× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9c3f08c8c8d139a1b7bdb11d8240ed0160cfc8d4fb3e2f514eefc9ab45360a0
File name: setup.exe
Detection ratio: 18 / 51
Analysis date: 2014-06-07 19:18:59 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.391115 20140607
AntiVir TR/Kazy.391115 20140607
BitDefender Gen:Variant.Kazy.391115 20140607
ByteHero Trojan.Malware.Obscu.Gen.004 20140607
Emsisoft Gen:Variant.Kazy.391115 (B) 20140607
F-Secure Gen:Variant.Kazy.391115 20140607
GData Gen:Variant.Kazy.391115 20140607
Kaspersky Trojan-Spy.Win32.Zbot.teik 20140607
Malwarebytes Spyware.Zbot.VXGen 20140607
McAfee Artemis!5E27D9A5E0A8 20140607
McAfee-GW-Edition Artemis!5E27D9A5E0A8 20140607
eScan Gen:Variant.Kazy.391115 20140607
Panda Trj/CI.A 20140607
Qihoo-360 Win32/Trojan.caa 20140607
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140607
Sophos AV Mal/Generic-S 20140607
Symantec WS.Reputation.1 20140607
TrendMicro-HouseCall TROJ_GEN.R08NH07F714 20140607
AegisLab 20140607
Yandex 20140606
AhnLab-V3 20140607
Antiy-AVL 20140607
Avast 20140607
AVG 20140607
Baidu-International 20140607
Bkav 20140606
CAT-QuickHeal 20140607
ClamAV 20140607
CMC 20140607
Commtouch 20140607
Comodo 20140607
DrWeb 20140607
ESET-NOD32 20140607
F-Prot 20140607
Fortinet 20140607
Ikarus 20140607
K7AntiVirus 20140606
K7GW 20140606
Kingsoft 20140607
Microsoft 20140607
NANO-Antivirus 20140607
Norman 20140607
nProtect 20140605
SUPERAntiSpyware 20140607
Tencent 20140607
TheHacker 20140606
TotalDefense 20140607
TrendMicro 20140607
VBA32 20140607
VIPRE 20140607
ViRobot 20140607
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1987 - 2003

Publisher Alpha Networks Inc.
Product H85Kv04Z
Original name lHBS4FA3Eo4z.exe
Internal name lHBS4FA3Eo4z.exe
File version 2.4.3.2
Description D3EsSIw3Z5
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-05 19:42:30
Entry Point 0x00008330
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegUnLoadKeyW
SetBkColor
SetBkMode
SetTextColor
LocalReAlloc
GlobalFree
WaitForSingleObject
SetEvent
IsDebuggerPresent
GlobalUnlock
LoadLibraryA
lstrlenW
GlobalSize
GetCurrentProcess
LocalAlloc
GetCommandLineW
GlobalReAlloc
UnhandledExceptionFilter
GetProcAddress
WriteProfileStringW
lstrcpynW
GetProfileStringW
lstrcpyW
CreateThread
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
IsProcessorFeaturePresent
lstrcmpW
GlobalLock
lstrcatW
LocalFree
GetProfileIntW
TerminateProcess
CreateEventW
GlobalCompact
GlobalAlloc
Sleep
IsBadStringPtrA
ResetEvent
ShellAboutW
MapWindowPoints
SetFocus
UpdateWindow
EndDialog
PostQuitMessage
HideCaret
OffsetRect
DefWindowProcW
CharNextA
CheckRadioButton
GetProcessDefaultLayout
DestroyMenu
GetMessageW
CheckMenuRadioItem
MessageBeep
LoadMenuW
GetClipboardData
GetSysColorBrush
SetCursor
SetWindowLongW
MessageBoxW
SendMessageW
GetWindowRect
RegisterClassExW
SetMenu
DialogBoxParamW
SetDlgItemInt
ChildWindowFromPoint
SetWindowPos
TranslateMessage
GetSysColor
SetProcessDefaultLayout
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
GetDlgCtrlID
CheckMenuItem
GetMenu
ShowWindow
TranslateAcceleratorW
WinHelpW
LoadStringW
SetWindowTextW
GetDlgItem
SystemParametersInfoW
EnableMenuItem
ScreenToClient
InvalidateRect
GetSubMenu
IsClipboardFormatAvailable
OpenClipboard
CallWindowProcW
IsDialogMessageW
EnableWindow
GetClientRect
GetWindowTextW
CheckDlgButton
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
CloseClipboard
DrawTextW
CharNextW
TrackPopupMenuEx
IsChild
DestroyWindow
Number of PE resources by type
RT_ACCELERATOR 4
RT_DIALOG 3
R5BIVI98 1
GMU84JG 1
HMQDMG5 1
ZF42YK091G 1
C6F7Q 1
C4E00 1
F6N3MX 1
S6VTA31D94 1
HLV05V1F97 1
K68UI69 1
H7E33UDGP2 1
F4DKL1 1
YFM1AR6 1
Q89W1V5 1
RT_VERSION 1
JT8P144058 1
S2V51M0 1
LKWT091 1
Number of PE resources by language
ENGLISH US 24
CHINESE *unknown* 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.4.3.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

InitializedDataSize
1608192

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1987 - 2003

FileVersion
2.4.3.2

TimeStamp
2014:06:05 20:42:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
lHBS4FA3Eo4z.exe

FileAccessDate
2014:06:07 20:19:10+01:00

ProductVersion
2.4.3.2

FileDescription
D3EsSIw3Z5

OSVersion
5.1

FileCreateDate
2014:06:07 20:19:10+01:00

OriginalFilename
lHBS4FA3Eo4z.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alpha Networks Inc.

CodeSize
286720

ProductName
H85Kv04Z

ProductVersionNumber
2.4.3.2

EntryPoint
0x8330

ObjectFileType
Executable application

File identification
MD5 5e27d9a5e0a818a1a1e0982472f1008d
SHA1 e76effcd818d12c1c48c0a6204ab7296b746f519
SHA256 e9c3f08c8c8d139a1b7bdb11d8240ed0160cfc8d4fb3e2f514eefc9ab45360a0
ssdeep
6144:26lrjqxpwT/jfuhPLnHKtxNuPr2FhsVoG8H66Sz9k8LOZZF39Th+TooGA+GdR:2yjvjsrqLNsryFS5FiL99l+ToJ5G

imphash 2a377858d17cbef4a126712c4a3cf807
File size 422.5 KB ( 432640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-07 18:32:32 UTC ( 4 years, 9 months ago )
Last submission 2014-06-07 19:18:59 UTC ( 4 years, 9 months ago )
File names setup.exe
lHBS4FA3Eo4z.exe
vt-upload-qbu46
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.