× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: edb7654ed108d1745d4689d9937af00a38ead046792eb91085a69c1335981e55
File name: 8a10e6c52c6f9e35ad94c8d583606530
Detection ratio: 32 / 52
Analysis date: 2014-05-10 17:48:33 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.365269 20140510
Yandex Trojan.Foreign!IUGrPnITPf8 20140510
AntiVir TR/PSW.Zbot.Y.1942 20140510
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20140510
AVG Zbot.HWF 20140510
Baidu-International Trojan.Win32.Zbot.AAQ 20140510
BitDefender Gen:Variant.Kazy.365269 20140510
Bkav HW32.CDB.9d56 20140509
Emsisoft Gen:Variant.Kazy.365269 (B) 20140510
ESET-NOD32 Win32/Spy.Zbot.AAQ 20140510
F-Secure Gen:Variant.Kazy.365269 20140510
Fortinet W32/Foreign.AAQ!tr 20140510
GData Gen:Variant.Kazy.365269 20140510
Ikarus Trojan-PWS.Win32.Zbot 20140510
K7AntiVirus Spyware ( 003783441 ) 20140509
K7GW Spyware ( 003783441 ) 20140509
Kaspersky Trojan-Ransom.Win32.Foreign.krcw 20140510
Malwarebytes Spyware.Zbot.VXGen 20140510
McAfee RDN/Generic PWS.y!zh 20140510
McAfee-GW-Edition RDN/Generic PWS.y!zh 20140510
Microsoft PWS:Win32/Zbot.gen!Y 20140510
eScan Gen:Variant.Kazy.365269 20140510
Norman ZBot.SXEN 20140510
Panda Trj/CI.A 20140510
Qihoo-360 Win32/Trojan.PSW.151 20140510
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140507
Sophos AV Mal/Generic-S 20140510
Symantec Trojan.Zbot 20140510
TrendMicro TROJ_GEN.R021C0SDT14 20140510
TrendMicro-HouseCall TROJ_GEN.R021C0SDT14 20140510
VBA32 BScope.Trojan.MTA.0661 20140510
VIPRE Trojan.Win32.Generic!BT 20140510
AegisLab 20140510
AhnLab-V3 20140510
Avast 20140510
ByteHero 20140510
CAT-QuickHeal 20140510
ClamAV 20140510
CMC 20140506
Commtouch 20140510
Comodo 20140510
DrWeb 20140510
F-Prot 20140510
Jiangmin 20140510
Kingsoft 20140510
NANO-Antivirus 20140510
nProtect 20140509
SUPERAntiSpyware 20140510
TheHacker 20140510
TotalDefense 20140510
ViRobot 20140510
Zillya 20140510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 1997 Ogake Aqo. . Omimo Debowe Jumevo.

Publisher Software Innovations UK Limited
Product Aco
Original name Dlluwluop.exe
Internal name Tucaler
File version 1, 9, 8
Description Iriv Axohif Amul
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-20 08:44:06
Entry Point 0x000157F0
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
PeekNamedPipe
GetStdHandle
GetExitCodeProcess
DefineDosDeviceA
CreateNamedPipeA
CreateJobObjectA
EnumTimeFormatsW
GetVolumeInformationA
OpenFileMappingW
CommConfigDialogW
FindNextVolumeW
CreateIoCompletionPort
WritePrivateProfileSectionA
DebugBreak
GetFileTime
GlobalAddAtomW
GetDiskFreeSpaceW
GetProcessPriorityBoost
GetStringTypeW
SetPriorityClass
GetNumberFormatA
WriteProfileSectionW
GetPrivateProfileSectionA
LocalShrink
FindFirstVolumeMountPointA
GetNumberFormatW
DdeDisconnectList
GetForegroundWindow
EndPaint
UpdateWindow
IntersectRect
EndDialog
BeginPaint
GetMessageW
OffsetRect
DefWindowProcW
ReleaseCapture
CheckRadioButton
PostQuitMessage
ShowWindow
GetParent
GetSystemMetrics
EnableMenuItem
MessageBoxW
SendMessageW
GetWindowRect
FrameRect
SetCapture
MoveWindow
DialogBoxParamW
MessageBoxA
ChildWindowFromPoint
TranslateMessage
GetDlgItemTextW
PostMessageW
DispatchMessageW
CheckDlgButton
GetDC
ReleaseDC
GetMenu
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
GetClientRect
GetDlgItem
DrawTextW
UnionRect
IsIconic
InvertRect
SetRect
InvalidateRect
GetSubMenu
SetTimer
FillRect
IsDlgButtonChecked
SetDlgItemTextW
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
wsprintfW
PeekMessageW
DestroyWindow
PtInRect
Number of PE resources by type
RT_RCDATA 203
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 204
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:05:20 09:44:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
94208

LinkerVersion
6.0

FileAccessDate
2014:05:10 18:55:25+01:00

EntryPoint
0x157f0

InitializedDataSize
577536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
6.1

FileCreateDate
2014:05:10 18:55:25+01:00

UninitializedDataSize
0

File identification
MD5 8a10e6c52c6f9e35ad94c8d583606530
SHA1 c76c6aaf6f0e5c7b527d0bb4e290b64c8256bd5c
SHA256 edb7654ed108d1745d4689d9937af00a38ead046792eb91085a69c1335981e55
ssdeep
6144:cmHQa2iqCZDF71U0xMYThQCM8J8LanhpituiWXSajoozbfNnKm:XHj2iqwR71xMYTaCM8iunhUotbXHFnK

imphash 7c85ea02278b1a58107f669eff4ee3cf
File size 314.5 KB ( 322048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-02 21:05:23 UTC ( 4 years, 10 months ago )
Last submission 2014-05-10 17:48:33 UTC ( 4 years, 10 months ago )
File names G5EfMvJ.vsd
8a10e6c52c6f9e35ad94c8d583606530
Tucaler
Dlluwluop.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.