× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dae8aa7d95823779ae29f74571f42bf70bbb1e3a294842470c9f75f757ca43b1
File name: TICKET-ID.exe
Detection ratio: 23 / 46
Analysis date: 2013-05-08 11:12:54 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20130507
AntiVir TR/Spy.ZBot.FFV 20130508
BitDefender Trojan.GenericKD.978999 20130508
Commtouch W32/Trojan.KJQJ-6547 20130508
ESET-NOD32 Win32/Spy.Zbot.AAU 20130508
Emsisoft Trojan.Win32.Agent.AMN (A) 20130508
F-Prot W32/Trojan3.CFC 20130508
F-Secure Trojan.Spy.ZBot.FFV 20130508
Fortinet W32/Agent.ABPW!tr 20130508
GData Trojan.GenericKD.978999 20130508
Ikarus Trojan-Spy.Zbot 20130508
Kaspersky Trojan-Spy.Win32.Zbot.lhim 20130508
Kingsoft Win32.Troj.Zbot.lh.(kcloud) 20130506
McAfee PWS-Zbot-FAYN 20130508
McAfee-GW-Edition Artemis!247C67CB9992 20130508
MicroWorld-eScan Trojan.GenericKD.978999 20130508
PCTools Trojan.Zbot 20130508
Panda Suspicious file 20130508
Sophos Troj/Agent-ABPW 20130508
Symantec Trojan.Zbot 20130508
TrendMicro TSPY_ZBOT.DLS 20130508
TrendMicro-HouseCall TSPY_ZBOT.DLS 20130508
nProtect Trojan.Spy.ZBot.FFV 20130508
AVG 20130508
Agnitum 20130507
Antiy-AVL 20130508
Avast 20130508
ByteHero 20130508
CAT-QuickHeal 20130508
ClamAV 20130507
Comodo 20130508
DrWeb 20130508
Jiangmin 20130508
K7AntiVirus 20130506
K7GW 20130506
Malwarebytes 20130508
Microsoft 20130508
NANO-Antivirus 20130508
Norman 20130508
SUPERAntiSpyware 20130508
TheHacker 20130507
TotalDefense 20130508
VBA32 20130508
VIPRE 20130508
ViRobot 20130508
eSafe 20130501
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© 2001 Oma Jemun. Ikyve Geqaqer Pevu.

Publisher TalkSwitch Incorporated
Product Zitarix
Version 10, 8
Original name Unihl.exe
Internal name Ypuzy
Description Apepiru Linipip Ifo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-01 09:56:25
Link date 10:56 AM 2/1/2011
Entry Point 0x0001FF98
Number of sections 4
PE sections
PE imports
EnumUILanguagesA
DosDateTimeToFileTime
GetFileTime
ReplaceFileW
GetCommMask
GetVersionExA
VerifyVersionInfoW
GlobalSize
GetUserDefaultLCID
Process32FirstW
GetProfileStringW
FindResourceExA
GetDiskFreeSpaceW
SetTapeParameters
GlobalAddAtomA
CreateMutexW
CompareStringA
DeleteVolumeMountPointA
GlobalFix
GetBinaryTypeA
SetVolumeLabelW
GetSystemTimeAdjustment
GlobalFree
FreeUserPhysicalPages
SetEndOfFile
PrepareTape
SHGetIconOverlayIndexA
GetMessagePos
DdeReconnect
EnumDesktopsW
SetSystemCursor
ValidateRect
LoadBitmapA
DdeImpersonateClient
DdeCreateStringHandleA
OpenIcon
VkKeyScanA
OemToCharBuffW
RegisterShellHookWindow
ChildWindowFromPointEx
GetMenu
UnregisterClassA
GetMenuItemInfoW
CharLowerBuffA
DdeFreeDataHandle
DestroyCaret
GetActiveWindow
EnableScrollBar
GetWindowTextW
EnumPropsExW
CopyAcceleratorTableW
MsgWaitForMultipleObjects
LoadMenuIndirectW
DdeDisconnectList
GetClassInfoExW
GetCursorInfo
EqualRect
CreateCaret
GetClassInfoExA
SetMenuInfo
GetNextDlgGroupItem
EnumDisplayMonitors
IsCharAlphaW
SetMessageQueue
EnableWindow
IMPSetIMEW
GetDlgItemTextA
TranslateMessage
SetDebugErrorLevel
LoadStringA
DdeQueryConvInfo
SetClipboardData
GetKeyboardLayoutList
IsIconic
InvertRect
UnhookWinEvent
IsDialogMessageW
EnumThreadWindows
CreateAcceleratorTableW
DlgDirListW
GetGUIThreadInfo
GetUserObjectSecurity
CharPrevA
CreateDesktopA
PostMessageA
DefMDIChildProcW
GetKeyboardLayoutNameW
ToAsciiEx
GetParent
SetWindowLongW
SetCapture
WINNLSEnableIME
CreatePopupMenu
GetClassLongW
RemovePropW
DdeClientTransaction
GetClassLongA
ChangeMenuA
InsertMenuA
LoadCursorA
TrackPopupMenu
DialogBoxIndirectParamW
GetMenuState
LoadIconW
WindowFromDC
GetCaretBlinkTime
GetScrollInfo
SetWindowContextHelpId
SetWindowTextA
GetSysColorBrush
HiliteMenuItem
MessageBoxW
SetDlgItemTextA
SetRectEmpty
DlgDirListComboBoxA
CascadeChildWindows
LookupIconIdFromDirectoryEx
LoadKeyboardLayoutA
GetKeyNameTextA
GetWindowModuleFileNameW
UnpackDDElParam
SystemParametersInfoW
MonitorFromWindow
GetClassNameW
TranslateAcceleratorA
UnregisterDeviceNotification
CallWindowProcA
FindNextPrinterChangeNotification
EXTDEVICEMODE
SetJobA
DeletePrinterDataExA
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH BELIZE 6
ExifTool file metadata
LegalTrademarks
Van Adi Vad Dyloki Gudu Bezaxy Uqu Yfydoja Iriq Utibuzy

SubsystemVersion
4.0

InitializedDataSize
89088

ImageVersion
0.0

ProductName
Zitarix

FileVersionNumber
10.8.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
4.0

OriginalFilename
Unihl.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2011:02:01 10:56:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ypuzy

FileAccessDate
2013:05:20 01:36:05+01:00

ProductVersion
10, 8

FileDescription
Apepiru Linipip Ifo

OSVersion
4.0

FileCreateDate
2013:05:20 01:36:05+01:00

FileOS
Windows NT 32-bit

LegalCopyright
2001 Oma Jemun. Ikyve Geqaqer Pevu.

MachineType
Intel 386 or later, and compatibles

CompanyName
TalkSwitch Incorporated

CodeSize
155136

FileSubtype
0

ProductVersionNumber
10.8.0.0

EntryPoint
0x1ff98

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 247c67cb99922fd4d0e2ca5d6976fc29
SHA1 f29fba722409cf66cf45167a40c8a7801bbe09fe
SHA256 dae8aa7d95823779ae29f74571f42bf70bbb1e3a294842470c9f75f757ca43b1
ssdeep
6144:r5fWm3cJOQ9vdFMg6yVqcthOSUnTgER6iwVE76:rkJOKv/6QhOoEROVj

File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (38.0%)
Generic Win/DOS Executable (11.7%)
DOS Executable Generic (11.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-07 18:05:04 UTC ( 11 months, 2 weeks ago )
Last submission 2013-05-20 00:20:07 UTC ( 11 months ago )
File names TICKET-ID.exe
247c67cb99922fd4d0e2ca5d6976fc29.virus
TICKET-ID-62232-042013.exe
vti-rescan
TICKETID62232042013.exe
Unihl.exe
247c67cb99922fd4d0e2ca5d6976fc29.exe
Ypuzy
file-5469348_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications