-0cba7ec4d4799997a778fdadfe601db1
d20e5f7cdec668ec88c2d956d24c68887eac1994d30d8e1a1d2d185133464b29.bin
2014-07-06-22-07-31-0cba7ec4d4799997a778fdadfe601db1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.