× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de1a6089b2be8d54870941c6052ace8c6556afded7305debf80e270695150a12
File name: vt-upload-aRZM6
Detection ratio: 11 / 51
Analysis date: 2014-03-28 05:37:57 UTC ( 3 years, 3 months ago )
Antivirus Result Update
AntiVir TR/ZbotCitadel.A.793 20140328
Avast Win32:Malware-gen 20140328
AVG Win32/Cryptor 20140328
Kaspersky Trojan-Spy.Win32.Zbot.rwuw 20140328
Malwarebytes Spyware.Zbot.VXGen 20140328
McAfee Artemis!DE899FF65BF2 20140328
McAfee-GW-Edition Artemis!DE899FF65BF2 20140328
Qihoo-360 Win32/Trojan.BO.284 20140328
Rising PE:Malware.Generic/QRS!1.9E2D 20140327
Sophos Mal/Generic-S 20140328
TrendMicro-HouseCall TROJ_GEN.R00JH07CR14 20140328
Ad-Aware 20140328
AegisLab 20140328
Yandex 20140327
AhnLab-V3 20140327
Antiy-AVL 20140328
Baidu-International 20140327
BitDefender 20140328
Bkav 20140327
ByteHero 20140328
CAT-QuickHeal 20140327
ClamAV 20140327
CMC 20140326
Commtouch 20140328
Comodo 20140328
DrWeb 20140328
Emsisoft 20140328
ESET-NOD32 20140328
F-Prot 20140328
F-Secure 20140328
Fortinet 20140328
GData 20140328
Ikarus 20140328
Jiangmin 20140328
K7AntiVirus 20140327
K7GW 20140328
Kingsoft 20140328
Microsoft 20140328
eScan 20140328
NANO-Antivirus 20140328
Norman 20140327
nProtect 20140327
Panda 20140327
SUPERAntiSpyware 20140328
Symantec 20140328
TheHacker 20140327
TotalDefense 20140327
TrendMicro 20140328
VBA32 20140327
VIPRE 20140328
ViRobot 20140328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 AppofixDev Group

Publisher AppofixDev Group
Product Application Devices Control Panel
Original name appdevpanel
Internal name app dev ctrl panel
File version 5.0.4.1
Description Application Devices Control Panel
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-25 09:20:01
Entry Point 0x00005FFA
Number of sections 6
PE sections
PE imports
CryptAcquireContextA
ImageList_Draw
CreatePatternBrush
ExtFloodFill
GetBoundsRect
SelectObject
MoveToEx
EnumFontFamiliesA
GetInterfaceInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
SetConsoleMode
GetConsoleCP
SetEvent
QueryPerformanceCounter
LocalAlloc
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetCurrentDirectoryW
GetConsoleMode
DecodePointer
GetFileSize
IsDebuggerPresent
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetLogicalDrives
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
GetModuleHandleA
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ReadConsoleA
GetOEMCP
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
AlphaBlend
VariantClear
VariantInit
SafeArrayCreateVector
SysAllocString
UuidFromStringA
SetupDiCreateDeviceInfoList
SHGetFileInfoA
SHGetFolderLocation
SHGetDesktopFolder
Ord(155)
SetFocus
MapWindowPoints
GetParent
GetScrollInfo
LoadMenuA
PostQuitMessage
DefWindowProcA
ShowWindow
SetClassLongA
LoadBitmapA
IsWindow
SendMessageW
EnableWindow
SetCapture
ReleaseCapture
SetWindowLongA
CheckDlgButton
GetDC
SystemParametersInfoA
GetMenu
UnregisterClassA
GetDlgItem
GetWindowLongA
SendMessageTimeoutA
LoadCursorA
GetMenuItemCount
GetWindowTextA
GetSubMenu
DestroyWindow
WinHttpSetOption
CoInitializeEx
CoUninitialize
CreateBindCtx
Number of PE resources by type
Struct(28) 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
243712

ImageVersion
0.0

ProductName
Application Devices Control Panel

FileVersionNumber
5.0.4.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
appdevpanel

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.4.1

TimeStamp
2014:03:25 10:20:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
app dev ctrl panel

FileAccessDate
2014:03:28 07:09:18+01:00

ProductVersion
5.0.4.1

FileDescription
Application Devices Control Panel

OSVersion
5.1

FileCreateDate
2014:03:28 07:09:18+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2013 AppofixDev Group

MachineType
Intel 386 or later, and compatibles

CompanyName
AppofixDev Group

CodeSize
51712

FileSubtype
0

ProductVersionNumber
5.0.4.1

EntryPoint
0x5ffa

ObjectFileType
Executable application

File identification
MD5 de899ff65bf2ce5bc77f5d55c8a67cad
SHA1 14885d4375cafe1c7e1fa75321cecd0065a269d5
SHA256 de1a6089b2be8d54870941c6052ace8c6556afded7305debf80e270695150a12
ssdeep
6144:GlF2aLsYb5goE68oV4O7EpOlt28uyMvUd5Xf9fs:mdsYb5g28dqMsd/s

imphash 235718842585b6cef97ddf56a724316c
File size 289.5 KB ( 296448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-28 05:37:57 UTC ( 3 years, 3 months ago )
Last submission 2014-03-28 05:37:57 UTC ( 3 years, 3 months ago )
File names app dev ctrl panel
vt-upload-aRZM6
appdevpanel
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests