× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dfab1f09e0e618c2074dbc27cd990e02299129323e07c302e9e0903641395769
File name: output.36611573.txt
Detection ratio: 48 / 57
Analysis date: 2015-08-14 09:27:15 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.641005 20150814
Yandex TrojanSpy.Zbot!IhCTwH5LW9U 20150813
AhnLab-V3 Dropper/Win32.Necurs 20150813
ALYac Gen:Variant.Kazy.641005 20150813
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150814
Avast Win32:Kryptik-PKR [Trj] 20150814
AVG Win32/Cryptor 20150814
Avira (no cloud) TR/Crypt.ZPACK.93068 20150813
AVware Trojan.Win32.Generic!BT 20150814
Baidu-International Trojan.Win32.Zbot.tsew 20150814
BitDefender Gen:Variant.Kazy.641005 20150814
CAT-QuickHeal Trojan.Lethic.B5 20150814
ClamAV Win.Trojan.Agent-762342 20150814
Comodo UnclassifiedMalware 20150814
Cyren W32/Powessere.A.gen!Eldorado 20150814
DrWeb Trojan.PWS.Panda.2401 20150814
Emsisoft Gen:Variant.Kazy.641005 (B) 20150814
ESET-NOD32 a variant of Win32/Injector.BJFX 20150814
F-Prot W32/Powessere.A.gen!Eldorado 20150814
F-Secure Gen:Variant.Kazy.641005 20150814
Fortinet W32/Zbot.AIEA!tr 20150813
GData Gen:Variant.Kazy.641005 20150814
Ikarus Trojan.Inject2 20150814
Jiangmin TrojanSpy.Zbot.hgrh 20150813
K7AntiVirus Trojan ( 0040f9071 ) 20150814
K7GW Trojan ( 0040f9071 ) 20150814
Kaspersky HEUR:Trojan.Win32.Generic 20150814
Kingsoft Win32.Troj.Zbot.ts.(kcloud) 20150814
Malwarebytes Trojan.Agent.VXGen 20150814
McAfee PWSZbot-FACP!9808C38A345A 20150814
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20150813
Microsoft Trojan:Win32/Bulta!rfn 20150814
eScan Gen:Variant.Kazy.641005 20150814
NANO-Antivirus Trojan.Win32.Zbot.ddqutc 20150814
nProtect Trojan-Spy/W32.ZBot.238288 20150813
Panda Trj/Genetic.gen 20150814
Qihoo-360 HEUR/Malware.QVM10.Gen 20150814
Rising PE:Trojan.Win32.Generic.1718D1EF!387502575 20150812
Sophos AV Troj/Agent-AIEA 20150814
SUPERAntiSpyware Trojan.Agent/Gen-FalComp 20150813
Symantec Infostealer 20150813
TheHacker Trojan/Injector.bjfx 20150814
TotalDefense Win32/Zbot.fVNdRJ 20150814
TrendMicro TROJ_FORUCON.BMC 20150814
TrendMicro-HouseCall TROJ_NECURS.SMJ8 20150814
VBA32 TrojanSpy.Zbot 20150814
VIPRE Trojan.Win32.Generic!BT 20150814
Zillya Trojan.Zbot.Win32.163621 20150813
AegisLab 20150814
Alibaba 20150814
Arcabit 20150814
Bkav 20150813
ByteHero 20150814
CMC 20150814
Tencent 20150814
ViRobot 20150814
Zoner 20150814
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-04 14:37:05
Entry Point 0x0000317B
Number of sections 4
PE sections
Overlays
MD5 66784a5ee5278260c1a3a45cba81e6c5
File type data
Offset 237056
Size 1232
Entropy 7.78
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegDeleteKeyW
RegSetValueW
RegQueryValueExW
RegQueryValueW
CreateDCA
CloseFigure
AddFontResourceExW
AnimatePalette
AddFontResourceW
CreateCompatibleDC
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
FindResourceExA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
MoveFileW
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
CreateRemoteThread
GetStartupInfoA
CreateDirectoryA
GetWindowsDirectoryA
GetProcAddress
FillConsoleOutputAttribute
CompareStringW
lstrcpyA
CompareStringA
GetTempFileNameA
IsValidLocale
GlobalLock
GetTimeZoneInformation
FindFirstVolumeA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetTempPathA
GetModuleFileNameA
GetShortPathNameA
CreateProcessW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
OpenEventA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ExtractIconA
DragFinish
ExtractIconW
ShellExecuteExW
ShellAboutW
DragQueryFileA
EnumPropsA
EnumDesktopsA
SetMessageQueue
UnregisterDeviceNotification
DdeQueryStringW
GetWindowTextW
DlgDirSelectExW
SubtractRect
DestroyMenu
GetFocus
ModifyMenuA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
sndPlaySoundW
ImageRvaToSection
SymGetLineFromAddr
MakeSureDirectoryPathExists
SymLoadModule
SymEnumerateModules
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
StringFromGUID2
Number of PE resources by type
RT_STRING 6
RT_FONT 1
Number of PE resources by language
NEUTRAL 6
ENGLISH PHILIPPINES 1
PE resources
ExifTool file metadata
LegalTrademarks
Industrial society principle fed orbit

SubsystemVersion
5.0

Comments
Bee pig influence

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.69.97.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Mississippi fewer Florida

CharacterSet
Unicode

InitializedDataSize
169984

EntryPoint
0x317b

OriginalFileName
Upward.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Oldest passage

FileVersion
5.69.97.0

TimeStamp
2014:08:04 15:37:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Upward.exe

ProductVersion
5.69.97.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Gasoline tightly

CodeSize
66048

ProductName
Task

ProductVersionNumber
5.69.97.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 9808c38a345ad351ab79e95e9dca58fc
SHA1 ac002d3fed2cb9fe66cb91c5981f333b6e3aee26
SHA256 dfab1f09e0e618c2074dbc27cd990e02299129323e07c302e9e0903641395769
ssdeep
6144:/KvyCVWEqRFfA4ZKdaNYRRjAWVFCP+0bVE0J:/KvEffA4wYgvVFCbuI

authentihash 325ee6798fcd3d8799e99a8c6067e80a2ba99a954551c5dfe31b89ea62ad14a9
imphash dd2b08cf0caa289114fe32f4218088b4
File size 232.7 KB ( 238288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-08-06 13:08:26 UTC ( 4 years, 6 months ago )
Last submission 2014-08-06 15:49:37 UTC ( 4 years, 6 months ago )
File names w7Uml0Gwj.xdp
swsoft.exe.bin
36611573
output.36611573.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs