× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de224cd737587233cfbec4a648de36dba5f620bd44c9f35a7577a82373e202dc
File name: invoice copy.exe
Detection ratio: 33 / 47
Analysis date: 2013-05-21 15:48:17 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
AVG Zbot.AFN 20130521
AhnLab-V3 Win-Trojan/Inject.329728.J 20130521
AntiVir TR/Spy.ZBot.AD.32 20130521
Avast Win32:Malware-gen 20130521
BitDefender Trojan.GenericKD.1002473 20130521
ByteHero Trojan.Malware.Obscu.Gen.002 20130517
Commtouch W32/Trojan.LYTQ-7476 20130521
Comodo UnclassifiedMalware 20130521
DrWeb Trojan.PWS.Panda.3734 20130521
ESET-NOD32 Win32/Spy.Zbot.AAU 20130521
Emsisoft Trojan.Win32.AMN (A) 20130521
F-Prot W32/Trojan3.CGS 20130521
F-Secure Trojan:W32/Agent.DULM 20130521
Fortinet W32/Inject.FOIQ!tr 20130521
GData Trojan.GenericKD.1002473 20130521
Ikarus Trojan.Injector 20130521
K7AntiVirus Trojan 20130521
K7GW Trojan 20130521
Kaspersky Trojan.Win32.Inject.foiq 20130521
Malwarebytes Spyware.Zeus 20130521
McAfee RDN/Generic PWS.y!pp 20130521
McAfee-GW-Edition Artemis!4E7DC191117A 20130521
MicroWorld-eScan Trojan.GenericKD.1002473 20130521
Norman Smalltroj.ABZDH 20130521
PCTools Trojan.Zbot 20130521
Panda Trj/Zbot.M 20130521
Sophos Troj/Zbot-FDM 20130521
Symantec Trojan.Zbot 20130521
TrendMicro TSPY_INJECT.CVY 20130521
TrendMicro-HouseCall TSPY_INJECT.CVY 20130521
VIPRE Win32.Malware!Drop 20130521
ViRobot Trojan.Win32.Zbot.329728.A 20130521
nProtect Trojan.GenericKD.1002473 20130521
Agnitum 20130521
Antiy-AVL 20130521
CAT-QuickHeal 20130520
ClamAV 20130521
Jiangmin 20130520
Kingsoft 20130506
Microsoft 20130521
NANO-Antivirus 20130521
Rising 20130521
SUPERAntiSpyware 20130521
TheHacker 20130521
TotalDefense 20130521
VBA32 20130521
eSafe 20130520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© 1997 Usaze Vyva. Diqary Pac Cugule.

Publisher Apple Computer, Inc.
Product Osuvoka
Original name Lmifrtrtqnu.exe
Internal name Ivo
File version 8, 2, 4
Description Ibub Suqawo Qiserig
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-30 06:58:51
Link date 7:58 AM 7/30/2011
Entry Point 0x00022B4E
Number of sections 5
PE sections
PE imports
GetSystemTime
GlobalDeleteAtom
DebugBreak
EnumUILanguagesW
QueueUserAPC
GlobalSize
DisconnectNamedPipe
GetCurrentProcess
OpenFileMappingW
WriteProfileStringW
CompareStringW
GetTempPathA
InterlockedExchangeAdd
ReleaseSemaphore
GlobalReAlloc
LocalFlags
CreateSemaphoreW
GetProfileStringA
CloseHandle
IsValidLocale
IsBadStringPtrW
WaitNamedPipeA
CreateEventW
FindFirstVolumeMountPointW
GlobalHandle
EnumLanguageGroupLocalesA
GetDefaultCommConfigA
GetDeviceDriverFileNameW
GetProcessMemoryInfo
DdeAccessData
DestroyMenu
DrawStateW
LockSetForegroundWindow
CharUpperBuffA
DdeCreateStringHandleW
GetInputDesktop
SetActiveWindow
DrawTextA
LockWorkStation
SendMessageA
SetThreadDesktop
GetClientRect
LoadAcceleratorsA
GetTopWindow
MapVirtualKeyExW
RegisterClipboardFormatW
CopyAcceleratorTableW
GetCursorInfo
DlgDirListComboBoxW
CheckRadioButton
ShowWindow
GetCaretPos
GetListBoxInfo
PeekMessageW
CharUpperW
DialogBoxParamA
DdeEnableCallback
GetMenuDefaultItem
GetDlgItemInt
SetClipboardData
GetSystemMetrics
LoadStringW
DrawMenuBar
IsCharLowerW
EnumDisplayDevicesW
FillRect
IsWindowEnabled
SetWindowContextHelpId
GetSysColorBrush
GetDialogBaseUnits
OemToCharW
TabbedTextOutW
GetWindowInfo
GetUserObjectSecurity
IMPQueryIMEW
SendNotifyMessageA
MapVirtualKeyA
SetLastErrorEx
GetMonitorInfoA
GetComboBoxInfo
ToAsciiEx
ToUnicodeEx
CharLowerA
SetScrollRange
UpdateWindow
PostMessageA
DrawIcon
CheckMenuItem
GetClassLongW
FindWindowExA
GetMenuItemCount
TileChildWindows
DestroyAcceleratorTable
GetSystemMenu
InsertMenuW
DialogBoxIndirectParamA
CharToOemA
SetLayeredWindowAttributes
HideCaret
CreateIconIndirect
DrawTextExA
RemoveMenu
MessageBoxExA
LookupIconIdFromDirectory
DestroyCursor
LookupIconIdFromDirectoryEx
GetClassWord
GetFocus
GetSysColor
SendMessageCallbackW
TileWindows
SystemParametersInfoW
AnimateWindow
GetClassNameW
SendMessageTimeoutW
StartDocPrinterW
GetPrintProcessorDirectoryW
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH AUS 10
ExifTool file metadata
CodeSize
148480

SubsystemVersion
4.0

LinkerVersion
4.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ibub Suqawo Qiserig

CharacterSet
Unicode

InitializedDataSize
179712

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
1997 Usaze Vyva. Diqary Pac Cugule.

FileVersion
8, 2, 4

TimeStamp
2011:07:30 07:58:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ivo

FileAccessDate
2014:03:24 07:27:02+01:00

ProductVersion
8, 2

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2014:03:24 07:27:02+01:00

OriginalFilename
Lmifrtrtqnu.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Apple Computer, Inc.

LegalTrademarks
Uko Uqiku Okif Funomy Luwiby Demuh Ejopu

ProductName
Osuvoka

ProductVersionNumber
8.2.0.0

EntryPoint
0x22b4e

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 4e7dc191117a6f30dd429cc619041552
SHA1 0c632e073c0c86f8d8d2f5767dc14e492f313154
SHA256 de224cd737587233cfbec4a648de36dba5f620bd44c9f35a7577a82373e202dc
ssdeep
6144:Q5RxCrqo4ydiOwSFb7JkTguBGVe4mLhlRRV9YJG90ieeZtZ4h:Q1CGoVAOwCb7JZuBGyPN9YE90ivLk

imphash 5b2a75ce048e9cb7c4da642bd3f49b1a
File size 322.0 KB ( 329728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-20 08:33:24 UTC ( 11 months, 1 week ago )
Last submission 2013-05-31 02:27:59 UTC ( 10 months, 4 weeks ago )
File names 4e7dc191117a6f30dd429cc619041552.exe
file-5504441_exe
invoice copy.exe
Ivo
invoice copy (2).exe
Lmifrtrtqnu.exe
invoicecopy2.exe
4e7dc191117a6f30dd429cc619041552_invoice copy (2).exe
4e7dc191117a6f30dd429cc619041552.malware
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications