× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f2615eacb2a244df524250a3aa3bd3038630cb6647e4efed6aa2cae7211bd408
File name: vt-upload-w2Cmb
Detection ratio: 27 / 53
Analysis date: 2014-05-27 08:02:47 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Jaik.1928 20140527
Yandex TrojanSpy.Zbot!jOIN/IALAdk 20140526
AntiVir TR/Jaik.1896.5 20140527
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140527
Avast Win32:Malware-gen 20140527
AVG Zbot.JDV 20140527
BitDefender Gen:Variant.Jaik.1928 20140527
Bkav HW32.CDB.6afe 20140523
CMC Packed.Win32.Obfuscated.10!O 20140526
Emsisoft Gen:Variant.Jaik.1928 (B) 20140527
ESET-NOD32 Win32/Spy.Zbot.AAO 20140526
F-Secure Gen:Variant.Jaik.1928 20140527
Fortinet W32/Agent.AAO!tr 20140527
GData Gen:Variant.Jaik.1928 20140527
Kaspersky Trojan-Spy.Win32.Zbot.sxbg 20140527
Malwarebytes Spyware.Zbot.VXGen 20140527
McAfee RDN/Generic PWS.y!zr 20140527
McAfee-GW-Edition RDN/Generic PWS.y!zr 20140526
eScan Gen:Variant.Jaik.1928 20140527
Panda Generic Malware 20140526
Qihoo-360 HEUR/Malware.QVM20.Gen 20140527
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140526
Sophos Troj/Agent-AHEG 20140527
Tencent Win32.Trojan.Bp-qqthief.Ixrn 20140527
TrendMicro TROJ_FORUCON.BMC 20140527
TrendMicro-HouseCall TROJ_FORUCON.BMC 20140527
VIPRE Trojan.Win32.Generic!BT 20140527
AegisLab 20140527
AhnLab-V3 20140526
Baidu-International 20140527
ByteHero 20140527
CAT-QuickHeal 20140526
ClamAV 20140527
Commtouch 20140527
Comodo 20140527
DrWeb 20140527
F-Prot 20140525
Ikarus 20140527
Jiangmin 20140527
K7AntiVirus 20140526
K7GW 20140526
Kingsoft 20140527
Microsoft 20140527
NANO-Antivirus 20140527
Norman 20140527
nProtect 20140526
SUPERAntiSpyware 20140526
Symantec 20140527
TheHacker 20140526
TotalDefense 20140526
VBA32 20140526
ViRobot 20140527
Zillya 20140527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Net Studio
Original name Ildgjoorm.exe
Internal name Yxezeha
File version 4, 9, 2
Description Asul Emahu Ivajog
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-05 00:04:50
Entry Point 0x00013046
Number of sections 4
PE sections
PE imports
GetUserDefaultUILanguage
GetTempFileNameW
DefineDosDeviceW
SystemTimeToFileTime
GetModuleFileNameW
GetProcessTimes
WaitForSingleObjectEx
CreateNamedPipeA
CompareFileTime
MapViewOfFileEx
SetProcessPriorityBoost
GetCommProperties
WriteFileGather
BackupWrite
DeleteFileW
GetProcessHeap
GetComputerNameExA
CreateMutexA
WaitNamedPipeW
GetModuleHandleA
IsSystemResumeAutomatic
FindNextVolumeMountPointW
GetSystemTimeAsFileTime
EnumResourceLanguagesA
lstrcmpW
IsValidLanguageGroup
FreeResource
IsValidCodePage
GlobalHandle
GetDiskFreeSpaceExW
MoveFileW
EnumDateFormatsA
ExitProcess
WNetGetConnectionW
WNetGetLastErrorA
WNetEnumResourceA
WNetGetNetworkInformationA
WNetDisconnectDialog1W
WNetAddConnection3W
WNetGetUniversalNameW
WNetSetLastErrorA
WNetAddConnection2W
WNetGetNetworkInformationW
WNetConnectionDialog
WNetSetLastErrorW
WNetCancelConnection2A
WNetGetResourceInformationA
TransmitFile
GetTypeByNameW
sethostname
GetNameByTypeW
rresvport
dn_expand
EnumProtocolsW
GetAddressByNameW
NPLoadNameSpaces
rcmd
s_perror
GetServiceW
getnetbyname
MigrateWinsockConfiguration
WSARecvEx
EnumProtocolsA
CLIPFORMAT_UserSize
CoCreateObjectInContext
OpenOrCreateStream
HENHMETAFILE_UserUnmarshal
MonikerRelativePathTo
DllDebugObjectRPCHook
OleFlushClipboard
HPALETTE_UserSize
CoRegisterMessageFilter
HWND_UserUnmarshal
StgOpenPropStg
CoGetCallContext
OleDraw
CoQueryProxyBlanket
CoTaskMemRealloc
StgConvertVariantToProperty
UtConvertDvtd32toDvtd16
SetDocumentBitStg
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CreateDataAdviseHolder
CoUninitialize
StgCreatePropStg
CoInitializeSecurity
CoDosDateTimeToFileTime
OleCreateFromFileEx
CoTaskMemFree
CoCancelCall
ResUtilGetDwordProperty
ResUtilSetPropertyTable
ResUtilDupParameterBlock
ResUtilCreateDirectoryTree
ResUtilVerifyPropertyTable
ResUtilEnumProperties
ResUtilSetPropertyParameterBlock
ResUtilSetSzValue
ClusWorkerStart
ClusWorkerCreate
ResUtilSetResourceServiceEnvironment
ResUtilFindLongProperty
ResUtilFindSzProperty
ResUtilFindDependentDiskResourceDriveLetter
ResUtilGetBinaryValue
ResUtilGetPrivateProperties
ResUtilGetResourceDependencyByClass
ResUtilExpandEnvironmentStrings
ResUtilDupString
ResUtilFreeParameterBlock
ResUtilPropertyListFromParameterBlock
ResUtilGetResourceDependentIPAddressProps
ResUtilFreeEnvironment
SamQueryInformationUser
SamDeleteGroup
SamSetSecurityObject
SamRemoveMemberFromForeignDomain
SamConnect
SamSetInformationDomain
SamQueryInformationGroup
SamCloseHandle
SamEnumerateAliasesInDomain
SamOpenGroup
SamCreateGroupInDomain
SamCreateAliasInDomain
SamCreateUser2InDomain
SamGetGroupsForUser
SamChangePasswordUser2
SamLookupDomainInSamServer
SamOpenUser
SamConnectWithCreds
SamFreeMemory
IsAsyncMoniker
RegisterMediaTypeClass
CreateFormatEnumerator
GetSoftwareUpdateInfo
GetClassURL
CopyBindInfo
CoInternetQueryInfo
CoInternetGetSession
CoInternetCreateZoneManager
URLDownloadToCacheFileA
URLOpenBlockingStreamW
RegisterMediaTypes
CoInternetParseUrl
URLDownloadToCacheFileW
ObtainUserAgentString
ReleaseBindInfo
BindAsyncMoniker
IsValidURL
CoInternetCompareUrl
SetSoftwareUpdateAdvertisementState
URLOpenPullStreamA
UrlMkBuildVersion
GetClassFileOrMime
Extract
FindMimeFromData
CoGetClassObjectFromURL
SetWindowsHookA
auxGetVolume
SendDriverMessage
mciGetErrorStringA
waveInStop
mixerGetLineControlsA
waveOutGetPosition
midiInStart
timeEndPeriod
midiStreamOut
waveOutGetPlaybackRate
waveOutMessage
waveInGetID
mmioGetInfo
auxOutMessage
mciSetDriverData
DriverCallback
midiOutGetDevCapsA
waveOutSetPitch
mciGetDeviceIDW
CloseDriver
midiStreamProperty
mixerSetControlDetails
mixerClose
joySetCapture
mmsystemGetVersion
mciGetDeviceIDA
midiInMessage
waveOutGetErrorTextA
mci32Message
CryptCATCDFEnumMembersByCDFTagEx
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
TrustIsCertificateSelfSigned
CryptCATCatalogInfoFromContext
CryptSIPPutSignedDataMsg
WVTAsn1SpcSigInfoDecode
SoftpubLoadSignature
WVTAsn1SpcSpOpusInfoEncode
SoftpubCleanup
CryptCATEnumerateCatAttr
CryptSIPCreateIndirectData
CryptCATPutAttrInfo
CryptCATEnumerateMember
CryptCATCDFEnumAttributes
MsCatFreeHashTag
WintrustAddActionID
IsCatalogFile
WTHelperGetProvPrivateDataFromChain
CryptCATGetCatAttrInfo
WinVerifyTrust
CryptCATCDFOpen
CryptCATAdminAcquireContext
SoftpubDumpStructure
SoftpubDllRegisterServer
Number of PE resources by type
RT_DIALOG 217
RT_MENU 182
RT_VERSION 1
Number of PE resources by language
ARABIC BAHRAIN 400
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:07:05 01:04:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
90112

LinkerVersion
9.0

FileAccessDate
2014:05:27 09:00:01+01:00

EntryPoint
0x13046

InitializedDataSize
348160

SubsystemVersion
5.0

ImageVersion
6.0

OSVersion
4.0

FileCreateDate
2014:05:27 09:00:01+01:00

UninitializedDataSize
0

File identification
MD5 5a589cfebfc561ffabdb06fa6eb07b6d
SHA1 916fb8aa2cb29bd0cc1a9a0a78d6b88370757710
SHA256 f2615eacb2a244df524250a3aa3bd3038630cb6647e4efed6aa2cae7211bd408
ssdeep
3072:nQH6+fNxdAdeeM2vCKbJJKZiorcMzClWM6te9F8GFycvsuiCtlyXjqie2Lv+4rn:VIn8K2vCcIYM+QVeFlyMiWejxL24r

imphash 2125f07038ce9dfa72940adf840cc37a
File size 260.5 KB ( 266752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-27 08:02:47 UTC ( 2 years, 11 months ago )
Last submission 2014-05-27 08:02:47 UTC ( 2 years, 11 months ago )
File names Ildgjoorm.exe
Yxezeha
vt-upload-w2Cmb
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests