× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df4feca39bf3c8d74b88dd60a4df68c6718bc468d702ee2bc307f5c62cc5143b
File name: bytele
Detection ratio: 43 / 51
Analysis date: 2014-04-08 02:12:58 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Encpk.Gen.4 20140408
Yandex Trojan.PWS.Fareit!aZ+TqbskNS0 20140407
AhnLab-V3 Trojan/Win32.VBKrypt 20140407
AntiVir BDS/Androm.yhty 20140408
Antiy-AVL Trojan[PSW]/Win32.Fareit 20140407
Avast Win32:Downloader-UPK [Trj] 20140407
AVG Zbot.DQG 20140407
Baidu-International Trojan.Win32.InfoStealer.AFAn 20140407
BitDefender Trojan.Encpk.Gen.4 20140408
ByteHero Virus.Win32.Heur.p 20140408
CMC Heur.Win32.Veebee.1!O 20140407
Commtouch W32/Trojan.MGRH-7934 20140408
Comodo TrojWare.Win32.Injector.AQJJ 20140408
DrWeb BackDoor.Tishop.85 20140408
Emsisoft Trojan.Encpk.Gen.4 (B) 20140408
ESET-NOD32 a variant of Win32/Injector.ARIF 20140408
F-Prot W32/Trojan2.OBEX 20140408
F-Secure Trojan.Encpk.Gen.4 20140408
Fortinet W32/Injector.ATCM!tr 20140407
GData Trojan.Encpk.Gen.4 20140408
Ikarus Trojan.VBInject 20140408
Jiangmin Trojan/PSW.Fareit.dtc 20140407
K7AntiVirus Trojan ( 0048f8871 ) 20140407
K7GW Trojan ( 0048f8871 ) 20140407
Kaspersky Trojan-PSW.Win32.Fareit.ammm 20140408
Kingsoft Win32.PSWTroj.Undef.(kcloud) 20140408
Malwarebytes Trojan.LVBP.RV 20140408
McAfee Artemis!E0A41A9B4181 20140408
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140408
Microsoft VirTool:Win32/VBInject.ACH 20140408
eScan Trojan.Encpk.Gen.4 20140408
NANO-Antivirus Trojan.Win32.Fareit.crmxkp 20140408
nProtect Trojan.Encpk.Gen.4 20140408
Panda Generic Malware 20140407
Qihoo-360 Malware.QVM18.Gen 20140408
Sophos Troj/Agent-ADBJ 20140408
Symantec Trojan.Zbot 20140408
TheHacker Trojan/Injector.arif 20140407
TotalDefense Win32/Inject.BGM 20140407
TrendMicro TROJ_SPNR.0BA214 20140408
TrendMicro-HouseCall TROJ_SPNR.0BA214 20140408
VBA32 TrojanPSW.Fareit 20140407
VIPRE Trojan.Win32.Fareit.sr (v) 20140407
AegisLab 20140408
Bkav 20140407
CAT-QuickHeal 20140407
ClamAV 20140408
Norman 20140407
Rising 20140406
SUPERAntiSpyware 20140408
ViRobot 20140407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher knjjnbhvgt
Product guytbhgynbv
Original name bytele.exe
Internal name bytele
File version 1.04.0001
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-18 08:19:44
Entry Point 0x00033DE0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(616)
SystemParametersInfoA
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
126976

InitializedDataSize
4096

ImageVersion
117.4

ProductName
guytbhgynbv

FileVersionNumber
1.4.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.04.0001

TimeStamp
2013:11:18 09:19:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bytele

FileAccessDate
2014:04:08 03:19:47+01:00

ProductVersion
1.04.0001

SubsystemVersion
4.0

OSVersion
4.29952

FileCreateDate
2014:04:08 03:19:47+01:00

OriginalFilename
bytele.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
knjjnbhvgt

CodeSize
86016

FileSubtype
0

ProductVersionNumber
1.4.0.1

EntryPoint
0x33de0

ObjectFileType
Executable application

File identification
MD5 e0a41a9b41813056eadc6bcc137d6448
SHA1 49658685bb6f3c97a7cd664a924e4a6f0b677304
SHA256 df4feca39bf3c8d74b88dd60a4df68c6718bc468d702ee2bc307f5c62cc5143b
ssdeep
6144:EWn17ke2d+lE22oStOz+NuRP6AkIyYAoUbO6TEgVTjiR/PGN1wGH/88jL2J2:x17e6l2oStiGWS4yYAXbO6T/FiRHG0SB

imphash d26f2866f2abe9fae713862341adbaea
File size 306.1 KB ( 313487 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-12-08 03:37:38 UTC ( 3 years, 3 months ago )
Last submission 2013-12-08 03:37:38 UTC ( 3 years, 3 months ago )
File names bytele
bytele.exe
49658685bb6f3c97a7cd664a924e4a6f0b677304
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.