× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2fd5ca3b07fde82408dfa284251c765bd9b5c1d776b8534a304b808e5685a08
File name: vt-upload-6MeAD
Detection ratio: 17 / 54
Analysis date: 2014-06-18 05:24:16 UTC ( 4 years, 9 months ago )
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.77645 20140618
AVG Crypt3.ZCN 20140618
Baidu-International Trojan.Win32.Zbot.CGen 20140617
Bkav HW32.CDB.18c5 20140617
CMC Trojan.Win32.Krap.2!O 20140617
ESET-NOD32 a variant of Win32/Kryptik.CEKP 20140618
Kaspersky Trojan-Spy.Win32.Zbot.tghy 20140618
Malwarebytes Spyware.Zbot.VXGen 20140618
McAfee RDN/Generic PWS.y!zy 20140618
McAfee-GW-Edition Artemis!FD996B07A84D 20140617
Microsoft PWS:Win32/Zbot 20140618
Panda Trj/CI.A 20140617
Qihoo-360 Malware.QVM20.Gen 20140618
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140617
Symantec WS.Reputation.1 20140618
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140618
VIPRE Trojan.Win32.Generic!BT 20140618
Ad-Aware 20140618
AegisLab 20140618
Yandex 20140614
AhnLab-V3 20140617
Antiy-AVL 20140617
Avast 20140618
BitDefender 20140618
ByteHero 20140618
CAT-QuickHeal 20140617
ClamAV 20140618
Commtouch 20140618
Comodo 20140618
DrWeb 20140618
Emsisoft 20140618
F-Prot 20140618
F-Secure 20140618
Fortinet 20140618
GData 20140618
Ikarus 20140618
Jiangmin 20140618
K7AntiVirus 20140617
K7GW 20140617
Kingsoft 20140618
eScan 20140618
NANO-Antivirus 20140618
Norman 20140618
nProtect 20140617
Sophos AV 20140618
SUPERAntiSpyware 20140618
TheHacker 20140617
TotalDefense 20140617
TrendMicro 20140618
TrendMicro-HouseCall 20140618
VBA32 20140617
ViRobot 20140618
Zillya 20140617
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
1997

Publisher EFS Software, Inc.
Product Iqivem
Original name Ggwxsw.exe
Internal name Zijak
File version 7, 7, 6
Description Vexa Ybu Jemohu
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-30 22:58:16
Entry Point 0x0002080F
Number of sections 5
PE sections
PE imports
GetVersionFromFile
TranslateInfString
RegSaveRestore
DelNodeRunDLL32
AdvInstallFile
UserInstStubWrapper
RunSetupCommand
SetPerUserSecValues
AddDelBackupEntry
UserUnInstStubWrapper
NeedReboot
SetThreadLocale
GetSystemWindowsDirectoryA
FileTimeToDosDateTime
LCMapStringW
LCMapStringA
TlsAlloc
GetModuleFileNameA
SetLocalTime
VerSetConditionMask
GlobalSize
GetDateFormatA
SetProcessPriorityBoost
GetCommProperties
_llseek
SetFilePointerEx
WritePrivateProfileSectionA
GetThreadContext
CompareStringW
FindFirstFileExA
GlobalFix
DeleteAtom
EnumResourceLanguagesA
IsValidLocale
lstrcmpW
ExpandEnvironmentStringsA
FreeResource
GlobalUnWire
LocalSize
SetLocaleInfoA
PostQueuedCompletionStatus
WriteProfileSectionW
IsBadCodePtr
SelectCMM
GetPS2ColorRenderingDictionary
AssociateColorProfileWithDeviceW
SetColorProfileElement
RegisterCMMW
ConvertColorNameToIndex
InstallColorProfileA
GetColorProfileFromHandle
CheckBitmapBits
GenerateCopyFilePaths
UninstallColorProfileW
CreateColorTransformW
RegisterCMMA
CreateMultiProfileTransform
GetColorProfileHeader
EnumColorProfilesW
UnregisterCMMW
SetStandardColorSpaceProfileW
DisassociateColorProfileFromDeviceA
SetStandardColorSpaceProfileA
InternalGetPS2ColorRenderingDictionary
NetReplSetInfo
NetShareEnum
NlBindingSetAuthInfo
NetUseDel
NetRemoteComputerSupports
NetUserGetLocalGroups
NetMessageNameAdd
NetReplImportDirDel
NetServerTransportDel
NetGroupSetUsers
RxNetAccessDel
NetApiBufferFree
NetMessageBufferSend
NetDfsSetInfo
NetReplExportDirUnlock
NetMessageNameGetInfo
NetUserSetInfo
NetReplExportDirSetInfo
NetUserChangePassword
NetShareAdd
NetDfsAddStdRootForced
NetWkstaUserSetInfo
NetGroupGetUsers
DsValidateSubnetNameW
NetGroupAdd
NetUseGetInfo
NetServerSetInfo
I_BrowserResetStatistics
NetUserGetInfo
DsAddressToSiteNamesExA
NetServerComputerNameAdd
RtlSystemTimeToLocalTime
ZwQueueApcThread
RtlLockHeap
ZwAllocateUserPhysicalPages
RtlCutoverTimeToSystemTime
ZwSetSystemInformation
RtlTraceDatabaseEnumerate
RtlGetLongestNtPathLength
RtlCreateTimer
RtlRandom
RtlTryEnterCriticalSection
RtlInitializeGenericTable
NtSetSystemTime
ZwQueryDirectoryFile
NtIsSystemResumeAutomatic
NtQuerySection
LdrFindResource_U
RtlUpcaseUnicodeStringToCountedOemString
RtlFindNextForwardRunClear
NtReplyWaitReplyPort
RtlCopyString
RtlCreateUserThread
RtlpNtOpenKey
ZwRestoreKey
NtUnlockFile
ZwCreateMailslotFile
NtQueryInformationAtom
NtSetTimer
ZwSetInformationProcess
LdrAccessResource
DsFreeNameResultA
DsMapSchemaGuidsA
DsReplicaModifyW
DsCrackNamesA
DsReplicaUpdateRefsA
DsReplicaModifyA
DsListDomainsInSiteW
DsListServersInSiteA
DsMakePasswordCredentialsW
DsListRolesW
DsGetDomainControllerInfoA
DsListServersForDomainInSiteW
DsListRolesA
DsReplicaConsistencyCheck
DsListInfoForServerW
DsFreeSpnArrayA
DsReplicaSyncA
DsQuoteRdnValueW
DsListInfoForServerA
DsFreeSchemaGuidMapW
DsReplicaSyncW
DsFreePasswordCredentials
DsReplicaSyncAllW
DsListSitesA
DsBindA
DsReplicaAddA
DsWriteAccountSpnW
DsReplicaSyncAllA
DsReplicaDelA
WindowFromAccessibleObject
AccessibleObjectFromEvent
LresultFromObject
AccessibleObjectFromPoint
GetStateTextA
AccessibleChildren
GetOleaccVersionInfo
CreateStdAccessibleProxyW
GetStateTextW
AccessibleObjectFromWindow
RegisterBindStatusCallback
IsLoggingEnabledW
HlinkSimpleNavigateToString
CoGetClassObjectFromURL
CreateAsyncBindCtx
IsLoggingEnabledA
GetClassURL
CreateAsyncBindCtxEx
CoInternetCreateZoneManager
URLDownloadToCacheFileA
FindMediaType
RegisterMediaTypes
CoInternetParseUrl
CoInternetCombineUrl
ReleaseBindInfo
URLOpenBlockingStreamA
URLOpenPullStreamW
GetComponentIDFromCLSSPEC
BindAsyncMoniker
HlinkGoBack
URLOpenPullStreamA
UrlMkSetSessionOption
UrlMkGetSessionOption
RedrawWindow
MapVirtualKeyA
OpenInputDesktop
SendInput
CheckRadioButton
SendNotifyMessageW
ToAsciiEx
MessageBoxExA
DdeCreateStringHandleA
SetMenu
SwitchToThisWindow
ShowWindowAsync
LoadKeyboardLayoutW
OemToCharBuffW
LoadKeyboardLayoutA
DestroyIcon
GetClientRect
IsCharAlphaW
DrawTextW
GetClassLongA
ModifyMenuA
SetMessageExtraInfo
ImpersonateDdeClientWindow
IsDialogMessageW
DdeFreeStringHandle
IsDlgButtonChecked
EnumPropsExW
GetMenuItemInfoA
InvalidateRgn
CreateAcceleratorTableA
GetAncestor
PlayGdiScriptOnPrinterIC
DocumentPropertiesW
DocumentEvent
ResetPrinterA
SetDefaultPrinterW
GetPrinterDataW
EnumPortsA
DeletePrinterDataExW
GetPrinterW
WaitForPrinterChange
SetPrinterDataExW
DevQueryPrint
EnumPrinterDriversW
CommitSpoolData
GetPrinterA
GetDefaultPrinterA
ClosePrinter
ScheduleJob
DeletePrintProvidorA
SetPrinterDataExA
AddPrintProcessorW
DevicePropertySheets
DeletePrinterDataA
GetPrinterDriverW
PrinterMessageBoxW
AdvancedDocumentPropertiesW
DeletePrinterDriverExW
SetPrinterDataW
AddPrinterDriverA
StartDocDlgA
Number of PE resources by type
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:30 23:58:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
147456

LinkerVersion
7.1

FileAccessDate
2014:06:18 06:28:12+01:00

EntryPoint
0x2080f

InitializedDataSize
376832

SubsystemVersion
4.0

ImageVersion
9.3

OSVersion
4.0

FileCreateDate
2014:06:18 06:28:12+01:00

UninitializedDataSize
0

File identification
MD5 fd996b07a84d704a7af4f3c625446c23
SHA1 ce9c4d6f996830e05635965b2d32b8cf1f42d75b
SHA256 d2fd5ca3b07fde82408dfa284251c765bd9b5c1d776b8534a304b808e5685a08
ssdeep
3072:I0auUUHCfNKRj5HpH4qukZs2eLUC1rR6YHZIGtxEPgdeb83TUAsFZ2:haDMCmjxz22fk26EPgdeb8e2

imphash ae112d14353e67f470b1d56081193486
File size 206.5 KB ( 211456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-18 05:24:16 UTC ( 4 years, 9 months ago )
Last submission 2014-06-18 05:24:16 UTC ( 4 years, 9 months ago )
File names Zijak
vt-upload-6MeAD
Ggwxsw.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.