× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de42dcfdbb46dab26c5a1b79ae5890c4ca115846636798e57cce48949c143918
File name: BYVAZID1MIRBOILO7
Detection ratio: 41 / 51
Analysis date: 2014-06-08 15:38:43 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1569407 20140608
Yandex TrojanSpy.Zbot!xjIsTi6muDc 20140608
AhnLab-V3 Trojan/Win32.Tenagour 20140608
AntiVir TR/Dropper.VB.11320 20140608
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140608
Avast Win32:Rootkit-gen [Rtk] 20140608
AVG PSW.Generic12.ACKY 20140608
Baidu-International Trojan.Win32.Zbot.ARve 20140608
BitDefender Trojan.GenericKD.1569407 20140608
ByteHero Virus.Win32.Heur.p 20140608
CAT-QuickHeal TrojanPWS.Zbot.r3 20140607
Commtouch W32/Trojan.GGOD-0677 20140608
Comodo UnclassifiedMalware 20140608
Emsisoft Trojan.GenericKD.1569407 (B) 20140608
ESET-NOD32 Win32/Spy.Zbot.YW 20140608
F-Secure Trojan.GenericKD.1569407 20140608
Fortinet W32/Zbot.RNTL!tr 20140608
GData Trojan.GenericKD.1569407 20140608
Ikarus Trojan.Win32.Sharik 20140608
K7AntiVirus Trojan ( 00495a211 ) 20140606
K7GW Trojan ( 050000001 ) 20140606
Kaspersky Trojan-Spy.Win32.Zbot.rntl 20140608
Kingsoft Win32.Troj.Zbot.RN.(kcloud) 20140608
Malwarebytes Trojan.LVBP 20140608
McAfee RDN/Generic PWS.y!yq 20140608
McAfee-GW-Edition RDN/Generic PWS.y!yq 20140608
Microsoft PWS:Win32/Zbot 20140608
eScan Trojan.GenericKD.1569407 20140608
NANO-Antivirus Trojan.Win32.Zbot.cvjifg 20140608
Norman VBInject.OJX 20140608
nProtect Trojan.GenericKD.1569407 20140608
Panda Trj/CI.A 20140608
Qihoo-360 Win32/Trojan.Dropper.2c5 20140608
Rising PE:Trojan.Win32.Generic.1675A24B!376808011 20140607
Sophos Mal/VB-ALM 20140608
Symantec WS.Reputation.1 20140608
Tencent Win32.Trojan-spy.Zbot.Swvb 20140608
TrendMicro TSPY_ZBOT.TZABC 20140608
TrendMicro-HouseCall TSPY_ZBOT.TZABC 20140608
VBA32 TrojanSpy.Zbot 20140607
VIPRE Trojan.Win32.Generic!BT 20140608
AegisLab 20140608
Bkav 20140606
ClamAV 20140608
CMC 20140607
DrWeb 20140608
F-Prot 20140608
SUPERAntiSpyware 20140607
TheHacker 20140606
TotalDefense 20140608
ViRobot 20140608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Flash
Product Flash game jikverc gf ds zstf gfv ik vcetu necry muny.
Original name BYVAZID1MIRBOILO7.exe
Internal name BYVAZID1MIRBOILO7
File version 1.00.0032
Comments Flash game jikverc gf ds zstf gfv ik vcetu necry muny.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-15 14:57:39
Entry Point 0x00001804
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
__vbaInputFile
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaRedim
__vbaVarSetObj
_adj_fdiv_r
_allmul
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaI4Var
__vbaAryCopy
__vbaFreeStr
__vbaLateIdCallLd
__vbaVarNot
__vbaStrI2
__vbaStrI4
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(531)
__vbaLenBstr
__vbaResume
__vbaRedimPreserve
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaUbound
__vbaVarSetObjAddref
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
_CIsin
_CIsqrt
EVENT_SINK_Release
__vbaVarTstEq
__vbaFreeVarg
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaVarLateMemCallSt
__vbaChkstk
__vbaPrintFile
Ord(570)
__vbaErase
__vbaVarLateMemSt
__vbaFreeObjList
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
Ord(713)
__vbaVarMove
__vbaStrUI1
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
Ord(685)
__vbaVarCmpEq
_adj_fpatan
EVENT_SINK_AddRef
__vbaObjIs
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaCastObjVar
Ord(526)
__vbaAryLock
__vbaVarCopy
_CIatan
__vbaLateMemCall
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
GetUserNameA
TextOutA
CallWindowProcW
InternetGetLastResponseInfoA
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
jikvercgfdszstfgfvikvcetunecrymuny
nProductName

SubsystemVersion
4.0

Comments
Flash game jikverc gf ds zstf gfv ik vcetu necry muny.

InitializedDataSize
12288

ImageVersion
1.0

FileVersionNumber
1.0.0.32

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

AZID1MIRBOILO7
T,OriginalFilename

MIMEType
application/octet-stream

TimeStamp
2014:02:15 15:57:39+01:00

FileType
Win32 EXE

PEType
PE32

shgamejikvercgfdszstfgfvikvcetunecrymuny
4FileVersion

FileAccessDate
2014:06:08 16:39:15+01:00

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2014:06:08 16:39:15+01:00

FileOS
Win32

Subsystem
Windows GUI

Tag00032
D$InternalName

MachineType
Intel 386 or later, and compatibles

CompanyName
Flash

CodeSize
53248

FileSubtype
0

ProductVersionNumber
1.0.0.32

EntryPoint
0x1804

ObjectFileType
Executable application

File identification
MD5 597b07968bb66f04cbb75737073ceeab
SHA1 4bf3f6b67055df5bc8ff74ad9e1bb730ba421975
SHA256 de42dcfdbb46dab26c5a1b79ae5890c4ca115846636798e57cce48949c143918
ssdeep
3072:xqX8i6d7veOZScCZSDcaqzpUzzeRjLz9XXPv6UMHyKXkRk6:xkf6d5Ceg9UzQvNXqU0yKXkRv

imphash 8f9c3b94db0d5f57f219c324e1d67dd1
File size 207.1 KB ( 212078 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-18 19:58:22 UTC ( 3 years, 2 months ago )
Last submission 2014-02-19 04:47:30 UTC ( 3 years, 2 months ago )
File names 20710341
BYVAZID1MIRBOILO7.exe
7b1be5ac56ddb7ef757064ba84cfb6f9da8bc38a
output.20710341.txt
BYVAZID1MIRBOILO7
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.