× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc3fc5a68bc7a64ec863961699f2cf4344d4165096a36970edadd2fc3ef86930
File name: vt-upload-ofq1T
Detection ratio: 15 / 54
Analysis date: 2014-06-19 05:20:23 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.395815 20140618
AntiVir TR/Crypt.ZPACK.80716 20140618
BitDefender Gen:Variant.Kazy.395815 20140618
Bkav HW32.CDB.63de 20140618
Emsisoft Gen:Variant.Kazy.395815 (B) 20140618
ESET-NOD32 a variant of Win32/Kryptik.CERC 20140618
F-Secure Gen:Variant.Kazy.395815 20140618
GData Gen:Variant.Kazy.395815 20140618
Kaspersky Trojan-Spy.Win32.Zbot.tgun 20140618
Malwarebytes Spyware.Zbot.VXGen 20140618
McAfee PWSZbot-FXW!4DB7282058DF 20140618
eScan Gen:Variant.Kazy.395815 20140618
Qihoo-360 Win32/Trojan.673 20140619
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140618
Symantec WS.Reputation.1 20140618
AegisLab 20140618
Yandex 20140618
AhnLab-V3 20140618
Antiy-AVL 20140618
Avast 20140618
AVG 20140618
Baidu-International 20140618
ByteHero 20140619
CAT-QuickHeal 20140617
ClamAV 20140618
CMC 20140618
Commtouch 20140618
Comodo 20140618
DrWeb 20140618
F-Prot 20140618
Fortinet 20140618
Ikarus 20140618
Jiangmin 20140618
K7AntiVirus 20140618
K7GW 20140618
Kingsoft 20140619
McAfee-GW-Edition 20140618
Microsoft 20140618
NANO-Antivirus 20140618
Norman 20140618
nProtect 20140618
Panda 20140618
Sophos AV 20140618
SUPERAntiSpyware 20140618
Tencent 20140619
TheHacker 20140617
TotalDefense 20140618
TrendMicro 20140618
TrendMicro-HouseCall 20140618
VBA32 20140618
VIPRE 20140618
ViRobot 20140618
Zillya 20140618
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
 1999

