× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec856dc0fc7280c4d73fe4cb313edf40d8e329c82e6e92cfd7e22b268b4e55e5
File name: vt-upload-YqlFU
Detection ratio: 18 / 54
Analysis date: 2014-06-15 09:38:29 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Dropper/Win32.Necurs 20140614
AntiVir TR/Crypt.Xpack.69742 20140615
Avast Win32:Rootkit-gen [Rtk] 20140615
AVG Zbot.JWF 20140615
ESET-NOD32 Win32/Spy.Zbot.ABS 20140615
Fortinet W32/Zbot.ABS!tr.spy 20140615
GData Win32.Trojan.Agent.USSRSG 20140615
Kaspersky Trojan-Spy.Win32.Zbot.tfds 20140615
Malwarebytes Spyware.Zbot.ED 20140615
McAfee PWSZbot-FXE!5F682455C952 20140615
McAfee-GW-Edition PWSZbot-FXE!5F682455C952 20140614
Microsoft VirTool:Win32/CeeInject.gen!KK 20140615
Panda Trj/CI.A 20140614
Qihoo-360 HEUR/Malware.QVM07.Gen 20140615
Sophos AV Mal/Generic-S 20140615
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140615
TrendMicro-HouseCall TROJ_GEN.R0CBB01FD14 20140615
VIPRE Trojan.Win32.Generic.pak!cobra 20140615
Ad-Aware 20140615
AegisLab 20140615
Yandex 20140614
Antiy-AVL 20140611
Baidu-International 20140615
BitDefender 20140615
Bkav 20140614
ByteHero 20140615
CAT-QuickHeal 20140614
ClamAV 20140615
CMC 20140613
Commtouch 20140615
Comodo 20140615
DrWeb 20140615
Emsisoft 20140615
F-Prot 20140615
F-Secure 20140615
Ikarus 20140615
Jiangmin 20140615
K7AntiVirus 20140613
K7GW 20140613
Kingsoft 20140615
eScan 20140615
NANO-Antivirus 20140615
Norman 20140615
nProtect 20140615
Rising 20140614
SUPERAntiSpyware 20140614
Symantec 20140615
TheHacker 20140612
TotalDefense 20140615
TrendMicro 20140615
VBA32 20140613
ViRobot 20140615
Zillya 20140614
Zoner 20140613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-25 04:56:00
Entry Point 0x000028A0
Number of sections 4
PE sections
PE imports
GetStartupInfoA
GetModuleFileNameW
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(5252)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(2124)
Ord(540)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(2494)
Ord(796)
Ord(4353)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5277)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(1200)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(6375)
Ord(2621)
Ord(2370)
Ord(1726)
Ord(560)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(4376)
Ord(2626)
Ord(1776)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4615)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4543)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(860)
Ord(5731)
__p__fmode
__CxxFrameHandler
_wfopen
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_mbscmp
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
_acmdln
_adjust_fdiv
__getmainargs
_exit
_setmbcp
_initterm
_controlfp
__set_app_type
EnableWindow
UpdateWindow
Number of PE resources by type
RT_STRING 13
RT_DIALOG 2
RT_ICON 1
Struct(241) 1
RT_MENU 1
Struct(18) 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 19
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:25 05:56:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
7.0

EntryPoint
0x28a0

InitializedDataSize
229376

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5f682455c9522a49d42bc5980d462a92
SHA1 80cd2a2b003adc181f87730fe757f372a1dcd53f
SHA256 ec856dc0fc7280c4d73fe4cb313edf40d8e329c82e6e92cfd7e22b268b4e55e5
ssdeep
6144:SaIdkma6k7FG5tE4Y+RCKceJr3Cad0kwxFyN6jP1:SVkma64FAE4YEvJ+y0IK1

authentihash 52ddc1936052a5541995e5142158509cc914478814520c64433bc1e046a09995
imphash 373c76dd9bb0bb6b0ae825b0203b86b8
File size 236.5 KB ( 242176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-15 09:38:29 UTC ( 4 years, 9 months ago )
Last submission 2014-06-15 09:38:29 UTC ( 4 years, 9 months ago )
File names ec856dc0fc7280c4d73fe4cb313edf40d8e329c82e6e92cfd7e22b268b4e55e5.exe
vt-upload-YqlFU
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.