× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5c3edb0433cbb09cda7a0b62441a1d7c7dd6f10e954ac00dc2df8073cf5ccf1
File name: Puhu.exe
Detection ratio: 30 / 57
Analysis date: 2015-02-27 06:52:38 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2183622 20150228
AhnLab-V3 Trojan/Win32.Zbot 20150227
ALYac Trojan.GenericKD.2183622 20150228
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150228
Avast Win32:Malware-gen 20150228
AVG Inject2.BQBA 20150228
Avira (no cloud) TR/Agent.426496.37 20150228
Baidu-International Trojan.Win32.Zbot.vbmw 20150228
BitDefender Trojan.GenericKD.2183622 20150228
DrWeb Trojan.PWS.Panda.7708 20150228
Emsisoft Trojan.GenericKD.2183622 (B) 20150228
ESET-NOD32 a variant of Win32/Kryptik.CZMD 20150228
F-Secure Trojan.GenericKD.2183622 20150228
Fortinet W32/Zbot.CZMD!tr 20150228
GData Trojan.GenericKD.2183622 20150228
Ikarus Trojan.Win32.Crypt 20150228
K7AntiVirus Trojan ( 004b6cbd1 ) 20150228
K7GW Trojan ( 004b6cbd1 ) 20150228
Kaspersky Trojan-Spy.Win32.Zbot.vbmw 20150228
Malwarebytes Trojan.Krypt 20150228
McAfee GenericR-DAR!D4388A52E8DA 20150228
McAfee-GW-Edition BehavesLike.Win32.Trojan.gh 20150228
Microsoft PWS:Win32/Zbot.gen!VM 20150228
eScan Trojan.GenericKD.2183622 20150228
NANO-Antivirus Trojan.Win32.Zbot.dofraz 20150228
nProtect Trojan.GenericKD.2183622 20150227
Panda Trj/Genetic.gen 20150227
Sophos AV Mal/Generic-S 20150228
Symantec Trojan.Gen 20150228
TrendMicro-HouseCall TROJ_GEN.R047H07BO15 20150228
AegisLab 20150228
Yandex 20150226
Alibaba 20150228
AVware 20150228
Bkav 20150228
ByteHero 20150228
CAT-QuickHeal 20150227
ClamAV 20150228
CMC 20150227
Comodo 20150228
Cyren 20150228
F-Prot 20150228
Jiangmin 20150227
Kingsoft 20150228
Norman 20150228
Qihoo-360 20150228
Rising 20150227
SUPERAntiSpyware 20150228
Tencent 20150228
TheHacker 20150227
TotalDefense 20150227
TrendMicro 20150228
VBA32 20150227
VIPRE 20150228
ViRobot 20150228
Zillya 20150228
Zoner 20150227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-23 11:08:53
Entry Point 0x00003540
Number of sections 5
PE sections
PE imports
ConvertSidToStringSidA
AllocateAndInitializeSid
CryptAcquireContextA
CryptCreateHash
GetObjectA
CreateBitmapIndirect
SetMapMode
DeleteDC
GetBitmapBits
GetMapMode
GetStockObject
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
GetTextExtentPoint32W
CreateCompatibleBitmap
SetTextColor
DPtoLP
GetNetworkParams
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
OutputDebugStringW
GetSystemInfo
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
lstrlenW
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetHandleCount
GetModuleHandleW
HeapQueryInformation
WriteConsoleW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
InitializeCriticalSection
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
HeapValidate
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
OutputDebugStringA
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
GlobalAlloc
TlsGetValue
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
IsBadReadPtr
ExitProcess
GetFileSize
SetLastError
LeaveCriticalSection
OleCreatePictureIndirect
GetProcessMemoryInfo
Shell_NotifyIconA
DrawTextA
SetWindowTextA
LoadIconA
GetWindowRect
FillRect
LoadMenuA
GetClassInfoA
GetDlgItem
GetWindowLongA
DefWindowProcA
ReleaseDC
UnregisterClassA
EnableMenuItem
RegisterClassA
SetRect
GetDC
SetWindowRgn
WinHttpSetTimeouts
GdiplusStartup
CoCreateGuid
CoDosDateTimeToFileTime
CoInitialize
Number of PE resources by type
RT_DIALOG 13
RT_MENU 12
RT_BITMAP 9
RT_STRING 8
RT_ICON 6
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 51
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:02:23 12:08:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
107520

LinkerVersion
10.0

EntryPoint
0x3540

InitializedDataSize
317952

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d4388a52e8da1516e2da9050729807b5
SHA1 ce9509b97c51f81b7dea2fc8666e3e614f8326e8
SHA256 e5c3edb0433cbb09cda7a0b62441a1d7c7dd6f10e954ac00dc2df8073cf5ccf1
ssdeep
6144:y2cTuhXUMWXh9PGG3WUte48jwsQPMCuVTq+hZhR57cyHXmvWA3BoCf32j+43:y2cToDWXh9PjftWz4MXjhZhrY3d3Yj3

authentihash 46dd38dca1c814f1f361433af3f3f61de68de891ca25459bb189a17dd3e3a70a
imphash 5105e37a36e1b8d2e2ac856ad62d484b
File size 416.5 KB ( 426496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-24 05:38:09 UTC ( 4 years ago )
Last submission 2015-02-24 05:38:09 UTC ( 4 years ago )
File names Puhu.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.