Publisher Privacy Software Corporation
Product Ytarupi
Original name Mmwvj.exe
Internal name Ruweweq
File version 2, 8, 1
Description Ybemam Qosujy Vegaz
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-25 07:55:07
Entry Point 0x0001FFE5
Number of sections 5
PE sections
PE imports
PlayEnhMetaFileRecord
SetMapMode
CreateHalftonePalette
GetDIBColorTable
CreateRectRgnIndirect
GetROP2
CancelDC
GdiStartPageEMF
SetMetaFileBitsEx
SetWorldTransform
OffsetClipRgn
PatBlt
GdiGetPageHandle
SetAbortProc
DescribePixelFormat
GetArcDirection
EnumObjects
UnrealizeObject
SetPixelFormat
SetTextAlign
GetDCOrgEx
StretchBlt
EnumICMProfilesA
SelectObject
GetEnhMetaFileHeader
GetSystemPaletteUse
WidenPath
GetViewportExtEx
BeginPath
Ellipse
ImmNotifyIME
ImmGenerateMessage
ImmGetIMEFileNameA
ImmSetCompositionStringA
ImmGetIMEFileNameW
ImmSimulateHotKey
ImmEscapeW
ImmInstallIMEW
ImmGetDefaultIMEWnd
ImmCreateSoftKeyboard
ImmGetCompositionStringA
ImmGetIMCLockCount
ImmReSizeIMCC
ImmGetDescriptionW
ImmGetOpenStatus
ImmUnregisterWordW
ImmRequestMessageW
ImmGetGuideLineA
ImmUnlockIMCC
ImmGetCompositionFontW
ImmDestroySoftKeyboard
ImmConfigureIMEA
ImmSetCompositionWindow
ImmIsUIMessageW
ImmEnumRegisterWordA
ImmSetCompositionFontA
ImmReleaseContext
GetProcessShutdownParameters
ExitProcess
Sleep
FindFirstFileExA
SetSystemTimeAdjustment
DsReplicaConsistencyCheck
DsListInfoForServerW
DsGetDomainControllerInfoW
DsServerRegisterSpnW
DsReplicaSyncAllW
DsGetDomainControllerInfoA
DsReplicaFreeInfo
DsWriteAccountSpnW
DsReplicaSyncAllA
DsBindWithCredA
DsGetSpnA
StgPropertyLengthAsVariant
OleCreateLinkEx
ReadStringStream
OleCreateLinkToFileEx
CoGetTreatAsClass
OleRegGetUserType
CreatePointerMoniker
CoSetCancelObject
OleCreateEx
CreateStreamOnHGlobal
CoImpersonateClient
StgGetIFillLockBytesOnILockBytes
PropSysFreeString
HBRUSH_UserFree
OleDuplicateData
CoUnmarshalHresult
HBRUSH_UserUnmarshal
StgCreateStorageEx
SNB_UserMarshal
OleGetClipboard
UtConvertDvtd32toDvtd16
SetDocumentBitStg
CoInitialize
IIDFromString
OleCreateFromData
HMENU_UserSize
CoReactivateObject
WdtpInterfacePointer_UserSize
OleSetClipboard
OleBuildVersion
IsValidPtrOut
GetModuleFileNameExA
QueryWorkingSet
GetModuleBaseNameA
GetModuleFileNameExW
GetProcessMemoryInfo
GetMappedFileNameA
GetModuleInformation
GetDeviceDriverBaseNameA
GetModuleBaseNameW
RpcBindingInqObject
I_RpcReallocPipeBuffer
RpcNsBindingInqEntryNameA
I_RpcGetExtendedError
UuidFromStringA
NdrUserMarshalMemorySize
RpcMgmtIsServerListening
RpcEpRegisterNoReplaceA
NdrNonEncapsulatedUnionBufferSize
NdrComplexArrayFree
NdrNsGetBuffer
NdrConformantStructMarshall
NdrCorrelationInitialize
UuidIsNil
NdrCStdStubBuffer_Release
RpcServerUseProtseqExW
RpcServerUnregisterIf
RpcMgmtInqIfIds
NdrInterfacePointerMemorySize
RpcBindingInqAuthClientW
RpcCancelThreadEx
NdrEncapsulatedUnionUnmarshall
RpcEpUnregister
RpcMgmtSetAuthorizationFn
NdrVaryingArrayBufferSize
NdrComplexStructMarshall
NdrFullPointerFree
RpcMgmtInqStats
RpcBindingSetAuthInfoExW
RpcServerUseProtseqA
NdrXmitOrRepAsMarshall
RpcIfInqId
StrFormatKBSizeA
StrSpnW
PathRemoveBackslashA
SHCopyKeyW
SHRegisterValidateTemplate
StrFormatByteSizeW
StrRChrIW
StrTrimW
PathRemoveExtensionA
ColorHLSToRGB
UrlIsNoHistoryA
StrToIntExA
SHEnumValueA
SHRegGetBoolUSValueA
SHRegQueryUSValueA
PathCreateFromUrlA
SHRegGetPathW
AssocQueryStringA
StrCatBuffW
PathIsFileSpecA
UrlHashA
PathRenameExtensionA
StrFromTimeIntervalW
SHRegOpenUSKeyW
PathFileExistsW
PathRemoveBlanksW
lineGetNumRings
lineGatherDigitsA
lineUncompleteCall
lineSetAppSpecific
lineSetCurrentLocation
lineSetupTransferW
MMCGetServerConfig
lineGatherDigitsW
lineAgentSpecific
lineMonitorDigits
lineGetAgentCapsW
phoneSetButtonInfoA
lineHandoffA
lineCompleteCall
phoneGetIDW
phoneDevSpecific
lineSetAgentMeasurementPeriod
lineConfigDialogEditW
LAddrParamsInited
lineUnparkW
lineGetAgentActivityListW
lineGetMessage
lineGetConfRelatedCalls
internalConfig
internalRemoveLocation
lineGetDevConfigW
lineGetDevCapsW
lineSecureCall
phoneInitialize
MMCGetPhoneInfo
lineMonitorTones
URLOpenStreamW
IsLoggingEnabledW
HlinkSimpleNavigateToString
CreateFormatEnumerator
HlinkNavigateMoniker
RevokeFormatEnumerator
HlinkGoForward
HlinkNavigateString
CreateURLMoniker
URLDownloadW
CreateAsyncBindCtxEx
URLDownloadA
CoInternetCreateZoneManager
FindMediaType
GetClassFileOrMime
RegisterMediaTypes
CoInternetParseUrl
URLDownloadToCacheFileW
CoInternetCombineUrl
IsValidURL
SetSoftwareUpdateAdvertisementState
URLOpenPullStreamA
FindMediaTypeClass
WriteHitLogging
FindMimeFromData
DdeGetData
mciGetDeviceIDFromElementIDW
waveOutReset
WOWAppExit
mciExecute
waveOutGetDevCapsA
timeSetEvent
midiInGetErrorTextW
waveOutGetNumDevs
waveOutOpen
waveInGetDevCapsA
waveInMessage
timeEndPeriod
mmioSetInfo
midiOutReset
waveInGetDevCapsW
mmioRenameA
waveInGetID
mciGetDeviceIDW
auxOutMessage
mmTaskBlock
midiOutCacheDrumPatches
mciGetErrorStringA
mmioRenameW
mixerGetControlDetailsW
midiOutCachePatches
midiStreamOpen
mmsystemGetVersion
mciGetDeviceIDA
waveInStart
waveOutWrite
waveInReset
htonl
WSAConnect
WSASendDisconnect
ioctlsocket
connect
WSASocketW
WSADuplicateSocketW
WSAGetLastError
getsockopt
WSAGetServiceClassNameByClassIdA
WSACloseEvent
ntohs
WSARecvDisconnect
gethostbyaddr
listen
WSANtohl
WSAProviderConfigChange
WSALookupServiceNextA
WSAAsyncSelect
gethostbyname
getpeername
WSCWriteNameSpaceOrder
WSAStringToAddressW
WSACancelBlockingCall
WSALookupServiceBeginW
bind
WSALookupServiceBeginA
WSAGetQOSByName
Number of PE resources by type
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:02:25 08:55:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
143360

LinkerVersion
7.1

FileAccessDate
2014:06:19 06:18:16+01:00

EntryPoint
0x1ffe5

InitializedDataSize
278528

SubsystemVersion
4.0

ImageVersion
10.0

OSVersion
4.0

FileCreateDate
2014:06:19 06:18:16+01:00

UninitializedDataSize
0

File identification
MD5 4db7282058df5fe6210ac77377560bfe
SHA1 2566a286b990f3b280156ff1229e55e10e1c529e
SHA256 dc3fc5a68bc7a64ec863961699f2cf4344d4165096a36970edadd2fc3ef86930
ssdeep
6144:S1wPpEyvB0z1h2hiuJMyxO/xYnGZTt9UhY/ABCe4ISCz0V:jEy50yi/aGltWhVCGI

imphash 245c20fcc8036ffc817985d5cd933640
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-19 05:20:23 UTC ( 4 years, 9 months ago )
Last submission 2014-06-19 05:20:23 UTC ( 4 years, 9 months ago )
File names Mmwvj.exe
Ruweweq
vt-upload-ofq1T
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications