× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e666255c7570c75a8827eb3472fda80f3562510f843fa3c23d7d2ff43785a8bd
File name: uzog.exe
Detection ratio: 25 / 43
Analysis date: 2012-10-02 07:02:17 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
Yandex TrojanSpy.Zbot!w36nUEvM/cM 20121001
AhnLab-V3 Spyware/Win32.Zbot 20121001
AntiVir TR/Spy.ZBot.plc.1 20121001
Avast Win32:Zbot-PLC [Trj] 20121001
AVG Win32/Cryptor 20121001
BitDefender Trojan.Generic.KDV.732391 20121001
DrWeb Trojan.PWS.Panda.2005 20121001
ESET-NOD32 Win32/Spy.Zbot.AAO 20121001
F-Secure Trojan.Generic.KDV.732391 20121001
GData Trojan.Generic.KDV.732391 20121001
Ikarus Virus.Win32.Cryptor 20121001
Jiangmin TrojanSpy.Zbot.cfls 20121001
K7AntiVirus Spyware 20121001
Kaspersky Trojan-Spy.Win32.Zbot.ewpv 20121001
Kingsoft Win32.Troj.Zbot.(kcloud) 20120925
McAfee PWS-Zbot.gen.ame 20121001
McAfee-GW-Edition PWS-Zbot.gen.ame 20121001
Microsoft PWS:Win32/Zbot 20121001
nProtect Trojan/W32.Agent.159744.AVM 20121001
Panda Trj/Genetic.gen 20121001
PCTools Trojan-PSW.Generic!rem 20121001
Sophos AV Mal/EncPk-AGT 20121001
Symantec Infostealer 20121001
TheHacker Trojan/Spy.Zbot.ewpv 20121001
VIPRE Trojan.Win32.Generic!BT 20121001
Antiy-AVL 20121001
ByteHero 20120918
CAT-QuickHeal 20121001
ClamAV 20121001
Commtouch 20121001
Comodo 20121001
Emsisoft 20120919
eSafe 20120927
F-Prot 20120926
Fortinet 20121001
Norman 20121001
Rising 20120928
SUPERAntiSpyware 20120911
TotalDefense 20121001
TrendMicro 20121001
TrendMicro-HouseCall 20121001
VBA32 20121001
ViRobot 20121001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product FmBeR5pM0l3qgewbDJEDTK0zRx1Au6CzRqjmdqtUc0v
Original name cyh75lMlEqeLbXV.exe
File version 3.51.899.75
Description Ft4215opMXkGADiKCRGSMAj6y10
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-21 00:47:26
Entry Point 0x00005E30
Number of sections 4
PE sections
Overlays
MD5 f420d01cdf909fc8dc8d1683a0280104
File type data
Offset 158720
Size 1024
Entropy 7.81
PE imports
GetLastError
HeapFree
VirtualAllocEx
FileTimeToSystemTime
GetThreadPriorityBoost
EnumResourceLanguagesA
ScrollConsoleScreenBufferA
GetOEMCP
GlobalFindAtomA
GetTickCount
GetCommMask
GlobalUnfix
WaitForSingleObjectEx
SetConsoleScreenBufferSize
IsDBCSLeadByte
CreateRemoteThread
FreeEnvironmentStringsA
GetQueuedCompletionStatus
FindFirstFileExW
UnlockFile
GetLogicalDriveStringsW
GetLocaleInfoA
GetFileSizeEx
GetCalendarInfoW
SetConsoleCursor
SetHandleCount
SetProcessAffinityMask
CopyFileExW
GetConsoleScreenBufferInfo
lstrcpyA
AddAtomW
EnumResourceTypesA
GetProfileStringW
lstrlenA
CreateSemaphoreA
CreateThread
DeleteVolumeMountPointW
GetModuleHandleA
IsSystemResumeAutomatic
GetCommTimeouts
GetExitCodeThread
ReadConsoleOutputCharacterW
WriteFile
FindNextVolumeMountPointW
HeapValidate
MapUserPhysicalPagesScatter
IsProcessorFeaturePresent
DeleteTimerQueueTimer
ExitThread
GetDiskFreeSpaceA
SetThreadExecutionState
SetVolumeLabelW
GetCompressedFileSizeA
MoveFileA
IsBadHugeWritePtr
CreateProcessA
RemoveDirectoryA
SetCommConfig
RtlFillMemory
GetEnvironmentVariableA
FindResourceW
RtlMoveMemory
AllocConsole
GetConsoleDisplayMode
WriteProfileSectionW
IsBadStringPtrA
QueueUserWorkItem
OpenEventA
GetStartupInfoA
WriteConsoleW
CreateHardLinkW
_wexecl
_mbsncpy
_sleep
__p__fmode
wcstoul
_spawnl
_wgetdcwd
_aligned_offset_realloc
_ultow
strtoul
_ismbcl2
_getch
_wfullpath
_wexecvp
feof
_wspawnle
strchr
_creat
raise
_wfindnext
_sys_nerr
_chdir
__p__commode
sqrt
_heapwalk
_get_osfhandle
_adj_fdivr_m16i
_chgsign
abs
exit
_XcptFilter
_mbsnbcnt
_safe_fprem
_spawnvp
_utime
_mbsspnp
_acmdln
_wunlink
_aligned_malloc
__set_app_type
_exit
_adjust_fdiv
__setusermatherr
_ismbbkalnum
gmtime
_splitpath
_strupr
iswxdigit
_cgets
_putw
_aligned_offset_malloc
sinh
__getmainargs
_wgetcwd
setbuf
_write
_callnewh
_locking
_wstati64
_fputchar
_except_handler3
_wremove
_resetstkoflw
_aexit_rtn
_mbctombb
_setjmp
_wmkdir
strcpy
_findnext64
_findnexti64
_initterm
_controlfp
isupper
strftime
_iob
CharPrevA
GetMonitorInfoW
GetClassInfoExW
DdeConnect
GetKeyboardLayoutNameA
IntersectRect
GetScrollInfo
EqualRect
EnumWindows
EndDialog
SetLastErrorEx
ValidateRgn
ShowWindowAsync
GetMessageW
LockSetForegroundWindow
wvsprintfW
EnumDisplayMonitors
DdeDisconnect
DdeCreateStringHandleA
GetLastInputInfo
InflateRect
LookupIconIdFromDirectory
RegisterClipboardFormatA
IsRectEmpty
CharUpperBuffA
LoadKeyboardLayoutW
ChangeMenuW
CharToOemBuffW
SetProcessWindowStation
mouse_event
LoadCursorFromFileW
MsgWaitForMultipleObjectsEx
SwapMouseButton
GetMenuItemID
GetAsyncKeyState
DdeQueryNextServer
SetClassWord
wvsprintfA
EnumDisplayDevicesA
MessageBoxExW
GetWindowPlacement
SendDlgItemMessageW
UnpackDDElParam
DefWindowProcW
GetInputDesktop
GetDC
UpdateWindow
LoadImageW
DrawFrame
SetCaretBlinkTime
CharNextA
DeferWindowPos
EnumClipboardFormats
IsWindowUnicode
LoadIconW
EnumPropsW
GetTabbedTextExtentW
CloseClipboard
CreateAcceleratorTableA
ReplyMessage
DialogBoxIndirectParamA
Number of PE resources by type
RT_DIALOG 4
RT_BITMAP 3
RT_STRING 2
RT_MENU 2
kE 1
RT_VERSION 1
Struct(285) 1
Number of PE resources by language
RUSSIAN 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.51.899.75

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ft4215opMXkGADiKCRGSMAj6y10

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
163840

EntryPoint
0x5e30

OriginalFileName
cyh75lMlEqeLbXV.exe

MIMEType
application/octet-stream

FileVersion
3.51.899.75

TimeStamp
2005:05:21 01:47:26+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.51.899.75

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
78336

ProductName
FmBeR5pM0l3qgewbDJEDTK0zRx1Au6CzRqjmdqtUc0v

ProductVersionNumber
3.51.899.75

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 74f4e67e1202b61978136e56461e7e09
SHA1 7b6bf83aa5a8a167575de5ff84baa120e6ae320f
SHA256 e666255c7570c75a8827eb3472fda80f3562510f843fa3c23d7d2ff43785a8bd
ssdeep
3072:e+5I4aBc53rhiC9pdTvfqRPEnKZxuxtcl7DD3BtQC1a/:eIrxvRfqRPESutu7DDxt3A/

authentihash 0d8fcac96c111a1ec5ee745245fa41329b9b5178fcf40715d01cb0e4bae6a68f
imphash ef164725c79a111354648c4675051085
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-10-02 07:02:17 UTC ( 6 years, 5 months ago )
Last submission 2019-02-06 16:39:45 UTC ( 1 month, 1 week ago )
File names uzog.exe
e666255c7570c75a8827eb3472fda80f3562510f843fa3c23d7d2ff43785a8bd.bin
aa
74F4E67E1202B61978136E56461E7E09.exe
1349380769.uzog.exe
WovC59oQ.rar
cyh75lMlEqeLbXV.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.